lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 26 Jan 2021 13:15:36 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Oleg Nesterov <oleg@...hat.com>, Jianlin Lv <Jianlin.Lv@....com>,
        mingo@...hat.com, mhiramat@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] tracing: precise log info for kretprobe addr err

On Mon, 25 Jan 2021 13:38:40 -0500
Steven Rostedt <rostedt@...dmis.org> wrote:

> On Mon, 25 Jan 2021 19:19:27 +0100
> Oleg Nesterov <oleg@...hat.com> wrote:
> 
> > On 01/26, Jianlin Lv wrote:
> > >
> > > When trying to create kretprobe with the wrong function symbol in tracefs;
> > > The error is triggered in the register_trace_kprobe() and recorded as
> > > FAIL_REG_PROBE issue,
> > >
> > > Example:
> > >   $ cd /sys/kernel/debug/tracing
> > >   $ echo 'r:myprobe ERROR_SYMBOL_XXX ret=%x0' >> kprobe_events
> > >     bash: echo: write error: Invalid argument
> > >   $ cat error_log
> > >     [142797.347877] trace_kprobe: error: Failed to register probe event
> > >     Command: r:myprobe ERROR_SYMBOL_XXX ret=%x0
> > >                        ^
> > >
> > > This error can be detected in the parameter parsing stage, the effect of
> > > applying this patch is as follows:
> > >
> > >   $ echo 'r:myprobe ERROR_SYMBOL_XXX ret=%x0' >> kprobe_events
> > >     bash: echo: write error: Invalid argument
> > >   $ cat error_log
> > >     [415.89]trace_kprobe: error: Retprobe address must be an function entry
> > >     Command: r:myprobe ERROR_SYMBOL_XXX ret=%x0  
> > 
> > IOW, the "offset != 0" check removed by this patch is obviously wrong, right?
> > 

No, not wrong. Even offset != 0, if the symbol exists in the kernel, 
kprobe_on_func_entry() will check it.

> > Agreed, but...
> > 
> > > --- a/kernel/trace/trace_kprobe.c
> > > +++ b/kernel/trace/trace_kprobe.c
> > > @@ -830,7 +830,7 @@ static int trace_kprobe_create(int argc, const char *argv[])
> > >  			flags |= TPARG_FL_RETURN;
> > >  		if (kprobe_on_func_entry(NULL, symbol, offset))
> > >  			flags |= TPARG_FL_FENTRY;
> > > -		if (offset && is_return && !(flags & TPARG_FL_FENTRY)) {
> > > +		if (!strchr(symbol, ':') && is_return && !(flags & TPARG_FL_FENTRY)) {  
> > 
> > but why did you add the strchr(':') check instead?
> > 
> > I was really puzzled until I found the this email from Masami:
> > https://lore.kernel.org/lkml/20210120131406.5a992c1e434681750a0cd5d4@kernel.org/
> > 
> > So I leave this to you and Masami, but perhaps you can document this check at
> > least in the changelog?
> > 
> 
> No, you are correct. That needs to be documented in the code.

Agreed. There should be commented that is defered until the module is loaded.

> 
> I was about to comment that the check requires a comment ;-)
> 
> Jianlin,
> 
> Care to send a v4 of the patch with a comment to why we are checking the
> symbol for ':'.

Thank you!

> 
> Thanks!
> 
> -- Steve
> 


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ