From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21485 invoked by alias); 9 May 2006 17:04:58 -0000 Received: (qmail 21475 invoked by uid 22791); 9 May 2006 17:04:57 -0000 X-Spam-Status: No, hits=-3.1 required=5.0 tests=BAYES_00,SPF_PASS X-Spam-Check-By: sourceware.org Received: from gold.veritas.com (HELO gold.veritas.com) (143.127.12.110) by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 09 May 2006 17:04:53 +0000 Received: from sxchcon1-int.veritas.com (HELO SVLXCHCON1.enterprise.veritas.com) ([10.137.18.171]) by gold.veritas.com with ESMTP; 09 May 2006 10:04:51 -0700 X-IronPort-AV: i="4.05,106,1146466800"; d="scan'208"; a="59349415:sNHT31840196" Received: from megami.veritas.com ([10.137.16.7]) by SVLXCHCON1.enterprise.veritas.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 9 May 2006 10:04:51 -0700 Received: from blonde.wat.veritas.com([10.10.97.26]) (2795 bytes) by megami.veritas.com via sendmail with P:esmtp/R:smart_host/T:smtp (sender: ) id for ; Tue, 9 May 2006 10:04:50 -0700 (PDT) (Smail-3.2.0.101 1997-Dec-17 #15 built 2001-Aug-30) Date: Tue, 09 May 2006 17:04:00 -0000 From: Hugh Dickins X-X-Sender: hugh@blonde.wat.veritas.com To: Prasanna S Panchamukhi cc: linux-kernel@vger.kernel.org, systemtap@sources.redhat.com, akpm@osdl.org, Andi Kleen , davem@davemloft.net, suparna@in.ibm.com, richardj_moore@uk.ibm.com, hch@infradead.org Subject: Re: [RFC] [PATCH 6/6] Kprobes: Remove breakpoints from the copied pages In-Reply-To: <20060509071523.GF22493@in.ibm.com> Message-ID: References: <20060509065455.GA11630@in.ibm.com> <20060509065917.GA22493@in.ibm.com> <20060509070106.GB22493@in.ibm.com> <20060509070508.GC22493@in.ibm.com> <20060509070911.GD22493@in.ibm.com> <20060509071204.GE22493@in.ibm.com> <20060509071523.GF22493@in.ibm.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-OriginalArrivalTime: 09 May 2006 17:04:51.0410 (UTC) FILETIME=[AF85CB20:01C6738A] Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2006-q2/txt/msg00355.txt.bz2 On Tue, 9 May 2006, Prasanna S Panchamukhi wrote: > This patch removes the breakpoints if the pages read from the page > cache contains breakpoints. If the pages containing the breakpoints > is copied from the page cache, the copied image would also contain > breakpoints in them. This could be a major problem for tools like > tripwire etc and cause security concerns, hence must be prevented. > This patch hooks up the actor routine, checks if the executable was > a probed executable using the file inode and then replaces the > breakpoints with the original opcodes in the copied image. You've done a nice job of making the code look like kernel code throughout, it's a much tidier patchset than many. With that said... it looks to me like one of the scariest and most inappropriate sets I can remember. Getting the kernel to connive in presenting an incoherent view of its pagecache: I don't think we'd ever want that. There's all kinds of things that could be said about the details (your locking is often insufficient, for example); but there's a lot going on, and it doesn't seem worth going through this line by line, when the whole concept seems so unwelcome. You've a big task to convince people that this is something the Linux kernel will want: and perhaps you'll succeed - good luck. But please approach what you're trying to do from userspace: you can patch the binaries from there if you wish (but not on my system, thanks). Or perhaps you can patch it all into the kernel via kprobes itself, but I wouldn't recommend it. Hugh