Re: [RFC] [PATCH 6/6] Kprobes: Remove breakpoints from the copied pages

public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed

From: Prasanna S Panchamukhi <prasanna@in.ibm.com>
To: Hugh Dickins <hugh@veritas.com>
Cc: linux-kernel@vger.kernel.org, systemtap@sources.redhat.com,
	akpm@osdl.org,         Andi Kleen <ak@suse.de>,
	davem@davemloft.net, suparna@in.ibm.com,
	        richardj_moore@uk.ibm.com, hch@infradead.org
Subject: Re: [RFC] [PATCH 6/6] Kprobes: Remove breakpoints from the copied  pages
Date: Wed, 10 May 2006 12:18:00 -0000	[thread overview]
Message-ID: <20060510121750.GD12463@in.ibm.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0605091747050.10238@blonde.wat.veritas.com>

On Tue, May 09, 2006 at 06:04:50PM +0100, Hugh Dickins wrote:
> On Tue, 9 May 2006, Prasanna S Panchamukhi wrote:
> > This patch removes the breakpoints if the pages read from the page
> > cache contains breakpoints. If the pages containing the breakpoints
> > is copied from the page cache, the copied image would also contain
> > breakpoints in them. This could be a major problem for tools like
> > tripwire etc and cause security concerns, hence must be prevented.
> > This patch hooks up the actor routine, checks if the executable was
> > a probed executable using the file inode and then replaces the
> > breakpoints with the original opcodes in the copied image.
> 
> You've done a nice job of making the code look like kernel code
> throughout, it's a much tidier patchset than many.
> 
> With that said... it looks to me like one of the scariest and
> most inappropriate sets I can remember.  Getting the kernel to
> connive in presenting an incoherent view of its pagecache:
> I don't think we'd ever want that.
> 

As Andi Kleen and Christoph suggested pagecache contention can be avoided
using the COW approach.

Advantages of COW:

1. No need to hookup file_read_actor() to remove the breakpoints if a
   the probed page was read from pagecache.
2. No need to hookup readpage(s)() to insert probes when pages are
   read into the memory.
                                                                                
Some thoughts about COW implications AFAIK
                                                                                
1. Need to hookup mmap() to make a per process copy.
2. Bring in the pages just to insert the probes.
3. All the text pages need to be in memory until process exits.
4. Free up the per process text pages by hooking exit() and exec().
5. Maskoff probes visible across fork(), by hooking fork().
                                                                                
Any implications ?
                                                                                

Thanks
Prasanna
-- 
Prasanna S Panchamukhi
Linux Technology Center
India Software Labs, IBM Bangalore
Email: prasanna@in.ibm.com
Ph: 91-80-41776329

next prev parent reply	other threads:[~2006-05-10 12:18 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-09  6:55 [RFC] [PATCH 0/6] Kprobes: User-space probes support for i386 Prasanna S Panchamukhi
2006-05-09  6:59 ` [RFC] [PATCH 1/6] Kprobes: Allow/deny exclusive write access to inodes Prasanna S Panchamukhi
2006-05-09  7:01   ` [RFC] [PATCH 2/6] Kprobes: Get one pagetable entry Prasanna S Panchamukhi
2006-05-09  7:05     ` [RFC] [PATCH 3/6] Kprobes: New interfaces for user-space probes Prasanna S Panchamukhi
2006-05-09  7:09       ` [RFC] [PATCH 4/6] Kprobes: Insert probes on non-memory resident pages Prasanna S Panchamukhi
2006-05-09  7:12         ` [RFC] [PATCH 5/6] Kprobes: Single step the original instruction out-of-line Prasanna S Panchamukhi
2006-05-09  7:15           ` [RFC] [PATCH 6/6] Kprobes: Remove breakpoints from the copied pages Prasanna S Panchamukhi
2006-05-09 17:04             ` Hugh Dickins
2006-05-09 18:12               ` Frank Ch. Eigler
2006-05-10  8:42                 ` Prasanna S Panchamukhi
2006-05-10 12:18               ` Prasanna S Panchamukhi [this message]
2006-05-10 19:16                 ` Hugh Dickins
2006-05-09  9:38           ` [RFC] [PATCH 5/6] Kprobes: Single step the original instruction out-of-line Christoph Hellwig
2006-05-10  0:47           ` bibo,mao
2006-05-10 14:20             ` Richard J Moore
2006-05-09  9:34     ` [RFC] [PATCH 2/6] Kprobes: Get one pagetable entry Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060510121750.GD12463@in.ibm.com \
    --to=prasanna@in.ibm.com \
    --cc=ak@suse.de \
    --cc=akpm@osdl.org \
    --cc=davem@davemloft.net \
    --cc=hch@infradead.org \
    --cc=hugh@veritas.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=richardj_moore@uk.ibm.com \
    --cc=suparna@in.ibm.com \
    --cc=systemtap@sources.redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).