| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <05e32c82-1009-03ba-d973-8b1bc0582ce2@linux.ibm.com>
Date: Wed, 26 May 2021 10:23:18 +0530
From: Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: acme@...nel.org, jolsa@...hat.com, linux-kernel@...r.kernel.org,
aneesh.kumar@...ux.ibm.com,
Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
Subject: Re: [PATCH] perf probe: Provide more detail with relocation warning
On 5/25/21 6:18 PM, Masami Hiramatsu wrote:
> On Tue, 25 May 2021 10:07:44 +0530
> Ravi Bangoria <ravi.bangoria@...ux.ibm.com> wrote:
>
>> When run as normal user with default sysctl kernel.kptr_restrict=0
>> and kernel.perf_event_paranoid=2, perf probe fails with:
>>
>> $ ./perf probe move_page_tables
>> Relocated base symbol is not found!
>>
>> The warning message is not much informative. The reason perf fails
>> is because /proc/kallsyms is restricted by perf_event_paranoid=2
>> for normal user and thus perf fails to read relocated address of
>> the base symbol.
>>
>> Tweaking kptr_restrict and perf_event_paranoid can change the
>> behavior of perf probe. Also, running as root or privileged user
>> works too. Add these details in the warning message.
>>
>> Plus, kmap->ref_reloc_sym might not be always set even if
>> host_machine is initialized. Above is the example of the same.
>> Remove that comment.
>
> Yes, those are restricted in some cases. Anyway without priviledged
> (super) user, perf probe can not set the probe in ftrace.
>
> Hmm, I think it should check the effective user-id at first. If it
> is not super user and the action will access tracefs and kallsyms,
> it should warn at that point.
If kptr_restrict=2, perf probe fails with same error even for root user.
That's why I thought to just change this warning message.
Different combinations of privilege, perf_event_paranoid, kptr_restrict:
Normal/Root user
| perf_event_paranoid
V V kptr_restrict perf probe error
----------------------------------------------------------------
N -1 0 Failed to open kprobe_events: Permission denied
N 0 0 Failed to open kprobe_events: Permission denied
N 1 0 Failed to open kprobe_events: Permission denied
N 2 0 Relocated base symbol is not found!
N -1 1 Relocated base symbol is not found!
N 0 1 Relocated base symbol is not found!
N 1 1 Relocated base symbol is not found!
N 2 1 Relocated base symbol is not found!
N -1 2 Relocated base symbol is not found!
N 0 2 Relocated base symbol is not found!
N 1 2 Relocated base symbol is not found!
N 2 2 Relocated base symbol is not found!
R -1 0 No error.
R 0 0 No error.
R 1 0 No error.
R 2 0 No error.
R -1 1 No error.
R 0 1 No error.
R 1 1 No error.
R 2 1 No error.
R -1 2 Relocated base symbol is not found!
R 0 2 Relocated base symbol is not found!
R 1 2 Relocated base symbol is not found!
R 2 2 Relocated base symbol is not found!
Ravi
Powered by blists - more mailing lists