Re: [PATCH v3] kprobes: Forbid probing on trampoline and bpf prog
From: Chen Zhongjin
Date: Tue Aug 02 2022 - 08:28:49 EST
On 2022/8/2 17:06, Jiri Olsa wrote:
On Mon, Aug 01, 2022 at 04:51:46PM -0400, Steven Rostedt wrote:
On Mon, 1 Aug 2022 22:41:19 +0200
Jiri Olsa <olsajiri@xxxxxxxxx> wrote:
LGTM cc-ing Steven because it affects ftrace as well
Thanks for the Cc, but I don't quite see how it affects ftrace.
Unless you are just saying how it can affect kprobe_events?
nope, I just saw the 'ftrace' in changelog ;-)
anyway the patch makes check_kprobe_address_safe to fail
on ftrace trampoline address.. but not sure you could make
kprobe on ftrace trampoline before, probably not
jirka
In fact with CONFIG_KPROBE_EVENTS_ON_NOTRACE=y it can happen.
But I think ftrace has no responsibility to promise the address safety
when this option open.
Best,
Chen
-- Steve
jirka
v1 -> v2:
Check core_kernel_text and is_module_text_address rather than
only kprobe_insn.
Also fix title and commit message for this. See old patch at [1].
---
kernel/kprobes.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index f214f8c088ed..80697e5e03e4 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1560,7 +1560,8 @@ static int check_kprobe_address_safe(struct kprobe *p,
preempt_disable();
/* Ensure it is not in reserved area nor out of text */
- if (!kernel_text_address((unsigned long) p->addr) ||
+ if (!(core_kernel_text((unsigned long) p->addr) ||
+ is_module_text_address((unsigned long) p->addr)) ||
within_kprobe_blacklist((unsigned long) p->addr) ||
jump_label_text_reserved(p->addr, p->addr) ||
static_call_text_reserved(p->addr, p->addr) ||
--
2.17.1