| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Jul 2015 17:19:20 +0530
From: Pratyush Anand <panand@...hat.com>
To: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc: linux-arm-kernel@...ts.infradead.org, linux@....linux.org.uk,
catalin.marinas@....com, will.deacon@....com,
linux-kernel@...r.kernel.org, wcohen@...hat.com,
dave.long@...aro.org, steve.capper@...aro.org
Subject: Re: [PATCH 1/2] arm64: Blacklist non-kprobe-able symbols
On 06/07/2015:08:11:19 PM, Masami Hiramatsu wrote:
> On 2015/07/06 14:03, Pratyush Anand wrote:
> > Add all function symbols which are called from do_debug_exception under
> > NOKPROBE_SYMBOL, as they can not kprobed.
>
> Could you tell me how you checked that? from the code?
Well.. I found out that some of the symbol like single_step_handler
does not allow kprobing, and then it seemed logical to me that we
should not allow kprobing of any symbols which are called in the path
of do_debug_exception. So, manually :( I reviewed the code and put
NOKPROBE_SYMBOL across all those.
However, now I am doing some more tests and as I said in previous
reply, there are still few symbols like (_mcount) which is creating
problem with following simple test and I need to look into that. In
case of _mcount, I do not see any print and its complete freeze.
#!/bin/sh
grep ' [tT] ' /proc/kallsyms | fgrep -v '[' | awk '{print $3}' > syms.list
count=0
for i in `cat syms.list`;
do
if [ $count == 0 ]
then
echo 0 > /sys/kernel/debug/tracing/events/enable
echo > /sys/kernel/debug/tracing/kprobe_events
cat /sys/kernel/debug/tracing/kprobe_events
fi
count=`expr $count + 1`;
echo "p $i" >> /sys/kernel/debug/tracing/kprobe_events ;
echo $i $count;
if [ $count == 100 ]
then
cat /sys/kernel/debug/tracing/kprobe_events
echo 1 > /sys/kernel/debug/tracing/events/enable
sleep 1
cat /sys/kernel/debug/tracing/trace
count=0
fi
done
I understand that above test does not make sure that kprobed function
is called during test. Since at present this basic test is not
running, so I am not doing anything to exercise more and more kernel
paths. May be I will do that as second step..In fact at present, no
idea how can be done that extensively.
~Pratyush
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists