lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200716173628.GE14135@linux.intel.com>
Date:   Thu, 16 Jul 2020 20:36:28 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Masami Hiramatsu <mhiramat@...nel.org>
Cc:     linux-kernel@...r.kernel.org, x86@...r.kernel.org,
        Andi Kleen <ak@...ux.intel.com>, Jessica Yu <jeyu@...nel.org>,
        "Naveen N. Rao" <naveen.n.rao@...ux.ibm.com>,
        Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
        "David S. Miller" <davem@...emloft.net>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH v3 3/3] kprobes: Flag out CONFIG_MODULES dependent code

On Wed, Jul 15, 2020 at 05:35:24PM +0900, Masami Hiramatsu wrote:
> Hi Jarkko,
> 
> On Wed, 15 Jul 2020 01:32:29 +0300
> Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> wrote:
> 
> > Remove CONFIG_MODULES dependency by flagging out the dependent code. This
> > allows to use kprobes in a kernel without support for loadable modules,
> > which could be useful for a test kernel or perhaps an embedded kernel.
> > 
> 
> OK, looks good, I just have 2 comments below.
> 
> > Cc: Andi Kleen <ak@...ux.intel.com>
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> > ---
> >  include/linux/module.h      | 14 +++++++-------
> >  kernel/kprobes.c            |  7 +++++++
> >  kernel/trace/trace_kprobe.c | 16 +++++++++++++++-
> >  3 files changed, 29 insertions(+), 8 deletions(-)
> > 
> > diff --git a/include/linux/module.h b/include/linux/module.h
> > index 857b84bf9e90..eaa8ad02f75c 100644
> > --- a/include/linux/module.h
> > +++ b/include/linux/module.h
> > @@ -290,6 +290,13 @@ extern typeof(name) __mod_##type##__##name##_device_table		\
> >  
> >  struct notifier_block;
> >  
> > +enum module_state {
> > +	MODULE_STATE_LIVE,	/* Normal state. */
> > +	MODULE_STATE_COMING,	/* Full formed, running module_init. */
> > +	MODULE_STATE_GOING,	/* Going away. */
> > +	MODULE_STATE_UNFORMED,	/* Still setting it up. */
> > +};
> > +
> >  #ifdef CONFIG_MODULES
> >  
> >  extern int modules_disabled; /* for sysctl */
> > @@ -305,13 +312,6 @@ struct module_use {
> >  	struct module *source, *target;
> >  };
> >  
> > -enum module_state {
> > -	MODULE_STATE_LIVE,	/* Normal state. */
> > -	MODULE_STATE_COMING,	/* Full formed, running module_init. */
> > -	MODULE_STATE_GOING,	/* Going away. */
> > -	MODULE_STATE_UNFORMED,	/* Still setting it up. */
> > -};
> > -
> >  struct mod_tree_node {
> >  	struct module *mod;
> >  	struct latch_tree_node node;
> > diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> > index b4f3c24cd2ef..3039df13d34e 100644
> > --- a/kernel/kprobes.c
> > +++ b/kernel/kprobes.c
> > @@ -2225,6 +2225,7 @@ int kprobe_add_area_blacklist(unsigned long start, unsigned long end)
> >  	return 0;
> >  }
> >  
> > +#ifdef CONFIG_MODULES
> >  /* Remove all symbols in given area from kprobe blacklist */
> >  static void kprobe_remove_area_blacklist(unsigned long start, unsigned long end)
> >  {
> > @@ -2242,6 +2243,7 @@ static void kprobe_remove_ksym_blacklist(unsigned long entry)
> >  {
> >  	kprobe_remove_area_blacklist(entry, entry + 1);
> >  }
> > +#endif
> >  
> >  int __init __weak arch_populate_kprobe_blacklist(void)
> >  {
> > @@ -2285,6 +2287,7 @@ static int __init populate_kprobe_blacklist(unsigned long *start,
> >  	return ret ? : arch_populate_kprobe_blacklist();
> >  }
> >  
> > +#ifdef CONFIG_MODULES
> >  static void add_module_kprobe_blacklist(struct module *mod)
> >  {
> >  	unsigned long start, end;
> > @@ -2330,6 +2333,10 @@ static void remove_module_kprobe_blacklist(struct module *mod)
> >  		kprobe_remove_area_blacklist(start, end);
> >  	}
> >  }
> > +#else
> > +static void add_module_kprobe_blacklist(struct module *mod) {}
> > +static void remove_module_kprobe_blacklist(struct module *mod) {}
> > +#endif /* CONFIG_MODULES */
> 
> Please feel free to move the function. I would like to see;
> 
> #ifdef CONFIG_MODULES
> /* Remove all symbols in given area from kprobe blacklist */
> static void kprobe_remove_area_blacklist(unsigned long start, unsigned long end)
> {
> ...
> }
> static void add_module_kprobe_blacklist(struct module *mod)
> {
> ...
> }
> #else
> static void add_module_kprobe_blacklist(struct module *mod) {}
> static void remove_module_kprobe_blacklist(struct module *mod) {}
> #endif /* CONFIG_MODULES */
> 
> Rather than split #ifdefs.
> 
> >  
> >  /* Module notifier call back, checking kprobes on the module */
> >  static int kprobes_module_callback(struct notifier_block *nb,
> > diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
> > index 710ec6a6aa8f..7fcd1bf2d96e 100644
> > --- a/kernel/trace/trace_kprobe.c
> > +++ b/kernel/trace/trace_kprobe.c
> > @@ -103,8 +103,9 @@ static nokprobe_inline bool trace_kprobe_has_gone(struct trace_kprobe *tk)
> >  	return !!(kprobe_gone(&tk->rp.kp));
> >  }
> >  
> > +#ifdef CONFIG_MODULES
> >  static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk,
> > -						 struct module *mod)
> > +						       struct module *mod)
> >  {
> >  	int len = strlen(mod->name);
> >  	const char *name = trace_kprobe_symbol(tk);
> > @@ -129,6 +130,17 @@ static nokprobe_inline bool trace_kprobe_module_exist(struct trace_kprobe *tk)
> >  
> >  	return ret;
> >  }
> > +#else
> > +static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk,
> > +						       struct module *mod)
> > +{
> > +	return false;
> > +}
> > +static nokprobe_inline bool trace_kprobe_module_exist(struct trace_kprobe *tk)
> > +{
> > +	return false;
> > +}
> > +#endif
> >  
> >  static bool trace_kprobe_is_busy(struct dyn_event *ev)
> >  {
> > @@ -685,10 +697,12 @@ static int trace_kprobe_module_callback(struct notifier_block *nb,
> >  			/* Don't need to check busy - this should have gone. */
> >  			__unregister_trace_kprobe(tk);
> >  			ret = __register_trace_kprobe(tk);
> > +#ifdef CONFIG_MODULES
> >  			if (ret)
> >  				pr_warn("Failed to re-register probe %s on %s: %d\n",
> >  					trace_probe_name(&tk->tp),
> >  					mod->name, ret);
> > +#endif
> 
> I guess this CONFIG_MODULES is for avoiding build error according to mod->name,
> if so, please use module_name(mod) macro instead of this #ifdef.
> 
> >  		}
> >  	}
> >  	mutex_unlock(&event_mutex);
> > -- 
> > 2.25.1
> > 
> 
> 
> -- 
> Masami Hiramatsu <mhiramat@...nel.org>

Thanks, agree with the remarks.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ