lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150706114920.GB17305@dhcppc13.redhat.com>
Date:	Mon, 6 Jul 2015 17:19:20 +0530
From:	Pratyush Anand <panand@...hat.com>
To:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc:	linux-arm-kernel@...ts.infradead.org, linux@....linux.org.uk,
	catalin.marinas@....com, will.deacon@....com,
	linux-kernel@...r.kernel.org, wcohen@...hat.com,
	dave.long@...aro.org, steve.capper@...aro.org
Subject: Re: [PATCH 1/2] arm64: Blacklist non-kprobe-able symbols

On 06/07/2015:08:11:19 PM, Masami Hiramatsu wrote:
> On 2015/07/06 14:03, Pratyush Anand wrote:
> > Add all function symbols which are called from do_debug_exception under
> > NOKPROBE_SYMBOL, as they can not kprobed.
> 
> Could you tell me how you checked that? from the code?

Well.. I found out that some of the symbol like single_step_handler
does not allow kprobing, and then it seemed logical to me that we
should not allow kprobing of any symbols which are called in the path
of do_debug_exception. So, manually :( I reviewed the code and put
NOKPROBE_SYMBOL across all those.

However, now I am doing some more tests  and as I said in previous
reply, there are still few symbols like (_mcount) which is creating
problem with following simple test and I need to look into that. In
case of _mcount, I do not see any print and its complete freeze.

#!/bin/sh
grep ' [tT] ' /proc/kallsyms | fgrep -v '[' | awk '{print $3}' > syms.list
count=0
for i in `cat syms.list`;
do
	if [ $count == 0 ]
	then
    		echo 0 > /sys/kernel/debug/tracing/events/enable
		echo > /sys/kernel/debug/tracing/kprobe_events
		cat /sys/kernel/debug/tracing/kprobe_events
	fi
	count=`expr $count + 1`;
	echo "p $i" >> /sys/kernel/debug/tracing/kprobe_events ;
	echo $i $count;
	if [ $count == 100 ]
	then
		cat /sys/kernel/debug/tracing/kprobe_events
		echo 1 >  /sys/kernel/debug/tracing/events/enable
		sleep 1
		cat /sys/kernel/debug/tracing/trace
		count=0
	fi
done

I understand that above test does not make sure that kprobed function
is called during test. Since at present this basic test is not
running, so I am not doing anything to exercise more and more kernel
paths.  May be I will do that as second step..In fact at present, no
idea how can be done that extensively.

~Pratyush
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ