kprobes: prevent probing of preempt_schedule()
authorSrinivasa Ds <srinivasa@in.ibm.com>
Mon, 28 Apr 2008 09:14:26 +0000 (02:14 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 28 Apr 2008 15:58:32 +0000 (08:58 -0700)
Prohibit users from probing preempt_schedule().  One way of prohibiting the
user from probing functions is by marking such functions with __kprobes.  But
this method doesn't work for those functions, which are already marked to
different section like preempt_schedule() (belongs to __sched section).  So we
use blacklist approach to refuse user from probing these functions.

In blacklist approach we populate the blacklisted function's starting address
and its size in kprobe_blacklist structure.  Then we verify the user specified
address against start and end of the blacklisted function.  So any attempt to
register probe on blacklisted functions will be rejected.

[akpm@linux-foundation.org: build fix]
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Srinivasa DS <srinivasa@in.ibm.com>
Signed-off-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Signed-off-by: Jim Keniston <jkenisto@us.ibm.com>
Cc: Dave Hansen <haveblue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
include/linux/kprobes.h
kernel/kprobes.c

index 0f28486f636067677cf9b80c1279c7da88ffc4c9..cd507ab4fed75c01febb66fdf2843688874e7229 100644 (file)
@@ -173,6 +173,13 @@ struct kretprobe_blackpoint {
        const char *name;
        void *addr;
 };
+
+struct kprobe_blackpoint {
+       const char *name;
+       unsigned long start_addr;
+       unsigned long range;
+};
+
 extern struct kretprobe_blackpoint kretprobe_blacklist[];
 
 static inline void kretprobe_assert(struct kretprobe_instance *ri,
index fcfb580c3afc847e60fc9fa4f682b33c25650963..f02a4311768b7e90b16f917fc26de6da9fff9cb2 100644 (file)
@@ -72,6 +72,18 @@ DEFINE_MUTEX(kprobe_mutex);          /* Protects kprobe_table */
 DEFINE_SPINLOCK(kretprobe_lock);       /* Protects kretprobe_inst_table */
 static DEFINE_PER_CPU(struct kprobe *, kprobe_instance) = NULL;
 
+/*
+ * Normally, functions that we'd want to prohibit kprobes in, are marked
+ * __kprobes. But, there are cases where such functions already belong to
+ * a different section (__sched for preempt_schedule)
+ *
+ * For such cases, we now have a blacklist
+ */
+struct kprobe_blackpoint kprobe_blacklist[] = {
+       {"preempt_schedule",},
+       {NULL}    /* Terminator */
+};
+
 #ifdef __ARCH_WANT_KPROBES_INSN_SLOT
 /*
  * kprobe->ainsn.insn points to the copy of the instruction to be
@@ -492,9 +504,22 @@ static int __kprobes register_aggr_kprobe(struct kprobe *old_p,
 
 static int __kprobes in_kprobes_functions(unsigned long addr)
 {
+       struct kprobe_blackpoint *kb;
+
        if (addr >= (unsigned long)__kprobes_text_start &&
            addr < (unsigned long)__kprobes_text_end)
                return -EINVAL;
+       /*
+        * If there exists a kprobe_blacklist, verify and
+        * fail any probe registration in the prohibited area
+        */
+       for (kb = kprobe_blacklist; kb->name != NULL; kb++) {
+               if (kb->start_addr) {
+                       if (addr >= kb->start_addr &&
+                           addr < (kb->start_addr + kb->range))
+                               return -EINVAL;
+               }
+       }
        return 0;
 }
 
@@ -811,6 +836,11 @@ void __kprobes unregister_kretprobe(struct kretprobe *rp)
 static int __init init_kprobes(void)
 {
        int i, err = 0;
+       unsigned long offset = 0, size = 0;
+       char *modname, namebuf[128];
+       const char *symbol_name;
+       void *addr;
+       struct kprobe_blackpoint *kb;
 
        /* FIXME allocate the probe table, currently defined statically */
        /* initialize all list heads */
@@ -819,6 +849,28 @@ static int __init init_kprobes(void)
                INIT_HLIST_HEAD(&kretprobe_inst_table[i]);
        }
 
+       /*
+        * Lookup and populate the kprobe_blacklist.
+        *
+        * Unlike the kretprobe blacklist, we'll need to determine
+        * the range of addresses that belong to the said functions,
+        * since a kprobe need not necessarily be at the beginning
+        * of a function.
+        */
+       for (kb = kprobe_blacklist; kb->name != NULL; kb++) {
+               kprobe_lookup_name(kb->name, addr);
+               if (!addr)
+                       continue;
+
+               kb->start_addr = (unsigned long)addr;
+               symbol_name = kallsyms_lookup(kb->start_addr,
+                               &size, &offset, &modname, namebuf);
+               if (!symbol_name)
+                       kb->range = 0;
+               else
+                       kb->range = size;
+       }
+
        if (kretprobe_blacklist_size) {
                /* lookup the function address from its name */
                for (i = 0; kretprobe_blacklist[i].name != NULL; i++) {