lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140321204917.636820fa@gandalf.local.home>
Date:	Fri, 21 Mar 2014 20:49:17 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc:	linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
	Jeremy Fitzhardinge <jeremy@...p.org>, x86@...nel.org,
	Andi Kleen <andi@...stfloor.org>,
	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	Arnd Bergmann <arnd@...db.de>,
	Peter Zijlstra <peterz@...radead.org>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	"David S. Miller" <davem@...emloft.net>,
	Chris Wright <chrisw@...s-sol.org>,
	Sandeepa Prabhu <sandeepa.prabhu@...aro.org>, fche@...hat.com,
	mingo@...hat.com, Rob Landley <rob@...dley.net>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Alok Kataria <akataria@...are.com>, systemtap@...rceware.org
Subject: Re: [PATCH -tip v8 04/26] kprobes: Introduce NOKPROBE_SYMBOL()
 macro for blacklist

On Wed, 05 Mar 2014 20:59:11 +0900
Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote:


> 
> diff --git a/Documentation/kprobes.txt b/Documentation/kprobes.txt
> index 0cfb00f..7062631 100644
> --- a/Documentation/kprobes.txt
> +++ b/Documentation/kprobes.txt
> @@ -22,8 +22,9 @@ Appendix B: The kprobes sysctl interface
>  
>  Kprobes enables you to dynamically break into any kernel routine and
>  collect debugging and performance information non-disruptively. You
> -can trap at almost any kernel code address, specifying a handler
> +can trap at almost any kernel code address(*), specifying a handler
>  routine to be invoked when the breakpoint is hit.
> +(*: at some part of kernel code can not be trapped, see 1.5 Blacklist)

"*: some parts of the kernel code can not be trapped,"

>  
>  There are currently three types of probes: kprobes, jprobes, and
>  kretprobes (also called return probes).  A kprobe can be inserted
> @@ -273,6 +274,19 @@ using one of the following techniques:
>   or
>  - Execute 'sysctl -w debug.kprobes_optimization=n'
>  
> +1.5 Blacklist
> +
> +Kprobes can probe almost of the kernel except itself. This means

s/almost/most/

> +that there are some functions where kprobes cannot probe. Probing
> +(trapping) such functions can cause recursive trap (e.g. double

   cause a recursive trap

> +fault) or at least the nested probe handler never be called.

  "or the nested probe handler may never be called."

> +Kprobes manages such functions as a blacklist.
> +If you want to add a function into the blacklist, you just need
> +to (1) include linux/kprobes.h and (2) use NOKPROBE_SYMBOL() macro
> +to specify a blacklisted function.
> +Kprobes checks given probe address with the blacklist and reject

  "checks the given probe address against the black list and rejects"

> +registering if the given address is in the blacklist.

   registering it, if

> +
>  2. Architectures Supported
>  
>  Kprobes, jprobes, and return probes are implemented on the following
> diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
> index 4582e8e..7730c1c 100644
> --- a/arch/x86/include/asm/asm.h
> +++ b/arch/x86/include/asm/asm.h
> @@ -57,6 +57,12 @@
>  	.long (from) - . ;					\
>  	.long (to) - . + 0x7ffffff0 ;				\
>  	.popsection
> +
> +# define _ASM_NOKPROBE(entry)					\
> +	.pushsection "_kprobe_blacklist","aw" ;			\
> +	_ASM_ALIGN ;						\
> +	_ASM_PTR (entry);					\
> +	.popsection
>  #else
>  # define _ASM_EXTABLE(from,to)					\
>  	" .pushsection \"__ex_table\",\"a\"\n"			\
> @@ -71,6 +77,7 @@
>  	" .long (" #from ") - .\n"				\
>  	" .long (" #to ") - . + 0x7ffffff0\n"			\
>  	" .popsection\n"
> +/* For C file, we already have NOKPROBE_SYMBOL macro */
>  #endif
>  
>  #endif /* _ASM_X86_ASM_H */
> diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
> index 1b10af8..4c785fd 100644
> --- a/arch/x86/kernel/paravirt.c
> +++ b/arch/x86/kernel/paravirt.c
> @@ -23,6 +23,7 @@
>  #include <linux/efi.h>
>  #include <linux/bcd.h>
>  #include <linux/highmem.h>
> +#include <linux/kprobes.h>
>  
>  #include <asm/bug.h>
>  #include <asm/paravirt.h>
> @@ -389,6 +390,9 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
>  	.end_context_switch = paravirt_nop,
>  };
>  
> +/* At this point, native_get_debugreg has real function entry */

  "has a real"

-- Steve

> +NOKPROBE_SYMBOL(native_get_debugreg);
> +
>  struct pv_apic_ops pv_apic_ops = {
>  #ifdef CONFIG_X86_LOCAL_APIC
>  	.startup_ipi_hook = paravirt_nop,
> diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
> index bc2121f..81d07d5 100644
> --- a/include/asm-generic/vmlinux.lds.h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ