| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55AB166B.9040509@hitachi.com>
Date: Sun, 19 Jul 2015 12:15:55 +0900
From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To: Ingo Molnar <mingo@...nel.org>
CC: Pratyush Anand <panand@...hat.com>,
Ananth N Mavinakayanahalli <ananth@...ibm.com>,
Rusty Russell <rusty@...tcorp.com.au>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...hat.com>, Rob Landley <rob@...dley.net>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH tip/master 1/3] kprobes: Support blacklist functions in
module
On 2015/07/17 21:10, Ingo Molnar wrote:
>
> * Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote:
>
>> To blacklist the functions in a module (e.g. user-defined
>> kprobe handler and the functions invoked from it), expand
>> blacklist support for modules.
>> With this change, users can use NOKPROBE_SYMBOL() macro in
>> their own modules.
>
> Btw., whatever happened with renaming '__kprobes' to '__nokprobe' and using that
> consistently to blacklist certain functions?
Yes, in this part, __kprobes marked functions placed in .kprobes.text section
are safely added to the blacklist :)
-----
+ if (err >= 0 && __kprobes_text_start != __kprobes_text_end) {
+ /* The __kprobes marked functions must not be probed */
+ err = kprobe_blacklist_add_range(
+ (unsigned long)__kprobes_text_start,
+ (unsigned long)__kprobes_text_end);
+ }
-----
>
> Also, shouldn't we convert such instances:
>
> static int notifier_call_chain(struct notifier_block **nl,
> unsigned long val, void *v,
> int nr_to_call, int *nr_calls)
>
> ...
>
> NOKPROBE_SYMBOL(notifier_call_chain);
>
> to:
>
> static int __nokprobe notifier_call_chain(struct notifier_block **nl,
> unsigned long val, void *v,
> int nr_to_call, int *nr_calls)
>
> ?
For some symbols we can do that. But it can conflict with other __section
attributes e.g. __sched, since a function must be placed in only one
section. So, IMHO, using section for expressing its attribute is not
a good idea, but I couldn't find another option in common function attribute.
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#Common-Function-Attributes
Thus I've introduced NOKPROBE_SYMBOL macro which stores the target function
addresses (not the function itself) in the _kprobe_blacklist section.
Thank you,
>
> I.e. instead of extending it to modules we should eliminate NOKPROBE_SYMBOL() in
> favor of marking functions as __nokprobe which is the standard syntax for marking
> functions.
>
> Thanks,
>
> Ingo
>
--
Masami HIRAMATSU
Linux Technology Research Center, System Productivity Research Dept.
Center for Technology Innovation - Systems Engineering
Hitachi, Ltd., Research & Development Group
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists