lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAADnVQ+En1sxXFrDZBefDCBSS=mChDJ3Xg_Xz+WKXmPqziSxgw@mail.gmail.com>
Date:   Thu, 17 Aug 2023 13:44:41 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     "Masami Hiramatsu (Google)" <mhiramat@...nel.org>
Cc:     Steven Rostedt <rostedt@...dmis.org>,
        Florent Revest <revest@...omium.org>,
        linux-trace-kernel@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        bpf <bpf@...r.kernel.org>, Sven Schnelle <svens@...ux.ibm.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Jiri Olsa <jolsa@...nel.org>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Alan Maguire <alan.maguire@...cle.com>,
        Mark Rutland <mark.rutland@....com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH v3 5/8] tracing/fprobe: Enable fprobe events with CONFIG_DYNAMIC_FTRACE_WITH_ARGS

On Fri, Aug 11, 2023 at 10:37 PM Masami Hiramatsu (Google)
<mhiramat@...nel.org> wrote:
>
> +#ifdef CONFIG_HAVE_REGS_AND_STACK_ACCESS_API
> +static __always_inline unsigned long
> +ftrace_regs_get_kernel_stack_nth(struct ftrace_regs *fregs, unsigned int nth)
> +{
> +       unsigned long *stackp;
> +
> +       stackp = (unsigned long *)ftrace_regs_get_stack_pointer(fregs);
> +       if (((unsigned long)(stackp + nth) & ~(THREAD_SIZE - 1)) ==
> +           ((unsigned long)stackp & ~(THREAD_SIZE - 1)))
> +               return *(stackp + nth);
> +
> +       return 0;
> +}
> +#endif /* CONFIG_HAVE_REGS_AND_STACK_ACCESS_API */
...
>
> @@ -140,17 +140,17 @@ process_fetch_insn(struct fetch_insn *code, void *rec, void *dest,
>         /* 1st stage: get value from context */
>         switch (code->op) {
>         case FETCH_OP_STACK:
> -               val = regs_get_kernel_stack_nth(regs, code->param);
> +               val = ftrace_regs_get_kernel_stack_nth(fregs, code->param);
>                 break;

Just noticed that bit.
You probably want to document that access to arguments and
especially arguments on stack is not precise. It's "best effort".
x86-64 calling convention is not as simple as it might appear.
For example if 6th argument is a 16-byte struct like sockptr_t it will be
passed on the stack and 7th actual argument (if it's <= 8 byte) will
be the register.

Things similar on 32-bit and there is a non-zero chance that
regs_get_kernel_argument() doesn't return the actual arg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ