lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YBvAsku9OWM7KUno@hirez.programming.kicks-ass.net>
Date:   Thu, 4 Feb 2021 10:38:58 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Will Deacon <will@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Matt Morehouse <mascasa@...gle.com>
Subject: Re: Process-wide watchpoints

On Thu, Feb 04, 2021 at 09:10:11AM +0100, Dmitry Vyukov wrote:
> On Wed, Feb 3, 2021 at 2:37 PM Peter Zijlstra <peterz@...radead.org> wrote:

> > Letting perf send a signal to the monitored task is intrusive.. let me
> > think on that.
> 
> I was thinking of something very similar to that bpf_send_signal that
> delays sending to exit from irq:
> https://elixir.bootlin.com/linux/latest/source/kernel/trace/bpf_trace.c#L1091

Oh, making code to do it isn't the problem. The problem stems from the
fact that perf is supposed to be observant only. The exception is when
you monitor yourself, in that case you can send signals to yourself,
because you know what you're doing (supposedly ;-).

But if you go send signals to the task you're monitoring, you're
actually changing their code-flow, you're an active participant instead
of an observer.

Also, they might not be able to handle the signal, in which case you're
not changing the program but terminating it entirely.

That's a big conceptual shift.

OTOH, we're using ptrace permission checks, and ptrace() can inject
signals just fine. But it's a fairly big departure from what perf set
out to be.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ