Re: [QUESTION] Kprobes as a module?

[Masami Hiramatsu]

Hi,

No, actually you can't make it as a module.　There are
two major reasons.
 - ftrace depends on the kprobes now.
 - int3 handling routine is deeply depends on
   the architecture. This includes text modifying code.

Thus, if you separate the kprobes into module, that means
you need to expose more ugly interface of self modifying
for kernel modules.

(2012/05/15 17:34), Namhyung Kim wrote:
> Hi,
> 
> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote:
>> On 05/15/2012 04:24 PM, Namhyung Kim wrote:
>>> Hi,
>>>
>>> Probably a dumb question :).
>>> What prevents the kprobes from being built as a module? We want to use
>>> the kprobes on our systems, but some guys worried about potential
>>> security problems. So it'd be great if we can enable/load kprobes as
>>> needed and then disable/unload after using it. Is it a possible senario?

BTW, I'm not sure what the potential security problems on that?
kprobes itself can be used only from kernel modules(except ftrace).
If someone compromises kernel with kernel module, he doesn't need
kprobes at all. They just can do anything they want. :)

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@xxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/