lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <544754BD.3010309@hitachi.com>
Date:	Wed, 22 Oct 2014 15:54:53 +0900
From:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	linux-kernel@...r.kernel.org, Josh Poimboeuf <jpoimboe@...hat.com>,
	Seth Jennings <sjenning@...hat.com>
Subject: Re: [PATCH] kprobes: add kprobe_is_function_probed()

(2014/10/22 15:02), Jiri Kosina wrote:
> On Wed, 22 Oct 2014, Masami Hiramatsu wrote:
> 
>>> Add a function that allows external users (such as live patching 
>>> mechanisms) to check whether a given function (identified by symbol name) 
>>> has a kprobe installed in it.
>>
>> Actually, we've already exported the list of kprobes with probe points
>> (symbols) via debugfs. Please check /sys/kernel/debug/kprobes/list :)
> 
> Yes, I know, and kprobe_is_function_probed() is performing very similar 
> thing that show_kprobe_addr() is doing.
> But we'd like to be able to check this from within a kernel module (the 
> patch module) and issue WARN().
> 
> Otherwise we'll need to have a machinery in userspace before insmod which 
> will look up the functions in the module and compare them to the 
> debufs-provided interface.
> 
> Also, I don't think we want to be dependent on debugfs being mounted and 
> discoverable, etc ...

OK, and even if so, since there is no user of this function, at this point
we can not merge this. I'd like to wait until live patching.

BTW, if your tool is in kernel, you can use get_kprobe(addr) to check
there is kprobes on a given address. And of course you can use kallsyms
to get the address range of given function. Moreover, as Josh pointed,
there are several same name functions in kernel. I think this kind of
function should better provide address-base interface.

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@...achi.com


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ