| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191022192132.22cc15b5@gandalf.local.home>
Date: Tue, 22 Oct 2019 19:21:32 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Andy Lutomirski <luto@...capital.net>
Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>,
Peter Zijlstra <peterz@...radead.org>,
Daniel Bristot de Oliveira <bristot@...hat.com>,
LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
Nadav Amit <nadav.amit@...il.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Song Liu <songliubraving@...com>,
Masami Hiramatsu <mhiramat@...nel.org>
Subject: Re: [PATCH 3/3] x86/ftrace: Use text_poke()
On Tue, 22 Oct 2019 15:45:26 -0700
Andy Lutomirski <luto@...capital.net> wrote:
> >> On Oct 22, 2019, at 2:58 PM, Alexei Starovoitov <alexei.starovoitov@...il.com> wrote:
> >>
> >> On Tue, Oct 22, 2019 at 05:04:30PM -0400, Steven Rostedt wrote:
> >> I gave a solution for this. And that is to add another flag to allow
> >> for just the minimum to change the ip. And we can even add another flag
> >> to allow for changing the stack if needed (to emulate a call with the
> >> same parameters).
> >
> > your solution is to reduce the overhead.
> > my solution is to remove it competely. See the difference?
> >
> >> By doing this work, live kernel patching will also benefit. Because it
> >> is also dealing with the unnecessary overhead of saving regs.
> >> And we could possibly even have kprobes benefit from this if a kprobe
> >> doesn't need full regs.
> >
> > Neither of two statements are true. The per-function generated trampoline
> > I'm talking about is bpf specific. For a function with two arguments it's just:
> > push rbp
> > mov rbp, rsp
> > push rdi
> > push rsi
> > lea rdi,[rbp-0x10]
> > call jited_bpf_prog
> > pop rsi
> > pop rdi
> > leave
> > ret
>
> Why are you saving rsi? You said upthread that you’re saving the
> args, but rsi is already available in rsi.
The above is for two parameters, and is being called before the
function with those two parameters. The jited_bpf_prog will be called
with those two parameters as well, but it may also clobber them. Then
we need to restore those two parameters before calling the original
function.
>
> Just how custom is this bpf program? It seems to clobber no regs
> (except args), and it doesn’t return anything. Is it entirely
> specific to the probed function? If so, why not just call it
> directly?
It's injecting the jited_bpf_prog to be called when the probed function
is called, with the same parameters as the probed function.
my_probed_function
call trampoline
trampoline
save parameters
call jited_bpf_prog (with same parameters)
restore paremeters
ret
Jumps back to the my_probed_function, where my_probed_function is
clueless it was just interrupted.
No need to save any clobbered registers but the parameters, as the
jited_bpf_prog needs to save any registers that it clobbers just like
the my_probed_function saves its.
-- Steve
Powered by blists - more mailing lists