From: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
To: Anton Arapov <anton@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
Josh Stone <jistone@redhat.com>, Frank Eigler <fche@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@elte.hu>,
Ananth N Mavinakayanahalli <ananth@in.ibm.com>,
adrian.m.negreanu@intel.com, Torsten.Polle@gmx.de
Subject: Re: [PATCH v1 7/9] uretprobes: Limit the depth of return probe nestedness
Date: Sun, 7 Apr 2013 17:25:27 +0530 [thread overview]
Message-ID: <20130407115527.GF2186@linux.vnet.ibm.com> (raw)
In-Reply-To: <1365004839-21982-8-git-send-email-anton@redhat.com>
* Anton Arapov <anton@redhat.com> [2013-04-03 18:00:37]:
> Unlike the kretprobes we can't trust userspace, thus must have
> protection from user space attacks. User-space have "unlimited"
> stack, and this patch limits the return probes nestedness as a
> simple remedy for it.
>
> Note that this implementation leaks return_instance on siglongjmp
> until exit()/exec().
>
> The intention is to have KISS and bare minimum solution for the
> initial implementation in order to not complicate the uretprobes
> code.
>
> In the future we may come up with more sophisticated solution that
> remove this depth limitation. It is not easy task and lays beyond
> this patchset.
>
> Signed-off-by: Anton Arapov <anton@redhat.com>
Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
> ---
> include/linux/uprobes.h | 3 +++
> kernel/events/uprobes.c | 11 +++++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/include/linux/uprobes.h b/include/linux/uprobes.h
> index 5f8960e..d7bcf10 100644
> --- a/include/linux/uprobes.h
> +++ b/include/linux/uprobes.h
> @@ -38,6 +38,8 @@ struct inode;
> #define UPROBE_HANDLER_REMOVE 1
> #define UPROBE_HANDLER_MASK 1
>
> +#define MAX_URETPROBE_DEPTH 64
> +
> enum uprobe_filter_ctx {
> UPROBE_FILTER_REGISTER,
> UPROBE_FILTER_UNREGISTER,
> @@ -72,6 +74,7 @@ struct uprobe_task {
> struct arch_uprobe_task autask;
>
> struct return_instance *return_instances;
> + unsigned int depth;
> struct uprobe *active_uprobe;
>
> unsigned long xol_vaddr;
> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
> index d129c1d..489f5e3 100644
> --- a/kernel/events/uprobes.c
> +++ b/kernel/events/uprobes.c
> @@ -1381,6 +1381,13 @@ static void prepare_uretprobe(struct uprobe *uprobe, struct pt_regs *regs)
> if (!utask)
> return;
>
> + if (utask->depth >= MAX_URETPROBE_DEPTH) {
> + printk_ratelimited(KERN_INFO "uprobe: omit uretprobe due to"
> + " nestedness limit pid/tgid=%d/%d\n",
> + current->pid, current->tgid);
> + return;
> + }
> +
> ri = kzalloc(sizeof(struct return_instance), GFP_KERNEL);
> if (!ri)
> goto fail;
> @@ -1416,6 +1423,8 @@ static void prepare_uretprobe(struct uprobe *uprobe, struct pt_regs *regs)
> ri->orig_ret_vaddr = orig_ret_vaddr;
> ri->chained = chained;
>
> + utask->depth++;
> +
> /* add instance to the stack */
> ri->next = utask->return_instances;
> utask->return_instances = ri;
> @@ -1652,6 +1661,8 @@ static bool handler_uretprobe(struct pt_regs *regs)
> if (!chained)
> break;
>
> + utask->depth--;
> +
> BUG_ON(!ri);
> }
>
> --
> 1.8.1.4
>
--
Thanks and Regards
Srikar Dronamraju
next prev parent reply other threads:[~2013-04-07 12:01 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-03 16:00 [PATCH v1 0/9] uretprobes: Return uprobes implementation Anton Arapov
2013-04-03 16:00 ` [PATCH v1 1/9] uretprobes: Introduce uprobe_consumer->ret_handler() Anton Arapov
2013-04-07 11:37 ` Srikar Dronamraju
2013-04-03 16:00 ` [PATCH v1 2/9] uretprobes: Reserve the first slot in xol_vma for trampoline Anton Arapov
2013-04-07 11:44 ` Srikar Dronamraju
2013-04-09 14:16 ` Oleg Nesterov
2013-04-03 16:00 ` [PATCH v1 3/9] uretprobes/x86: Hijack return address Anton Arapov
2013-04-07 11:48 ` Srikar Dronamraju
2013-04-03 16:00 ` [PATCH v1 4/9] uretprobes/ppc: " Anton Arapov
2013-04-04 3:31 ` Ananth N Mavinakayanahalli
2013-04-07 11:51 ` Srikar Dronamraju
2013-04-03 16:00 ` [PATCH v1 5/9] uretprobes: Return probe entry, prepare_uretprobe() Anton Arapov
2013-04-07 11:52 ` Srikar Dronamraju
2013-04-03 16:00 ` [PATCH v1 6/9] uretprobes: Return probe exit, invoke handlers Anton Arapov
2013-04-07 10:53 ` Srikar Dronamraju
2013-04-09 14:05 ` Oleg Nesterov
2013-04-09 20:13 ` Oleg Nesterov
2013-04-13 10:01 ` Srikar Dronamraju
2013-04-13 16:10 ` Oleg Nesterov
2013-04-03 16:00 ` [PATCH v1 7/9] uretprobes: Limit the depth of return probe nestedness Anton Arapov
2013-04-07 11:55 ` Srikar Dronamraju [this message]
2013-04-03 16:00 ` [PATCH v1 8/9] uretprobes: Remove -ENOSYS as return probes implemented Anton Arapov
2013-04-07 11:56 ` Srikar Dronamraju
2013-04-03 16:00 ` [PATCH v1 9/9] uretprobes: Documentation update Anton Arapov
2013-04-07 11:57 ` Srikar Dronamraju
2013-04-03 17:45 ` [PATCH v1 0/9] uretprobes: Return uprobes implementation Oleg Nesterov
2013-04-04 3:32 ` Ananth N Mavinakayanahalli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130407115527.GF2186@linux.vnet.ibm.com \
--to=srikar@linux.vnet.ibm.com \
--cc=Torsten.Polle@gmx.de \
--cc=adrian.m.negreanu@intel.com \
--cc=ananth@in.ibm.com \
--cc=anton@redhat.com \
--cc=fche@redhat.com \
--cc=jistone@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.