lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Jul 2015 12:15:55 +0900 From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> To: Ingo Molnar <mingo@...nel.org> CC: Pratyush Anand <panand@...hat.com>, Ananth N Mavinakayanahalli <ananth@...ibm.com>, Rusty Russell <rusty@...tcorp.com.au>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...hat.com>, Rob Landley <rob@...dley.net>, "H. Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de>, "David S. Miller" <davem@...emloft.net> Subject: Re: [PATCH tip/master 1/3] kprobes: Support blacklist functions in module On 2015/07/17 21:10, Ingo Molnar wrote: > > * Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> wrote: > >> To blacklist the functions in a module (e.g. user-defined >> kprobe handler and the functions invoked from it), expand >> blacklist support for modules. >> With this change, users can use NOKPROBE_SYMBOL() macro in >> their own modules. > > Btw., whatever happened with renaming '__kprobes' to '__nokprobe' and using that > consistently to blacklist certain functions? Yes, in this part, __kprobes marked functions placed in .kprobes.text section are safely added to the blacklist :) ----- + if (err >= 0 && __kprobes_text_start != __kprobes_text_end) { + /* The __kprobes marked functions must not be probed */ + err = kprobe_blacklist_add_range( + (unsigned long)__kprobes_text_start, + (unsigned long)__kprobes_text_end); + } ----- > > Also, shouldn't we convert such instances: > > static int notifier_call_chain(struct notifier_block **nl, > unsigned long val, void *v, > int nr_to_call, int *nr_calls) > > ... > > NOKPROBE_SYMBOL(notifier_call_chain); > > to: > > static int __nokprobe notifier_call_chain(struct notifier_block **nl, > unsigned long val, void *v, > int nr_to_call, int *nr_calls) > > ? For some symbols we can do that. But it can conflict with other __section attributes e.g. __sched, since a function must be placed in only one section. So, IMHO, using section for expressing its attribute is not a good idea, but I couldn't find another option in common function attribute. https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#Common-Function-Attributes Thus I've introduced NOKPROBE_SYMBOL macro which stores the target function addresses (not the function itself) in the _kprobe_blacklist section. Thank you, > > I.e. instead of extending it to modules we should eliminate NOKPROBE_SYMBOL() in > favor of marking functions as __nokprobe which is the standard syntax for marking > functions. > > Thanks, > > Ingo > -- Masami HIRAMATSU Linux Technology Research Center, System Productivity Research Dept. Center for Technology Innovation - Systems Engineering Hitachi, Ltd., Research & Development Group E-mail: masami.hiramatsu.pt@...achi.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists