Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
On Tue, Jun 19, 2007 at 06:44:30AM -0700, Arjan van de Ven wrote:
> On Tue, 2007-06-19 at 09:30 -0400, Mathieu Desnoyers wrote:
> > * Arjan van de Ven ([EMAIL PROTECTED]) wrote:
> > > On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote:
> > > > This patch is a quick fix for x86_64 to enable kprobes only if
> > > > DEBUG_RODATA is
> > > > not configured. Since DEBUG_RODATA markes the kernel text pages as
> > > > read-only.
> > >
> > >
> > > it does??
> > >
> > > I don't seem to be able to find this in the source code.
> > >
>
> > See arch/x86_64/mm/init.c:mark_rodata_ro().
>
> eh woops
>
>
> PATCH] x86: tighten kernel image page access rights
> author
> Jan Beulich <[EMAIL PROTECTED]>
>
> Wed, 2 May 2007 17:27:10 +
> (19:27 +0200)
> committer
> Andi Kleen <[EMAIL PROTECTED]>
>
> Wed, 2 May 2007 17:27:10 +
> (19:27 +0200)
> commit
> 6fb14755a676282a4e6caa05a08c92db8e45cfff
>
>
> changed it to include text (even though Andi vetoed that before when I
> asked for it on grounds of breaking kprobes)... sounds this really wants
> to be a 2nd config option to seperatedly do code and data.
Something like having a seperate config option and a routine
to mark kernel text as read execute only.
And call mark_rwtext_ro() if CONFIG_DEBUG_ROTEXT is enabled
below in mark_rodata_ro().
/* this code is for i386 architecture*/
static inline void mark_rwtext_ro(void)
{
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
#ifdef CONFIG_HOTPLUG_CPU
/* It must still be possible to apply SMP alternatives. */
if (num_possible_cpus() <= 1)
#endif
{
change_page_attr(virt_to_page(start),
size >> PAGE_SHIFT, PAGE_KERNEL_RX);
printk("Write protecting the kernel text: %luk\n", size >> 10);
}
/*
* global_flush_tlb() will be called after marking the data as readonly.
*/
}
#ifdef CONFIG_DEBUG_RODATA
void mark_rodata_ro(void)
{
#ifdef CONFIG_DEBUG_ROTEXT
mark_rwtext_ro();
#endif
}
Thanks
Prasanna
--
Prasanna S.P.
Linux Technology Center
India Software Labs, IBM Bangalore
Email: [EMAIL PROTECTED]
Ph: 91-80-41776329
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
On Tue, 2007-06-19 at 09:30 -0400, Mathieu Desnoyers wrote: > * Arjan van de Ven ([EMAIL PROTECTED]) wrote: > > On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote: > > > This patch is a quick fix for x86_64 to enable kprobes only if > > > DEBUG_RODATA is > > > not configured. Since DEBUG_RODATA markes the kernel text pages as > > > read-only. > > > > > > it does?? > > > > I don't seem to be able to find this in the source code. > > > See arch/x86_64/mm/init.c:mark_rodata_ro(). eh woops PATCH] x86: tighten kernel image page access rights author Jan Beulich <[EMAIL PROTECTED]> Wed, 2 May 2007 17:27:10 + (19:27 +0200) committer Andi Kleen <[EMAIL PROTECTED]> Wed, 2 May 2007 17:27:10 + (19:27 +0200) commit 6fb14755a676282a4e6caa05a08c92db8e45cfff changed it to include text (even though Andi vetoed that before when I asked for it on grounds of breaking kprobes)... sounds this really wants to be a 2nd config option to seperatedly do code and data. -- if you want to mail me at work (you don't), use arjan (at) linux.intel.com Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
* Arjan van de Ven ([EMAIL PROTECTED]) wrote: > On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote: > > This patch is a quick fix for x86_64 to enable kprobes only if DEBUG_RODATA > > is > > not configured. Since DEBUG_RODATA markes the kernel text pages as > > read-only. > > > it does?? > > I don't seem to be able to find this in the source code. > See arch/x86_64/mm/init.c:mark_rodata_ro(). Mathieu -- Mathieu Desnoyers Computer Engineering Ph.D. Student, Ecole Polytechnique de Montreal OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote: > This patch is a quick fix for x86_64 to enable kprobes only if DEBUG_RODATA is > not configured. Since DEBUG_RODATA markes the kernel text pages as read-only. it does?? I don't seem to be able to find this in the source code. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
This patch is a quick fix for x86_64 to enable kprobes only if DEBUG_RODATA is not configured. Since DEBUG_RODATA markes the kernel text pages as read-only. Signed-off-by: Prasanna S P. <[EMAIL PROTECTED]> arch/x86_64/Kconfig |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff -puN arch/x86_64/Kconfig~kprobes-quick-fix-mark-ro-data-x86_64 arch/x86_64/Kconfig --- linux-2.6.22-rc5/arch/x86_64/Kconfig~kprobes-quick-fix-mark-ro-data-x86_64 2007-06-19 14:55:56.0 +0530 +++ linux-2.6.22-rc5-prasanna/arch/x86_64/Kconfig 2007-06-19 14:55:56.0 +0530 @@ -764,6 +764,8 @@ source "drivers/firmware/Kconfig" source fs/Kconfig +source "arch/x86_64/Kconfig.debug" + menu "Instrumentation Support" depends on EXPERIMENTAL @@ -771,7 +773,7 @@ source "arch/x86_64/oprofile/Kconfig" config KPROBES bool "Kprobes (EXPERIMENTAL)" - depends on KALLSYMS && EXPERIMENTAL && MODULES + depends on KALLSYMS && EXPERIMENTAL && MODULES && !DEBUG_RODATA help Kprobes allows you to trap at almost any kernel address and execute a callback function. register_kprobe() establishes @@ -780,8 +782,6 @@ config KPROBES If in doubt, say "N". endmenu -source "arch/x86_64/Kconfig.debug" - source "security/Kconfig" source "crypto/Kconfig" _ -- Prasanna S.P. Linux Technology Center India Software Labs, IBM Bangalore Email: [EMAIL PROTECTED] Ph: 91-80-41776329 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
This patch is a quick fix for x86_64 to enable kprobes only if DEBUG_RODATA is not configured. Since DEBUG_RODATA markes the kernel text pages as read-only. Signed-off-by: Prasanna S P. [EMAIL PROTECTED] arch/x86_64/Kconfig |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff -puN arch/x86_64/Kconfig~kprobes-quick-fix-mark-ro-data-x86_64 arch/x86_64/Kconfig --- linux-2.6.22-rc5/arch/x86_64/Kconfig~kprobes-quick-fix-mark-ro-data-x86_64 2007-06-19 14:55:56.0 +0530 +++ linux-2.6.22-rc5-prasanna/arch/x86_64/Kconfig 2007-06-19 14:55:56.0 +0530 @@ -764,6 +764,8 @@ source drivers/firmware/Kconfig source fs/Kconfig +source arch/x86_64/Kconfig.debug + menu Instrumentation Support depends on EXPERIMENTAL @@ -771,7 +773,7 @@ source arch/x86_64/oprofile/Kconfig config KPROBES bool Kprobes (EXPERIMENTAL) - depends on KALLSYMS EXPERIMENTAL MODULES + depends on KALLSYMS EXPERIMENTAL MODULES !DEBUG_RODATA help Kprobes allows you to trap at almost any kernel address and execute a callback function. register_kprobe() establishes @@ -780,8 +782,6 @@ config KPROBES If in doubt, say N. endmenu -source arch/x86_64/Kconfig.debug - source security/Kconfig source crypto/Kconfig _ -- Prasanna S.P. Linux Technology Center India Software Labs, IBM Bangalore Email: [EMAIL PROTECTED] Ph: 91-80-41776329 - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote: This patch is a quick fix for x86_64 to enable kprobes only if DEBUG_RODATA is not configured. Since DEBUG_RODATA markes the kernel text pages as read-only. it does?? I don't seem to be able to find this in the source code. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
* Arjan van de Ven ([EMAIL PROTECTED]) wrote: On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote: This patch is a quick fix for x86_64 to enable kprobes only if DEBUG_RODATA is not configured. Since DEBUG_RODATA markes the kernel text pages as read-only. it does?? I don't seem to be able to find this in the source code. See arch/x86_64/mm/init.c:mark_rodata_ro(). Mathieu -- Mathieu Desnoyers Computer Engineering Ph.D. Student, Ecole Polytechnique de Montreal OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68 - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
On Tue, 2007-06-19 at 09:30 -0400, Mathieu Desnoyers wrote: * Arjan van de Ven ([EMAIL PROTECTED]) wrote: On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote: This patch is a quick fix for x86_64 to enable kprobes only if DEBUG_RODATA is not configured. Since DEBUG_RODATA markes the kernel text pages as read-only. it does?? I don't seem to be able to find this in the source code. See arch/x86_64/mm/init.c:mark_rodata_ro(). eh woops PATCH] x86: tighten kernel image page access rights author Jan Beulich [EMAIL PROTECTED] Wed, 2 May 2007 17:27:10 + (19:27 +0200) committer Andi Kleen [EMAIL PROTECTED] Wed, 2 May 2007 17:27:10 + (19:27 +0200) commit 6fb14755a676282a4e6caa05a08c92db8e45cfff changed it to include text (even though Andi vetoed that before when I asked for it on grounds of breaking kprobes)... sounds this really wants to be a 2nd config option to seperatedly do code and data. -- if you want to mail me at work (you don't), use arjan (at) linux.intel.com Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 2/2] kprobes x86_64 quick fix mark-ro-data
On Tue, Jun 19, 2007 at 06:44:30AM -0700, Arjan van de Ven wrote:
On Tue, 2007-06-19 at 09:30 -0400, Mathieu Desnoyers wrote:
* Arjan van de Ven ([EMAIL PROTECTED]) wrote:
On Tue, 2007-06-19 at 15:38 +0530, S. P. Prasanna wrote:
This patch is a quick fix for x86_64 to enable kprobes only if
DEBUG_RODATA is
not configured. Since DEBUG_RODATA markes the kernel text pages as
read-only.
it does??
I don't seem to be able to find this in the source code.
See arch/x86_64/mm/init.c:mark_rodata_ro().
eh woops
PATCH] x86: tighten kernel image page access rights
author
Jan Beulich [EMAIL PROTECTED]
Wed, 2 May 2007 17:27:10 +
(19:27 +0200)
committer
Andi Kleen [EMAIL PROTECTED]
Wed, 2 May 2007 17:27:10 +
(19:27 +0200)
commit
6fb14755a676282a4e6caa05a08c92db8e45cfff
changed it to include text (even though Andi vetoed that before when I
asked for it on grounds of breaking kprobes)... sounds this really wants
to be a 2nd config option to seperatedly do code and data.
Something like having a seperate config option and a routine
to mark kernel text as read execute only.
And call mark_rwtext_ro() if CONFIG_DEBUG_ROTEXT is enabled
below in mark_rodata_ro().
/* this code is for i386 architecture*/
static inline void mark_rwtext_ro(void)
{
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
#ifdef CONFIG_HOTPLUG_CPU
/* It must still be possible to apply SMP alternatives. */
if (num_possible_cpus() = 1)
#endif
{
change_page_attr(virt_to_page(start),
size PAGE_SHIFT, PAGE_KERNEL_RX);
printk(Write protecting the kernel text: %luk\n, size 10);
}
/*
* global_flush_tlb() will be called after marking the data as readonly.
*/
}
#ifdef CONFIG_DEBUG_RODATA
void mark_rodata_ro(void)
{
#ifdef CONFIG_DEBUG_ROTEXT
mark_rwtext_ro();
#endif
}
Thanks
Prasanna
--
Prasanna S.P.
Linux Technology Center
India Software Labs, IBM Bangalore
Email: [EMAIL PROTECTED]
Ph: 91-80-41776329
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
