lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 26 Mar 2014 16:04:01 +0900
From:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To:	Steven Rostedt <rostedt@...dmis.org>
Cc:	linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
	Jeremy Fitzhardinge <jeremy@...p.org>, x86@...nel.org,
	Andi Kleen <andi@...stfloor.org>,
	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	Arnd Bergmann <arnd@...db.de>,
	Peter Zijlstra <peterz@...radead.org>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	"David S. Miller" <davem@...emloft.net>,
	Chris Wright <chrisw@...s-sol.org>,
	Sandeepa Prabhu <sandeepa.prabhu@...aro.org>, fche@...hat.com,
	mingo@...hat.com, Rob Landley <rob@...dley.net>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Alok Kataria <akataria@...are.com>, systemtap@...rceware.org
Subject: Re: [PATCH -tip v8 04/26] kprobes: Introduce NOKPROBE_SYMBOL() macro
 for blacklist

(2014/03/22 9:49), Steven Rostedt wrote:
> On Wed, 05 Mar 2014 20:59:11 +0900
> Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote:
> 
> 
>>
>> diff --git a/Documentation/kprobes.txt b/Documentation/kprobes.txt
>> index 0cfb00f..7062631 100644
>> --- a/Documentation/kprobes.txt
>> +++ b/Documentation/kprobes.txt
>> @@ -22,8 +22,9 @@ Appendix B: The kprobes sysctl interface
>>  
>>  Kprobes enables you to dynamically break into any kernel routine and
>>  collect debugging and performance information non-disruptively. You
>> -can trap at almost any kernel code address, specifying a handler
>> +can trap at almost any kernel code address(*), specifying a handler
>>  routine to be invoked when the breakpoint is hit.
>> +(*: at some part of kernel code can not be trapped, see 1.5 Blacklist)
> 
> "*: some parts of the kernel code can not be trapped,"
> 
>>  
>>  There are currently three types of probes: kprobes, jprobes, and
>>  kretprobes (also called return probes).  A kprobe can be inserted
>> @@ -273,6 +274,19 @@ using one of the following techniques:
>>   or
>>  - Execute 'sysctl -w debug.kprobes_optimization=n'
>>  
>> +1.5 Blacklist
>> +
>> +Kprobes can probe almost of the kernel except itself. This means
> 
> s/almost/most/
> 
>> +that there are some functions where kprobes cannot probe. Probing
>> +(trapping) such functions can cause recursive trap (e.g. double
> 
>    cause a recursive trap
> 
>> +fault) or at least the nested probe handler never be called.
> 
>   "or the nested probe handler may never be called."
> 
>> +Kprobes manages such functions as a blacklist.
>> +If you want to add a function into the blacklist, you just need
>> +to (1) include linux/kprobes.h and (2) use NOKPROBE_SYMBOL() macro
>> +to specify a blacklisted function.
>> +Kprobes checks given probe address with the blacklist and reject
> 
>   "checks the given probe address against the black list and rejects"
> 
>> +registering if the given address is in the blacklist.
> 
>    registering it, if

Thank you for helping ! :)

>> diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
>> index 4582e8e..7730c1c 100644
>> --- a/arch/x86/include/asm/asm.h
>> +++ b/arch/x86/include/asm/asm.h
>> @@ -57,6 +57,12 @@
>>  	.long (from) - . ;					\
>>  	.long (to) - . + 0x7ffffff0 ;				\
>>  	.popsection
>> +
>> +# define _ASM_NOKPROBE(entry)					\
>> +	.pushsection "_kprobe_blacklist","aw" ;			\
>> +	_ASM_ALIGN ;						\
>> +	_ASM_PTR (entry);					\
>> +	.popsection
>>  #else
>>  # define _ASM_EXTABLE(from,to)					\
>>  	" .pushsection \"__ex_table\",\"a\"\n"			\
>> @@ -71,6 +77,7 @@
>>  	" .long (" #from ") - .\n"				\
>>  	" .long (" #to ") - . + 0x7ffffff0\n"			\
>>  	" .popsection\n"
>> +/* For C file, we already have NOKPROBE_SYMBOL macro */
>>  #endif
>>  
>>  #endif /* _ASM_X86_ASM_H */
>> diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
>> index 1b10af8..4c785fd 100644
>> --- a/arch/x86/kernel/paravirt.c
>> +++ b/arch/x86/kernel/paravirt.c
>> @@ -23,6 +23,7 @@
>>  #include <linux/efi.h>
>>  #include <linux/bcd.h>
>>  #include <linux/highmem.h>
>> +#include <linux/kprobes.h>
>>  
>>  #include <asm/bug.h>
>>  #include <asm/paravirt.h>
>> @@ -389,6 +390,9 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
>>  	.end_context_switch = paravirt_nop,
>>  };
>>  
>> +/* At this point, native_get_debugreg has real function entry */
> 
>   "has a real"

OK, I'll fix them all ;)

Thank you,

-- 
Masami HIRAMATSU
IT Management Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@...achi.com


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ