Re: [lttng-dev] https://lists.lttng.org/pipermail/lttng-dev/2020-May/029631.html

Mon, 27 Mar 2023 05:27:02 -0700 

On 2023-03-26 11:00, yashvardhan kukreti wrote:


    Hi Mathew,

    I have a question about this patch for lttng-modules and the use of
    register_kprobe() to fetch the function ptr.
    The question in this regard is especially from PPC64 ELF_ABI_v1
    perspective.

    The functions on PPC64 are accessed via the Function descriptor
    while what register_kprobes returns is the entry point of the function.
    Hence using the return pointer tends to interpret the addr as the
    address of the function descriptor and dereferences the ppc_inst as
    the function entry point and crashes

    [ 4145.483594] kernel tried to execute exec-protected page
    (7c0802a6fb81ffe0) - exploit attempt? (uid: 0)
    here 7c0802a6 is the mfspr instruction from the code text section of
    the kallsyms_lookup_name()

    note for PPC_ELF_ABI_v1 the register_kprobes() searches for the dot
    variant of the symbol and only in case if cannot find the dot
    variant looks for the normal symbol.
    register_kprobe() -> kprobe_addr() -> kprobe_lookup_name() [arch
    variant replaces weak symbol]
    https://elixir.bootlin.com/linux/v5.10.174/C/ident/kprobe_lookup_name 
<https://elixir.bootlin.com/linux/v5.10.174/C/ident/kprobe_lookup_name>

    Please let me know if i make sense or that i may have missed something.

    I have looked at the code of 2.12.8 as well and 2.12.3 verstion of
    lttng-modules.


Please have a look at commits (from stable-2.12 branch of lttng-modules):

commit 53772db24facd84f1f3ddcf21a1ef5f162608721
Author: He Zhe <zhe...@windriver.com>
Date:   Tue Sep 27 15:59:42 2022 +0800

    wrapper: powerpc64: fix kernel crash caused by do_get_kallsyms

commit 8fe888d86ccad4226b05a536efb73d71bb091062
Author: Michael Jeanson <mjean...@efficios.com>
Date:   Thu Nov 24 14:25:33 2022 -0500

    fix: kallsyms wrapper on ppc64el

I suspect you'll also need this change currently in review:

https://review.lttng.org/c/lttng-modules/+/9113

Please let us know if especially this last change fixes things on your side.

Thanks,

Mathieu




    Regards,
    Shashank



--
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com

_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev






















					Reply via email to