| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250215034301.624019422@goodmis.org>
Date: Fri, 14 Feb 2025 22:43:01 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: linux-kernel@...r.kernel.org,
linux-trace-kernel@...r.kernel.org
Cc: Masami Hiramatsu <mhiramat@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH v2 0/8] ring-buffer/tracing: Save module information in persistent memory
This updates the persistent instance to record what modules were
loaded and what addresses they were loaded at.
First the KASLR offset is recorded in the persistent ring buffer instead of
a text address. This can be used to calculated the address offset.
Next the persistent memory is divided up differently so that there's
a single global meta data for the entire buffer that can hold the
global data, and each per CPU meta data can just hold what it needs.
A scratch area can be created by the caller, in this case the tracing
system, to store data in the persistent memory area.
As the KASLR offset is only needed by the tracer, that data is moved
from the ring buffer meta data into this new storage.
Next the modules that are loaded and where they are loaded is stored in this
new persistent storage.
The module list along with the KASLR offset is now exposed in the
last_boot_info if the buffer is from a previous boot. If it is from the
current boot, the file will only contain:
# Current
in order to not leak the KASLR offset.
Finally, when new modules are loaded while the trace is active, they too
will be added to this persistent memory. Note, if tracing is stopped, and
then restarted, it clears the module list and will reload all the modules
again so that it doesn't need to keep track of what is loaded or unloaded
while no tracing is going on.
Changes since v1: https://lore.kernel.org/all/20250205225031.799739376@goodmis.org/
- Rebased on top of the urgent branch
- Allow the size of the scratch area in the persistent ring buffer to be
defined by the caller.
- Change the output of the last_boot_info to show the kaslr instead of:
"Offset: <offset>" to "<offset>\t[kernel]" to make it consistent with
the module output.
Steven Rostedt (8):
ring-buffer: Use kaslr address instead of text delta
ring-buffer: Add buffer meta data for persistent ring buffer
ring-buffer: Add ring_buffer_meta_scratch()
tracing: Have persistent trace instances save KASLR offset
module: Add module_for_each_mod() function
tracing: Have persistent trace instances save module addresses
tracing: Show module names and addresses of last boot
tracing: Update modules to persistent instances when loaded
----
include/linux/module.h | 6 +
include/linux/ring_buffer.h | 8 +-
kernel/module/main.c | 14 +++
kernel/trace/ring_buffer.c | 245 ++++++++++++++++++++++++-----------------
kernel/trace/trace.c | 263 ++++++++++++++++++++++++++++++++++++++++----
kernel/trace/trace.h | 15 ++-
kernel/trace/trace_events.c | 40 +++++--
7 files changed, 448 insertions(+), 143 deletions(-)
Powered by blists - more mailing lists