| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201010221504.51535.rusty@rustcorp.com.au> Date: Fri, 22 Oct 2010 15:04:51 +1030 From: Rusty Russell <rusty@...tcorp.com.au> To: Steven Rostedt <rostedt@...dmis.org> Cc: LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>, Frederic Weisbecker <fweisbec@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Thomas Gleixner <tglx@...utronix.de>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from using trace_bprintk() On Fri, 22 Oct 2010 02:28:38 pm Steven Rostedt wrote: > On Fri, 2010-10-22 at 14:13 +1030, Rusty Russell wrote: > > > > > > > > > I think disabling use in modules is lazy, > > > > > > and safer. > > > > Well then just delete trace_bprintk altogether. Even safer! > > Reminds me of the argument against lowering the speed limit to 55. "it's > safer"... "Then lower it to zero, even safer!" > > > > > > > > Can't you detect this on module unload and fix it up? Or delay freeing the > > > > module until the trace ring is emptied? > > > > > > One possibility is to magically make all string formats used in > > > trace_printk into its own section, and keep it allocated until the ring > > > buffer is empty. Or, we can just do that with the module's entire string > > > section, since we know whether or not that module has a trace_printk in > > > it or not. > > > > Exactly. Set a flag in the module if it resolves trace_printk, and defer freeing > > the module in that case. This shouldn't be that hard... > > Here's my worry. > > 1) Some module with tracepoints is loaded at boot up. > 2) The user does tracing and forgets about it (ring buffer filled) > 3) Unloads module (don't free) > 4) loads module with trace points > 5) unloads module (don't free) > etc, etc > > memory leak. Sure. Then mark the rb count or something in the module at init time, then compare before deciding too dangerous to free. > Thus this is not that trivial. We probably need to have a way to lock a > module when its tracepoint is activated, and only unlock it when the > ring buffer is emptied. How about the intuitive and completely obvious thing? When a tp activated, use the module. When deactivated, unuse it? > Do we want to prevent the module from being unloaded while the ring > buffer is full (after that module has been traced?), or do we let the > module be unloaded, but just prevent this one section from being freed? I was thinking the latter, basically defer the module_free() call. Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists