lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1263250772.5094.41.camel@localhost.localdomain>
Date:	Mon, 11 Jan 2010 14:59:32 -0800
From:	Jim Keniston <jkenisto@...ibm.com>
To:	Masami Hiramatsu <mhiramat@...hat.com>
Cc:	Srikar Dronamraju <srikar@...ux.vnet.ibm.com>,
	Ingo Molnar <mingo@...e.hu>,
	Arnaldo Carvalho de Melo <acme@...radead.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	utrace-devel <utrace-devel@...hat.com>,
	Mark Wielaard <mjw@...hat.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Maneesh Soni <maneesh@...ibm.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC] [PATCH 0/7] UBP, XOL and Uprobes


On Mon, 2010-01-11 at 09:35 -0500, Masami Hiramatsu wrote:
> Srikar Dronamraju wrote:
> > Hi, 
> > 
> > This patchset implements Uprobes which enables you to dynamically
> > break into any routine in a user space application and collect
> > information non-disruptively.  Uprobes is based on utrace and uses
> > x86 instruction decoder.
...
> 
> > - Return probes.
> 
> Hmm, I think we need some symbol information for supporting
> return probes in user space. Could you tell me how to work it?
> is that requires some user-space helper?

Return probes are on the TODO list, but we actually already have a
pretty solid implementation of that.  It's held out for now because
Srikar's patch set is already big, and we want get a review of the basic
ubp/xol/uprobes feature.

For the most part, we don't need special symbol information for return
probes.  We just do as we did in kretprobes: hijack the return address
and replace it with the address of a trampoline.  In user-space return
probes, the trampoline is one of the instruction slots in the XOL vma,
and contains a breakpoint to trap us into the kernel.  (Of course, as in
kretprobes, we need to know the address of the function so we can hijack
the return address upon entry to the function.)

One place where symbol info would come in handy is when a function
returns in a weird way.  We handle longjmps by noticing that the task's
stack is smaller than expected, and presumably missing stack frames that
were bypassed by the longjmp.  But this heuristic gets dicey when you
consider that in a 32-bit x86 app, a struct-returning function pops not
only the return address upon return, but also the address of the
returned struct value.  So it'd be nice to know if a function returns a
struct.

Does this answer your question, or did I miss something?

> 
> > - Support for Other Architectures.
> > - Jump optimization.
> 
> I assume that you meant this is "uprobe-booster" to skip
> just single stepping after probing, isn't it?

Yes, I think that's what Srikar meant: avoid single-stepping by adding a
jump instruction after the instruction-copy in the XOL slot -- as you
did in your kprobes-booster work.  Your instruction-analysis work makes
this much more feasible.

> 
> 
> Thank you,

Jim Keniston

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ