From: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
To: Namhyung Kim <namhyung.kim@lge.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>,
linux-kernel@vger.kernel.org, Hyeoncheol Lee <cheol.lee@lge.com>,
yrl.pp-manager.tt@hitachi.com
Subject: Re: [QUESTION] Kprobes as a module?
Date: Tue, 15 May 2012 21:18:25 +0900 [thread overview]
Message-ID: <4FB24991.1040500@hitachi.com> (raw)
In-Reply-To: <87vcjxzvtn.fsf@sejong.aot.lge.com>
Hi,
No, actually you can't make it as a module. There are
two major reasons.
- ftrace depends on the kprobes now.
- int3 handling routine is deeply depends on
the architecture. This includes text modifying code.
Thus, if you separate the kprobes into module, that means
you need to expose more ugly interface of self modifying
for kernel modules.
(2012/05/15 17:34), Namhyung Kim wrote:
> Hi,
>
> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote:
>> On 05/15/2012 04:24 PM, Namhyung Kim wrote:
>>> Hi,
>>>
>>> Probably a dumb question :).
>>> What prevents the kprobes from being built as a module? We want to use
>>> the kprobes on our systems, but some guys worried about potential
>>> security problems. So it'd be great if we can enable/load kprobes as
>>> needed and then disable/unload after using it. Is it a possible senario?
BTW, I'm not sure what the potential security problems on that?
kprobes itself can be used only from kernel modules(except ftrace).
If someone compromises kernel with kernel module, he doesn't need
kprobes at all. They just can do anything they want. :)
Thank you,
--
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com
next prev parent reply other threads:[~2012-05-15 12:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-15 8:24 [QUESTION] Kprobes as a module? Namhyung Kim
2012-05-15 8:31 ` Cong Wang
2012-05-15 8:34 ` Namhyung Kim
2012-05-15 12:18 ` Masami Hiramatsu [this message]
2012-05-16 1:44 ` Namhyung Kim
2012-05-15 19:52 ` valdis.kletnieks
2012-05-16 1:48 ` Namhyung Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FB24991.1040500@hitachi.com \
--to=masami.hiramatsu.pt@hitachi.com \
--cc=cheol.lee@lge.com \
--cc=linux-kernel@vger.kernel.org \
--cc=namhyung.kim@lge.com \
--cc=xiyou.wangcong@gmail.com \
--cc=yrl.pp-manager.tt@hitachi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox