lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 4 Feb 2021 10:54:42 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Will Deacon <will@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Matt Morehouse <mascasa@...gle.com>
Subject: Re: Process-wide watchpoints

On Thu, Feb 4, 2021 at 10:39 AM Peter Zijlstra <peterz@...radead.org> wrote:
>
> On Thu, Feb 04, 2021 at 09:10:11AM +0100, Dmitry Vyukov wrote:
> > On Wed, Feb 3, 2021 at 2:37 PM Peter Zijlstra <peterz@...radead.org> wrote:
>
> > > Letting perf send a signal to the monitored task is intrusive.. let me
> > > think on that.
> >
> > I was thinking of something very similar to that bpf_send_signal that
> > delays sending to exit from irq:
> > https://elixir.bootlin.com/linux/latest/source/kernel/trace/bpf_trace.c#L1091
>
> Oh, making code to do it isn't the problem. The problem stems from the
> fact that perf is supposed to be observant only. The exception is when
> you monitor yourself, in that case you can send signals to yourself,
> because you know what you're doing (supposedly ;-).
>
> But if you go send signals to the task you're monitoring, you're
> actually changing their code-flow, you're an active participant instead
> of an observer.
>
> Also, they might not be able to handle the signal, in which case you're
> not changing the program but terminating it entirely.
>
> That's a big conceptual shift.
>
> OTOH, we're using ptrace permission checks, and ptrace() can inject
> signals just fine. But it's a fairly big departure from what perf set
> out to be.

Oh, I see, I did not think about this.

FWIW it's doable today by attaching a BPF program.

Will it help if this mode is restricted to monitoring the current
process? Sending signals indeed usually requires cooperation, so doing
it for the current process looks like a reasonable restriction.
This may be not a fundamental restriction, but rather "we don't have
any use cases and are not sure about implications, so this is a
precaution measure, may be relaxed in future".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ