lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241217173237.836878448@goodmis.org>
Date: Tue, 17 Dec 2024 12:32:37 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: linux-kernel@...r.kernel.org,
 linux-trace-kernel@...r.kernel.org
Cc: Masami Hiramatsu <mhiramat@...nel.org>,
 Mark Rutland <mark.rutland@....com>,
 Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
 Andrew Morton <akpm@...ux-foundation.org>,
 Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH 0/3] ring-buffer: Hardening of the persistent buffer


Harden persistent ring buffer:

The persistent ring buffer has some assumptions for it to work correctly.
Currently, those assumptions are not forced. This changes that.

One assumption is that the data in the persistent ring buffer from
the previous boot is for the same kernel that is currently running.
That is now enforced by adding a uname into the meta data and if
the uname does not match, it will reset the data. Note, this is not
meant for forcing this during development, but only for production
where the uname should change when the kernel is updated.

The next assumption is that modules and dynamic events cannot be
trusted in the buffer that's from a previous boot. That's because the
addresses, and possibly even the event types will not match. To prevent
this, module and dynamic events are not even created in any instance
that holds a persistent buffer. This means the "enable" files will
not be there as the directories that are associated with those events
will also not be there, and the events cannot be started in the
persistent ring buffers.

Finally, because the TP_printk() can have various pointers to strings,
force the use of the print_fields() output function as that just iterates
the events fields and prints them while ignoring the TP_printk() format
of the event. In the future, the TP_printk() could be used, but that
would require making a copy of the event data and updating the pointers
before passing to the TP_printk() event and that is out of scrope of
these fixes.

The print_fields() needed one change to update the pointer to the "%s"
that can point into the kernel.


Steven Rostedt (3):
      ring-buffer: Add uname to match criteria for persistent ring buffer
      trace/ring-buffer: Do not create module or dynamic events in boot mapped buffers
      trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers

----
 kernel/trace/ring_buffer.c  | 10 ++++++++++
 kernel/trace/trace.c        |  9 +++++++++
 kernel/trace/trace_events.c |  6 ++++++
 kernel/trace/trace_output.c |  3 ++-
 4 files changed, 27 insertions(+), 1 deletion(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ