[PATCH -tip v3 00/10] kprobes: Fix and improve blacklist symbols

[Masami Hiramatsu <mhiramat@kernel.org>]

Hi,

Here is the v3 series of kprobes blacklist bugfix and improvements mainly
on x86 (since I started testing on qemu-x86).

This version is just rebased on top of -tip master branch and
add bsearch nokprobe patch by Andrea (Thanks!)

This has been started from discussion about KPROBE_ENENTS_ON_NOTRACE
configuration. I tried to find notrace functions which can cause kernel
crash with kprobes using following script.

====
#!/bin/sh

i=0;
cat notrace_functions | while read f ; do
  if echo p:event$i $f >> /sys/kernel/debug/tracing/kprobe_events; then
     echo "Probing on $f"
     echo 1 > /sys/kernel/debug/tracing/events/kprobes/event$i/enable 
  fi
  i=$((i+1))
done
====

And I found several functions which must be blacklisted.
 - optprobe template code, which is just a template code and
   never be executed. Moreover, since it can be copied and
   reused, if we probe it, it modifies the template code and
   can cause a crash. ([1/10][2/10])
 - functions which is called before kprobe_int3_handler()
   handles kprobes. This can cause a breakpoint recursion. ([3/10])
 - IRQ entry text, which should not be probed since register/pagetable
   status has not been stable at that point. ([4/10])
 - Suffixed symbols, like .constprop, .part etc. Those suffixed
   symbols never be blacklisted even if the non-suffixed version
   has been blacklisted. ([5/10])
 - hardirq tracer also works before int3 handling. ([6/10])
 - preempt_check debug function also is involved in int3 handling.
   ([7/10])
 - RCU debug routine is also called before kprobe_int3_handler().
   ([8/10])
 - Some lockdep functions are also involved in int3 handling.
   ([9/10])
 - bsearch() is involved in int3 handling because of ftrace
   is using it. ([10/10])

Of course there still may be some functions which can be called
by configuration change, I'll continue to test it.

Thank you,

---

Andrea Righi (1):
      kprobes: Prohibit probing on bsearch()

Masami Hiramatsu (9):
      x86/kprobes: Prohibit probing on optprobe template code
      x86/kprobes: Move trampoline code into RODATA
      x86/kprobes: Prohibit probing on functions before kprobe_int3_handler()
      x86/kprobes: Prohibit probing on IRQ handlers directly
      kprobes: Search non-suffixed symbol in blacklist
      kprobes: Prohibit probing on hardirq tracers
      kprobes: Prohibit probing on preempt_check debug functions
      kprobes: Prohibit probing on RCU debug routine
      kprobes: Prohibit probing on lockdep functions


 arch/x86/kernel/alternative.c   |    3 ++-
 arch/x86/kernel/ftrace.c        |    3 ++-
 arch/x86/kernel/kprobes/core.c  |    7 +++++++
 arch/x86/kernel/kprobes/opt.c   |    4 ++--
 arch/x86/kernel/traps.c         |    1 +
 kernel/kprobes.c                |   21 ++++++++++++++++++++-
 kernel/locking/lockdep.c        |    7 ++++++-
 kernel/rcu/tree.c               |    2 ++
 kernel/rcu/update.c             |    2 ++
 kernel/trace/trace_irqsoff.c    |    9 +++++++--
 kernel/trace/trace_preemptirq.c |    5 +++++
 lib/bsearch.c                   |    2 ++
 lib/smp_processor_id.c          |    7 +++++--
 13 files changed, 63 insertions(+), 10 deletions(-)

-- 
Masami Hiramatsu (Linaro) <mhiramat@kernel.org>