lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8acdd32a-1702-4434-8d79-2e73ded36d2a@gmail.com>
Date: Wed, 13 Nov 2024 13:02:43 +0530
From: Dropify <d.dropify@...il.com>
To: zhengyejian1@...wei.com
Cc: bpf@...r.kernel.org, jpoimboe@...nel.org, linux-kernel@...r.kernel.org,
 linux-modules@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
 mark.rutland@....com, mathieu.desnoyers@...icios.com, mcgrof@...nel.org,
 mhiramat@...nel.org, peterz@...radead.org, rostedt@...dmis.org
Subject: Re: [RFC PATCH] ftrace: Skip __fentry__ location of overridden weak
 functions

Wondering where are we with this issue?

I am experiencing an issue where in a fentry/kfunc bpf probe attached to 
a function doesn't fire. I have only experienced this behavior on Debian 
kernels with `CONFIG_X86_KERNEL_IBT` enabled.

Because of weak symbols being removed from kallsyms, 
kallsyms_lookup_size_offset() returns the symbol offset for the function 
"acct_process()" more than the actual size. And the function body now 
contains two __fentry__ locations.

Depending on where binary search lands up first, correct (acct_process + 
4) or incorrect (acct_process + 260) location is returned.

Thanks,

Dropify

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ