lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210126164038.566ef8c2@gandalf.local.home>
Date:   Tue, 26 Jan 2021 16:40:38 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     Masami Hiramatsu <mhiramat@...nel.org>,
        Jianlin Lv <Jianlin.Lv@....com>, mingo@...hat.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] tracing: precise log info for kretprobe addr err

On Tue, 26 Jan 2021 22:17:23 +0100
Oleg Nesterov <oleg@...hat.com> wrote:

> On 01/26, Steven Rostedt wrote:
> >
> > On Tue, 26 Jan 2021 21:20:59 +0100
> > Oleg Nesterov <oleg@...hat.com> wrote:
> >  
> > > > No, not wrong. Even offset != 0, if the symbol exists in the kernel,
> > > > kprobe_on_func_entry() will check it.  
> > >
> > > Yes, but unless I am totally confused... if kprobe_on_func_entry() returns false,
> > > then trace_kprobe_create() should fail with BAD_RETPROBE even if offset == 0 ?  
> >
> > From what I understand. kprobe_on_func_entry() can return false if you pass
> > in: "MOD:not_yet_loaded_module_func", but this is OK, because when the
> > module is loaded, and the "not_yet_loaded_module_func" exists, the
> > kretprobe will then be added.
> >
> > The strchr(symbol,":") check is to see if "MOD:" (or some other ":" command)
> > is in the name, and we don't want it to fail if it is. Which is why we
> > should have that commented.  
> 
> Agreed, this matches my understanding.
> 
> But just in case... not sure I read this code correctly, but I think that
> module_kallsyms_lookup_name("not_yet_loaded_module_func") should work even
> without the "MOD:" prefix.
> 
> IOW, kprobe_on_func_entry("not_yet_loaded_module_func") can fail, and then
> later succeed if you load the module which provides this symbol.
> 
> But even if I am right, I agree with the strchr(symbol,":") check.

I see what you are saying. If "MOD" is not loaded yet, the
kprobe_on_func_entry() should succeed.

kprobe_on_func_entry(name) {
	_kprobe_addr(name) {
		_kprobe_lookup_name(name) {
			kallsyms_lookup_name(name) {
				module_kallsyms_lookup_name(name) {

Which is:

unsigned long module_kallsyms_lookup_name(const char *name)
{
	struct module *mod;
	char *colon;
	unsigned long ret = 0;

	/* Don't lock: we're in enough trouble already. */
	preempt_disable();
	if ((colon = strnchr(name, MODULE_NAME_LEN, ':')) != NULL) {
		if ((mod = find_module_all(name, colon - name, false)) != NULL)
			ret = find_kallsyms_symbol_value(mod, colon+1);
	} else {
		list_for_each_entry_rcu(mod, &modules, list) {
			if (mod->state == MODULE_STATE_UNFORMED)
				continue;
			if ((ret = find_kallsyms_symbol_value(mod, name)) != 0)
				break;
		}
	}
	preempt_enable();
	return ret;
}


And if find_module_all() fails, ret isn't updated, and "return ret" will
return zero.

That is, the ":" check may not be needed, but its at least good to have?

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ