lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20131130134618.GA18768@gmail.com>
Date:	Sat, 30 Nov 2013 14:46:18 +0100
From:	Ingo Molnar <mingo@...nel.org>
To:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc:	"Frank Ch. Eigler" <fche@...hat.com>, linux-arch@...r.kernel.org,
	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	Sandeepa Prabhu <sandeepa.prabhu@...aro.org>, x86@...nel.org,
	lkml <linux-kernel@...r.kernel.org>,
	"Steven Rostedt (Red Hat)" <rostedt@...dmis.org>,
	virtualization@...ts.linux-foundation.org,
	systemtap@...rceware.org, "David S. Miller" <davem@...emloft.net>
Subject: Re: Re: Re: Re: [PATCH -tip v3 00/23] kprobes: introduce
 NOKPROBE_SYMBOL() and general cleaning of kprobe blacklist


* Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote:

> (2013/11/27 22:30), Ingo Molnar wrote:
> > 
> > * Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote:
> > 
> >> (2013/11/22 11:35), Masami Hiramatsu wrote:
> >>> (2013/11/21 16:29), Ingo Molnar wrote:
> >>>>
> >>>> * Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote:
> >>>>
> >>>>> (2013/11/21 2:36), Frank Ch. Eigler wrote:
> >>>>
> >>>> [ ... ]
> >>>>>> one needs to resort to something like:
> >>>>>>
> >>>>>> # cat /proc/kallsyms | grep ' [tT] ' | while read addr type symbol; do
> >>>>>>    perf probe $symbol
> >>>>>> done
> >>>>>>
> >>>>>> then wait for a few hours for that to finish. Then, or while the loop
> >>>>>> is still running, run
> >>>>>>
> >>>>>> # perf record -e 'probe:*' -aR sleep 1
> >>>>>>
> >>>>>> to take a kernel down.
> >>>>>
> >>>>> Um, indeed, current blacklist is not perfect. [...]
> >>>>
> >>>> Then it needs to be fixed ASAP!
> >>>
> >>> OK, I see. At least the two patches included this series
> >>> should be fixed. :)
> >>>
> >>> And more, I need to test all symbols and drills down.
> >>
> >> OK, what I've found was;
> >>  - The functions which can be ftraced look good.
> >>    (see tracing/available_filter_functions)
> >>  - following functions should not be able to be probed.
> >>    - memcpy, memset
> >>    - native_load_sp0 and some other native functions (need to be clear)
> >>    - restore
> >>    - trace_graph_return
> >>    - trace_hardirqs_off_thunk, trace_hardirqs_on_thunk
> >>    - This list still be not perfect. I just enabled/disabled kprobes
> >>      one by one. There might be combined bugs (combination of several
> >>      kprobes).
> >>  - Some of them are hard to specify by NOKPROBE_SYMBOL because they are
> >>    defined in assembly file.
> >>
> >> Anyway, to fix all of them, I think we need file-based blacklist
> >> especially for assembler symbols.
> > 
> > assembler symbols shouldn't be particular hard either, just put them 
> > into the noprobes section.
> 
> Would you mean .kprobes.text? Hmm, I hope not to use it anymore, but 
> yeah, bugfix is more important. Agreed.

No, why not put the symbol address into the 'blacklist' section, 
within the asm file? We fill out exception table entries in .S files 
as well, see the _ASM_EXTABLE() macro, it's possible to do all that. 

It needs not a CPP macro but an assembly macro.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ