| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181207175805.GA1369@Dell>
Date: Fri, 7 Dec 2018 18:58:05 +0100
From: Andrea Righi <righi.andrea@...il.com>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>,
Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
"David S. Miller" <davem@...emloft.net>,
Yonghong Song <yhs@...com>, Andy Lutomirski <luto@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kprobes: x86_64: blacklist non-attachable interrupt
functions
On Sat, Dec 08, 2018 at 01:01:20AM +0900, Masami Hiramatsu wrote:
> Hi Andrea and Ingo,
>
> Here is the patch what I meant. I just ran it on qemu-x86, and seemed working.
> After introducing this patch, I will start adding arch_populate_kprobe_blacklist()
> to some arches.
>
> Thank you,
>
> [RFC] kprobes: x86/kprobes: Blacklist symbols in arch-defined prohibited area
>
> From: Masami Hiramatsu <mhiramat@...nel.org>
>
> Blacklist symbols in arch-defined probe-prohibited areas.
> With this change, user can see all symbols which are prohibited
> to probe in debugfs.
>
> All archtectures which have custom prohibit areas should define
> its own arch_populate_kprobe_blacklist() function, but unless that,
> all symbols marked __kprobes are blacklisted.
What about iterating all symbols and use arch_within_kprobe_blacklist()
to check if we need to blacklist them or not.
In this way we don't have to introduce an
arch_populate_kprobe_blacklist() for each architecture.
Something like the following maybe.
Thanks.
[RFC] kprobes: blacklist all symbols in arch-defined prohibited area
From: Andrea Righi <righi.andrea@...il.com>
Blacklist symbols in arch-defined probe-prohibited areas.
With this change, user can see all symbols which are prohibited
to probe in debugfs.
Signed-off-by: Masami Hiramatsu <mhiramat@...nel.org>
Signed-off-by: Andrea Righi <righi.andrea@...il.com>
---
kernel/kprobes.c | 55 +++++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 41 insertions(+), 14 deletions(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 90e98e233647..e67598dd7468 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -2093,6 +2093,35 @@ void dump_kprobe(struct kprobe *kp)
}
NOKPROBE_SYMBOL(dump_kprobe);
+static int kprobe_blacklist_add(unsigned long entry)
+{
+ struct kprobe_blacklist_entry *ent;
+ unsigned long offset = 0, size = 0;
+
+ if (!kernel_text_address(entry) ||
+ !kallsyms_lookup_size_offset(entry, &size, &offset))
+ return -EINVAL;
+
+ ent = kmalloc(sizeof(*ent), GFP_KERNEL);
+ if (!ent)
+ return -ENOMEM;
+ ent->start_addr = entry;
+ ent->end_addr = entry + size;
+ INIT_LIST_HEAD(&ent->list);
+ list_add_tail(&ent->list, &kprobe_blacklist);
+
+ return 0;
+}
+
+static int arch_populate_kprobe_blacklist(void *data, const char *name,
+ struct module *mod,
+ unsigned long entry)
+{
+ if (arch_within_kprobe_blacklist(entry))
+ kprobe_blacklist_add(entry);
+ return 0;
+}
+
/*
* Lookup and populate the kprobe_blacklist.
*
@@ -2104,24 +2133,22 @@ NOKPROBE_SYMBOL(dump_kprobe);
static int __init populate_kprobe_blacklist(unsigned long *start,
unsigned long *end)
{
- unsigned long *iter;
- struct kprobe_blacklist_entry *ent;
- unsigned long entry, offset = 0, size = 0;
+ unsigned long entry, *iter;
+ int ret;
+ /* Blacklist all arch_within_kprobe_blacklist() symbols */
+ mutex_lock(&module_mutex);
+ kallsyms_on_each_symbol(arch_populate_kprobe_blacklist, NULL);
+ mutex_unlock(&module_mutex);
+
+ /* Add explicitly blacklisted symbols */
for (iter = start; iter < end; iter++) {
entry = arch_deref_entry_point((void *)*iter);
-
- if (!kernel_text_address(entry) ||
- !kallsyms_lookup_size_offset(entry, &size, &offset))
+ ret = kprobe_blacklist_add(entry);
+ if (ret == -EINVAL)
continue;
-
- ent = kmalloc(sizeof(*ent), GFP_KERNEL);
- if (!ent)
- return -ENOMEM;
- ent->start_addr = entry;
- ent->end_addr = entry + size;
- INIT_LIST_HEAD(&ent->list);
- list_add_tail(&ent->list, &kprobe_blacklist);
+ if (ret < 0)
+ return ret;
}
return 0;
}
Powered by blists - more mailing lists