lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20150709135335.GC16331@dhcppc13.redhat.com>
Date:	Thu, 9 Jul 2015 19:23:35 +0530
From:	Pratyush Anand <panand@...hat.com>
To:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	will.deacon@....com
Cc:	linux-arm-kernel@...ts.infradead.org, linux@....linux.org.uk,
	catalin.marinas@....com, linux-kernel@...r.kernel.org,
	wcohen@...hat.com, dave.long@...aro.org, steve.capper@...aro.org
Subject: Re: [PATCH 1/2] arm64: Blacklist non-kprobe-able symbols

On 06/07/2015:05:19:20 PM, Pratyush Anand wrote:
> On 06/07/2015:08:11:19 PM, Masami Hiramatsu wrote:
> > On 2015/07/06 14:03, Pratyush Anand wrote:
> > > Add all function symbols which are called from do_debug_exception under
> > > NOKPROBE_SYMBOL, as they can not kprobed.
> > 
> > Could you tell me how you checked that? from the code?
> 
> Well.. I found out that some of the symbol like single_step_handler
> does not allow kprobing, and then it seemed logical to me that we
> should not allow kprobing of any symbols which are called in the path
> of do_debug_exception. So, manually :( I reviewed the code and put
> NOKPROBE_SYMBOL across all those.
> 
> However, now I am doing some more tests  and as I said in previous
> reply, there are still few symbols like (_mcount) which is creating
> problem with following simple test and I need to look into that. In
> case of _mcount, I do not see any print and its complete freeze.
> 

Once these two patches are applied, I do not see any issue (at least)
in enabling kprobes for all the symbols of /proc/kallsyms, except
_mcount. Blacklisting _mcount seems reasonable to me, as this is
called from every function and so from do_debug_exception as well.

There might still be some path which can create issue if a kprobe is
inserted there, but I do not see any way to find them. So,
I will send V2 with following updates.Please let me know if there is
any other concern.

--- a/arch/arm64/kernel/arm64ksyms.c
+++ b/arch/arm64/kernel/arm64ksyms.c
@@ -26,6 +26,7 @@
#include <linux/syscalls.h>
#include <linux/uaccess.h>
#include <linux/io.h>
+#include <linux/kprobes.h>
    
#include <asm/checksum.h>
      
@@ -64,4 +65,5 @@ EXPORT_SYMBOL(test_and_change_bit);
       
#ifdef CONFIG_FUNCTION_TRACER
EXPORT_SYMBOL(_mcount);
+NOKPROBE_SYMBOL(_mcount);
#endif

~Pratyush

PS:
Some related details are here:
http://marc.info/?l=linux-kernel&m=143644472722751
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ