yashvardhankukreti at gmail.com
Sun Mar 26 11:00:10 EDT 2023
> Hi Mathew,
> I have a question about this patch for lttng-modules and the use of
> register_kprobe() to fetch the function ptr.
> The question in this regard is especially from PPC64 ELF_ABI_v1
> The functions on PPC64 are accessed via the Function descriptor while what
> register_kprobes returns is the entry point of the function.
> Hence using the return pointer tends to interpret the addr as the address
> of the function descriptor and dereferences the ppc_inst as the function
> entry point and crashes
> [ 4145.483594] kernel tried to execute exec-protected page
> (7c0802a6fb81ffe0) - exploit attempt? (uid: 0)
> here 7c0802a6 is the mfspr instruction from the code text section of the
> note for PPC_ELF_ABI_v1 the register_kprobes() searches for the dot
> variant of the symbol and only in case if cannot find the dot variant looks
> for the normal symbol.
> register_kprobe() -> kprobe_addr() -> kprobe_lookup_name() [arch variant
> replaces weak symbol]
> Please let me know if i make sense or that i may have missed something.
> I have looked at the code of 2.12.8 as well and 2.12.3 verstion of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the lttng-dev