| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTimjHiaZ+b03FLb1LX=ycv=cAVyJZw@mail.gmail.com> Date: Thu, 12 May 2011 23:30:16 +0200 From: Stephane Eranian <eranian@...gle.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Arnaldo Carvalho de Melo <acme@...hat.com>, LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu> Subject: Re: [BUG] perf: bogus correlation of kernel symbols The other contradiction, I see, is that you have perf_event paranoia level and this new kptr masquerading feature which conflict with each other. You can be allowed to monitor at the kernel level (paranoid=1, default) but you cannot correlate symbols: $ perf record -e cycles:k foo I suspect if you have this kptr thing turned on, then you need to disallow monitoring at the kernel level too. On Thu, May 12, 2011 at 11:07 PM, Stephane Eranian <eranian@...gle.com> wrote: > On Thu, May 12, 2011 at 10:31 PM, Linus Torvalds > <torvalds@...ux-foundation.org> wrote: >> >> On Thu, May 12, 2011 at 7:48 AM, Stephane Eranian <eranian@...gle.com> wrote: >> > >> > I think there is a serious problem with kernel symbol correlation >> > with the latest perf in 2.6.39-rc7-tip. >> >> Yeah. It's annoying. It's a "perf" bug, though - triggered by >> /proc/sys/kernel/kptr_restrict being set to 1. >> > I did not know about this new masquerading of pointers in /proc/kallsyms. > That certainly explains the problem. > >> >> The bug is that perf doesn't say "I can't match kernel symbols", but >> instead does some crazy matching and gives total crap module >> information (I think it just picks the one that shows up last in >> /proc/kallsyms). >> > But I agree perf must not silently return bogus information. It > should print a big warning message and/or fallback to printing the raw > addresses. So much for having perf in the kernel source tree to > keep things in sync... > >> >> That said, I have considered just reverting the thing that makes >> kptr_restrict be 1 by default. I do like the security implications of >> restricting visibility into kernel pointers, but I also think that >> security rules that make the system less usable are dubious. So I >> dunno. >> > I am not clear as to what people could actually do with the addresses > taken out of /proc/kallsyms. Looks to me like we've lost functionality > for the vast majority of users. So maybe the default should be inverted. > > I know of a somewhat similar issue with the file descriptor limit which > people are hitting frequently these days when monitoring apps with lots > of threads or lots of events in one run on large smp systems. > That can easily be corrected by again requires root privilege to regain > the functionality. > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists