From: Steven Rostedt <rostedt@goodmis.org>
To: Kalesh Singh <kaleshsingh@google.com>
Cc: akpm@linux-foundation.org, minchan@kernel.org,
lorenzo.stoakes@oracle.com, david@redhat.com,
Liam.Howlett@oracle.com, rppt@kernel.org, pfalcato@suse.de,
kernel-team@android.com, android-mm@google.com,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Kees Cook <kees@kernel.org>, Vlastimil Babka <vbabka@suse.cz>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Juri Lelli <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>,
Valentin Schneider <vschneid@redhat.com>,
Jann Horn <jannh@google.com>, Shuah Khan <shuah@kernel.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-trace-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v2 7/7] mm/tracing: introduce max_vma_count_exceeded trace event
Date: Tue, 16 Sep 2025 14:51:46 -0400 [thread overview]
Message-ID: <20250916145146.046f56a8@batman.local.home> (raw)
In-Reply-To: <CAC_TJvfAQDiL9PydWnKE6TDMcCzw0xrsLMZVZLe6eO0R1LODhA@mail.gmail.com>
On Tue, 16 Sep 2025 11:23:03 -0700
Kalesh Singh <kaleshsingh@google.com> wrote:
> > When it comes to tracing, you already lost. If it goes into the ring buffer
> > it's a raw pointer. BPF doesn't use the output of the trace event, so you
> > are exposing nothing from that. It uses the proto directly.
>
> My understanding is that the BPF tracepoint type uses the trace event
> fields from TP_STRUCT__entry(); whereas the raw tracepoint type has
> access to the proto arguments. Please CMIW: Isn't what we'd be adding
> to the trace buffer is the hashed mm_id value?
Ah, right. Can't the BPF infrastructure protect against it?
>
> >
> > Heck, if you enable function tracing, you are exposing every function
> > address it traces via the raw data output.
>
> Right, security doesn't allow compiling CONFIG_FUNCTION_TRACER in
> Android production kernels.
Does it block all the other trace events that share pointers?
Like nmi handler tracepoints, x86_fpu tracepoints, page_fault kernel
tracepoint, tasklet tracepoints, cpu hot plug tracepoints, timer
tracepoints, work queue tracepoints, ipi tracepoints, scheduling
tracepoints, locking tracepoints, rcu tracepoints, dma tracepoints,
module tracepoints, xdp tracepoints, filemap tracepoints, page map
tracepoints, vmscan tracepoints, percpu tracepoints, kmem_cache
tracepoints, mmap lock tracepoints, file lock tracepoints, and many
more! (I got tired of looking them up).
Again, are you really protecting anything if this one trace point
hashes the pointer? Most other tracepoints expose this. If BPF can
access a tracepoint entry struct, it can access the raw address and
break KASLR.
-- Steve
next prev parent reply other threads:[~2025-09-16 18:52 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-15 16:36 [PATCH v2 0/7] vma count: fixes, test and improvements Kalesh Singh
2025-09-15 16:36 ` [PATCH v2 1/7] mm: fix off-by-one error in VMA count limit checks Kalesh Singh
2025-09-15 22:36 ` Andrew Morton
2025-09-16 14:20 ` Jonathan Corbet
2025-09-17 1:16 ` Andrew Morton
2025-09-16 9:45 ` Pedro Falcato
2025-09-17 7:44 ` SeongJae Park
2025-09-17 10:52 ` David Hildenbrand
2025-09-18 11:31 ` Pedro Falcato
2025-09-18 13:53 ` Lorenzo Stoakes
2025-09-15 16:36 ` [PATCH v2 2/7] mm/selftests: add max_vma_count tests Kalesh Singh
2025-09-17 10:58 ` David Hildenbrand
2025-09-17 16:49 ` Kalesh Singh
2025-09-18 14:42 ` Lorenzo Stoakes
2025-09-18 16:21 ` Kalesh Singh
2025-09-15 16:36 ` [PATCH v2 3/7] mm: introduce vma_count_remaining() Kalesh Singh
2025-09-17 13:38 ` David Hildenbrand
2025-09-17 17:10 ` Kalesh Singh
2025-09-18 13:20 ` Lorenzo Stoakes
2025-09-18 13:26 ` Lorenzo Stoakes
2025-09-18 14:31 ` Lorenzo Stoakes
2025-09-18 15:52 ` Kalesh Singh
2025-09-15 16:36 ` [PATCH v2 4/7] mm: rename mm_struct::map_count to vma_count Kalesh Singh
2025-09-17 13:41 ` David Hildenbrand
2025-09-18 11:46 ` Pedro Falcato
2025-09-18 14:48 ` Lorenzo Stoakes
2025-09-15 16:36 ` [PATCH v2 5/7] mm: harden vma_count against direct modification Kalesh Singh
2025-09-18 14:52 ` Lorenzo Stoakes
2025-09-18 15:43 ` Kalesh Singh
2025-09-15 16:36 ` [PATCH v2 6/7] mm: add assertion for VMA count limit Kalesh Singh
2025-09-17 13:44 ` David Hildenbrand
2025-09-17 17:22 ` Kalesh Singh
2025-09-17 18:34 ` David Hildenbrand
2025-09-17 20:31 ` Kalesh Singh
2025-09-18 11:48 ` Pedro Falcato
2025-09-18 13:30 ` Lorenzo Stoakes
2025-09-15 16:36 ` [PATCH v2 7/7] mm/tracing: introduce max_vma_count_exceeded trace event Kalesh Singh
2025-09-15 23:41 ` Steven Rostedt
2025-09-16 1:19 ` Kalesh Singh
2025-09-16 15:52 ` Steven Rostedt
2025-09-16 17:36 ` Kalesh Singh
2025-09-16 17:48 ` Steven Rostedt
2025-09-16 17:57 ` Kalesh Singh
2025-09-16 18:02 ` Steven Rostedt
2025-09-16 18:23 ` Kalesh Singh
2025-09-16 18:51 ` Steven Rostedt [this message]
2025-09-16 20:08 ` Kalesh Singh
2025-09-18 11:38 ` Pedro Falcato
2025-09-18 14:48 ` Steven Rostedt
2025-09-18 13:42 ` Lorenzo Stoakes
2025-09-18 13:51 ` Lorenzo Stoakes
2025-09-18 15:55 ` Kalesh Singh
2025-09-15 22:34 ` [PATCH v2 0/7] vma count: fixes, test and improvements Andrew Morton
2025-09-15 23:10 ` Kalesh Singh
2025-09-16 0:05 ` Andrew Morton
2025-09-16 1:23 ` Kalesh Singh
2025-09-16 10:12 ` Lorenzo Stoakes
2025-09-16 17:47 ` Kalesh Singh
2025-09-17 2:16 ` Andrew Morton
2025-09-17 5:36 ` Lorenzo Stoakes
2025-09-17 23:32 ` Andrew Morton
2025-09-18 10:29 ` Lorenzo Stoakes
2025-09-18 12:07 ` David Hildenbrand
2025-09-18 12:49 ` Lorenzo Stoakes
2025-09-18 20:59 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250916145146.046f56a8@batman.local.home \
--to=rostedt@goodmis.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=android-mm@google.com \
--cc=brauner@kernel.org \
--cc=bsegall@google.com \
--cc=david@redhat.com \
--cc=dietmar.eggemann@arm.com \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=juri.lelli@redhat.com \
--cc=kaleshsingh@google.com \
--cc=kees@kernel.org \
--cc=kernel-team@android.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mgorman@suse.de \
--cc=mhiramat@kernel.org \
--cc=mhocko@suse.com \
--cc=minchan@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=pfalcato@suse.de \
--cc=rppt@kernel.org \
--cc=shuah@kernel.org \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=vincent.guittot@linaro.org \
--cc=viro@zeniv.linux.org.uk \
--cc=vschneid@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).