lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 10 Oct 2019 12:59:15 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     LKML <linux-kernel@...r.kernel.org>, Jessica Yu <jeyu@...nel.org>,
        Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCH] ftrace/module: Allow ftrace to make only loaded module
 text read-write

On Thu, 10 Oct 2019 10:55:15 -0400
Steven Rostedt <rostedt@...dmis.org> wrote:

I'll try to add more detail (mapping to functions)

> 
> OK, so basically this moves the enabling of function tracing from
> within the ftrace_module_enable() code without releasing the
> ftrace_lock mutex.
> 
> But we have an issue with the state of the module here, as it is still
> set as MODULE_STATE_UNFORMED. Let's look at what happens if we have:
> 
> 
> 	CPU0				CPU1
> 	----				----
>  echo function > current_tracer

Just need to know that the above will now have all loaded modules have
their functions being traced. That is ftrace_startup > 0.


> 				modprobe foo
> 				  enable foo functions to be traced
> 				  (foo function records not disabled)

In your code, we have here:
				load_module()
				  foo->state == UNFORMED

				  ftrace_module_init()
				    ftrace_process_locs()
				      mutex_lock(ftrace_lock);
				       __ftrace_replace_code(rec, 1)
				      /* Enabling foo's functions */
				      mutex_unlock(ftrace_lock);

				  

>  echo nop > current_tracer
> 
>    disable all functions being
>    traced including foo functions

ftrace_shutdown()
  ftrace_run_update_code()
    ftrace_arch_code_modify_prepare()

    [ on arm and nds32 ]
> 
>    arch calls set_all_modules_text_rw()
>     [skips UNFORMED modules, which foo still is ]
> 
> 				  set foo's text to read-only
> 				  foo's state to COMING

				  complete_formation()
				    module_enable_ro()

> 
>    tries to disable foo's functions
>    foo's text is read-only

    arch_ftrace_update_code()
      ftrace_modify_all_code()

      [ Includes foo's functions ]

> 
>    BUG trying to write to ro text!!!

Hope that makes more sense.

-- Steve

> 
> 
> Like I said, this is very subtle. It may no longer be a bug on x86
> with your patches, but it will bug on ARM or anything else that still
> uses set_all_modules_text_rw() in the ftrace prepare code.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ