| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Nov 2013 14:46:18 +0100 From: Ingo Molnar <mingo@...nel.org> To: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> Cc: "Frank Ch. Eigler" <fche@...hat.com>, linux-arch@...r.kernel.org, Ananth N Mavinakayanahalli <ananth@...ibm.com>, Sandeepa Prabhu <sandeepa.prabhu@...aro.org>, x86@...nel.org, lkml <linux-kernel@...r.kernel.org>, "Steven Rostedt (Red Hat)" <rostedt@...dmis.org>, virtualization@...ts.linux-foundation.org, systemtap@...rceware.org, "David S. Miller" <davem@...emloft.net> Subject: Re: Re: Re: Re: [PATCH -tip v3 00/23] kprobes: introduce NOKPROBE_SYMBOL() and general cleaning of kprobe blacklist * Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote: > (2013/11/27 22:30), Ingo Molnar wrote: > > > > * Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote: > > > >> (2013/11/22 11:35), Masami Hiramatsu wrote: > >>> (2013/11/21 16:29), Ingo Molnar wrote: > >>>> > >>>> * Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote: > >>>> > >>>>> (2013/11/21 2:36), Frank Ch. Eigler wrote: > >>>> > >>>> [ ... ] > >>>>>> one needs to resort to something like: > >>>>>> > >>>>>> # cat /proc/kallsyms | grep ' [tT] ' | while read addr type symbol; do > >>>>>> perf probe $symbol > >>>>>> done > >>>>>> > >>>>>> then wait for a few hours for that to finish. Then, or while the loop > >>>>>> is still running, run > >>>>>> > >>>>>> # perf record -e 'probe:*' -aR sleep 1 > >>>>>> > >>>>>> to take a kernel down. > >>>>> > >>>>> Um, indeed, current blacklist is not perfect. [...] > >>>> > >>>> Then it needs to be fixed ASAP! > >>> > >>> OK, I see. At least the two patches included this series > >>> should be fixed. :) > >>> > >>> And more, I need to test all symbols and drills down. > >> > >> OK, what I've found was; > >> - The functions which can be ftraced look good. > >> (see tracing/available_filter_functions) > >> - following functions should not be able to be probed. > >> - memcpy, memset > >> - native_load_sp0 and some other native functions (need to be clear) > >> - restore > >> - trace_graph_return > >> - trace_hardirqs_off_thunk, trace_hardirqs_on_thunk > >> - This list still be not perfect. I just enabled/disabled kprobes > >> one by one. There might be combined bugs (combination of several > >> kprobes). > >> - Some of them are hard to specify by NOKPROBE_SYMBOL because they are > >> defined in assembly file. > >> > >> Anyway, to fix all of them, I think we need file-based blacklist > >> especially for assembler symbols. > > > > assembler symbols shouldn't be particular hard either, just put them > > into the noprobes section. > > Would you mean .kprobes.text? Hmm, I hope not to use it anymore, but > yeah, bugfix is more important. Agreed. No, why not put the symbol address into the 'blacklist' section, within the asm file? We fill out exception table entries in .S files as well, see the _ASM_EXTABLE() macro, it's possible to do all that. It needs not a CPP macro but an assembly macro. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists