lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Sep 2017 10:10:12 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Ingo Molnar <mingo@...nel.org>,
        "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>
Cc:     Steven Rostedt <rostedt@...dmis.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Ananth N Mavinakayanahalli <ananth@...ux.vnet.ibm.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H . Peter Anvin" <hpa@...or.com>
Subject: [PATCH -tip v2] Enable optprobe on preepmtive kernel

This patch enables optprobe even with CONFIG_PREEMPT. The
previous patch is https://lkml.org/lkml/2017/5/24/464 .

With Paul's hack (https://lkml.org/lkml/2017/5/25/435),
now synchronize_rcu_tasks() is translated to synchronize_sched()
when TASKS_RCU=n. So this patch just replace the
synchronize_sched() with synchronize_rcu_tasks() and
select TASKS_RCU if PREEMPT=y & OPTPROBES=y. 

Here is the reason why this change is needed.
Since the jump optimized kprobes can replace multiple
instructions, there can be tasks which are interrupted
on the 2nd (or 3rd) instructions. If the kprobe
replaces those instructions by a jump instruction,
when those tasks back to the interrupted place, it is
a middle of the jump instruction and causes a kernel
panic.

To avoid such tragedies in advance, kprobe optimizer
prepare a detour route using normal kprobe (e.g.
int3 breakpoint on x86), and wait for the tasks which
is interrrupted on such place by synchronize_sched()
when CONFIG_PREEMPT=n.

If CONFIG_PREEMPT=y, things be more complicated, because
such interrupted thread can be preempted (other thread
can be scheduled in interrupt handler.) This means we
can not ensure all tasks run in safe zone by
synchronize_sched().

However, we have synchronize_rcu_tasks() which can
ensure that all preempted tasks back on track and
scheduled. kprobes optimizer can wait for those preempted
tasks scheduled normally by synchronize_rcu_tasks().

Thank you,

---

Masami Hiramatsu (1):
      kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT


 arch/Kconfig     |    2 +-
 kernel/kprobes.c |   18 +++++++++++++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

--
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ