diff options
| author | Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> | 2014-04-17 04:16:58 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2014-04-24 04:02:56 -0400 |
| commit | be8f274323c26ddc7e6fd6c44254b7abcdbe6389 (patch) | |
| tree | 01988f9374f3f8ad257d38b7f636efa297455b90 /kernel | |
| parent | 6a5022a56ac37da7bffece043331a101ed0040b1 (diff) | |
kprobes: Prohibit probing on .entry.text code
.entry.text is a code area which is used for interrupt/syscall
entries, which includes many sensitive code.
Thus, it is better to prohibit probing on all of such code
instead of a part of that.
Since some symbols are already registered on kprobe blacklist,
this also removes them from the blacklist.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: David S. Miller <davem@davemloft.net>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Jonathan Lebon <jlebon@redhat.com>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Link: http://lkml.kernel.org/r/20140417081658.26341.57354.stgit@ltc230.yrl.intra.hitachi.co.jp
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/kprobes.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/kernel/kprobes.c b/kernel/kprobes.c index ceeadfcabb76..5b5ac76671e7 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c | |||
| @@ -96,9 +96,6 @@ static raw_spinlock_t *kretprobe_table_lock_ptr(unsigned long hash) | |||
| 96 | static struct kprobe_blackpoint kprobe_blacklist[] = { | 96 | static struct kprobe_blackpoint kprobe_blacklist[] = { |
| 97 | {"preempt_schedule",}, | 97 | {"preempt_schedule",}, |
| 98 | {"native_get_debugreg",}, | 98 | {"native_get_debugreg",}, |
| 99 | {"irq_entries_start",}, | ||
| 100 | {"common_interrupt",}, | ||
| 101 | {"mcount",}, /* mcount can be called from everywhere */ | ||
| 102 | {NULL} /* Terminator */ | 99 | {NULL} /* Terminator */ |
| 103 | }; | 100 | }; |
| 104 | 101 | ||
| @@ -1324,12 +1321,18 @@ out: | |||
| 1324 | return ret; | 1321 | return ret; |
| 1325 | } | 1322 | } |
| 1326 | 1323 | ||
| 1324 | bool __weak arch_within_kprobe_blacklist(unsigned long addr) | ||
| 1325 | { | ||
| 1326 | /* The __kprobes marked functions and entry code must not be probed */ | ||
| 1327 | return addr >= (unsigned long)__kprobes_text_start && | ||
| 1328 | addr < (unsigned long)__kprobes_text_end; | ||
| 1329 | } | ||
| 1330 | |||
| 1327 | static int __kprobes in_kprobes_functions(unsigned long addr) | 1331 | static int __kprobes in_kprobes_functions(unsigned long addr) |
| 1328 | { | 1332 | { |
| 1329 | struct kprobe_blackpoint *kb; | 1333 | struct kprobe_blackpoint *kb; |
| 1330 | 1334 | ||
| 1331 | if (addr >= (unsigned long)__kprobes_text_start && | 1335 | if (arch_within_kprobe_blacklist(addr)) |
| 1332 | addr < (unsigned long)__kprobes_text_end) | ||
| 1333 | return -EINVAL; | 1336 | return -EINVAL; |
| 1334 | /* | 1337 | /* |
| 1335 | * If there exists a kprobe_blacklist, verify and | 1338 | * If there exists a kprobe_blacklist, verify and |