| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Feb 2019 09:15:19 +0000
From: Will Deacon <will.deacon@....com>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: James Morse <james.morse@....com>,
Catalin Marinas <catalin.marinas@....com>,
Pratyush Anand <panand@...hat.com>,
"David A . Long" <dave.long@...aro.org>,
linux-arm-kernel@...ts.infradead.org,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 4/4] arm64: kprobes: Use
arch_populate_kprobe_blacklist()
Hi Masami,
On Mon, Jan 21, 2019 at 10:25:58PM +0900, Masami Hiramatsu wrote:
> On Mon, 21 Jan 2019 12:20:07 +0000
> James Morse <james.morse@....com> wrote:
> > On 15/01/2019 06:25, Masami Hiramatsu wrote:
> > > Use arch_populate_kprobe_blacklist() instead of
> > > arch_within_kprobe_blacklist() so that we can see the full
> > > blacklisted symbols under the debugfs.
> > > diff --git a/arch/arm64/kernel/probes/kprobes.c b/arch/arm64/kernel/probes/kprobes.c
> > > index b9e9758b6534..6c066c34c8a4 100644
> > > --- a/arch/arm64/kernel/probes/kprobes.c
> > > +++ b/arch/arm64/kernel/probes/kprobes.c
> > > @@ -465,26 +465,30 @@ kprobe_breakpoint_handler(struct pt_regs *regs, unsigned int esr)
> > > return DBG_HOOK_HANDLED;
> > > }
> > >
> > > -bool arch_within_kprobe_blacklist(unsigned long addr)
> > > +int __init arch_populate_kprobe_blacklist(void)
> > > {
> > > - if ((addr >= (unsigned long)__kprobes_text_start &&
> > > - addr < (unsigned long)__kprobes_text_end) ||
> > > - (addr >= (unsigned long)__entry_text_start &&
> > > - addr < (unsigned long)__entry_text_end) ||
> > > - (addr >= (unsigned long)__idmap_text_start &&
> > > - addr < (unsigned long)__idmap_text_end) ||
> >
> > > - in_exception_text(addr))
> >
> > You added this one in the previous patch, but it disappears here.
>
> Yes, it is easy to explain how we transcribe from
> arch_within_kprobe_blacklist() to arch_populate_kprobe_blacklist().
>
> >
> >
> > > - return true;
> > > -
> > > - if (!is_kernel_in_hyp_mode()) {
> > > - if ((addr >= (unsigned long)__hyp_text_start &&
> > > - addr < (unsigned long)__hyp_text_end) ||
> > > - (addr >= (unsigned long)__hyp_idmap_text_start &&
> > > - addr < (unsigned long)__hyp_idmap_text_end))
> > > - return true;
> > > - }
> > > -
> > > - return false;
> > > + int ret;
> >
> >
> > > + ret = kprobe_add_area_blacklist((unsigned long)__kprobes_text_start,
> > > + (unsigned long)__kprobes_text_end);
> > > + if (ret)
> > > + return ret;
> >
> > Now that we have arch_populate_kprobe_blacklist(), does the arch-code need to
> > blacklist the kprobes section itself?
>
> Ah, good catch! No, we don't need it here. Sorry I worked on older patch.
> I'll update it.
Did you send a new version of this series? I can't seem to spot it in my
inbox.
Cheers,
Will
Powered by blists - more mailing lists