lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZhzkbN7DWq6Tzp5G@krava>
Date: Mon, 15 Apr 2024 10:25:16 +0200
From: Jiri Olsa <olsajiri@...il.com>
To: Steven Rostedt <rostedt@...dmis.org>,
	Masami Hiramatsu <mhiramat@...nel.org>,
	Oleg Nesterov <oleg@...hat.com>,
	Alexei Starovoitov <ast@...nel.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Andrii Nakryiko <andrii@...nel.org>
Cc: linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
	bpf@...r.kernel.org, Song Liu <songliubraving@...com>,
	Yonghong Song <yhs@...com>,
	John Fastabend <john.fastabend@...il.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	"Borislav Petkov (AMD)" <bp@...en8.de>, x86@...nel.org
Subject: Re: [PATCHv2 1/3] uprobe: Add uretprobe syscall to speed up return
 probe

On Tue, Apr 02, 2024 at 11:33:00AM +0200, Jiri Olsa wrote:

SNIP

>  #include <linux/kdebug.h>
>  #include <asm/processor.h>
> @@ -308,6 +309,88 @@ static int uprobe_init_insn(struct arch_uprobe *auprobe, struct insn *insn, bool
>  }
>  
>  #ifdef CONFIG_X86_64
> +
> +asm (
> +	".pushsection .rodata\n"
> +	".global uretprobe_syscall_entry\n"
> +	"uretprobe_syscall_entry:\n"
> +	"pushq %rax\n"
> +	"pushq %rcx\n"
> +	"pushq %r11\n"
> +	"movq $" __stringify(__NR_uretprobe) ", %rax\n"
> +	"syscall\n"
> +	"popq %r11\n"
> +	"popq %rcx\n"
> +
> +	/* The uretprobe syscall replaces stored %rax value with final
> +	 * return address, so we don't restore %rax in here and just
> +	 * call ret.
> +	 */
> +	"retq\n"
> +	".global uretprobe_syscall_end\n"
> +	"uretprobe_syscall_end:\n"
> +	".popsection\n"
> +);
> +
> +extern u8 uretprobe_syscall_entry[];
> +extern u8 uretprobe_syscall_end[];
> +
> +void *arch_uprobe_trampoline(unsigned long *psize)
> +{
> +	*psize = uretprobe_syscall_end - uretprobe_syscall_entry;
> +	return uretprobe_syscall_entry;

fyi I realized this screws 32-bit programs, we either need to add
compat trampoline, or keep the standard breakpoint for them:

+       struct pt_regs *regs = task_pt_regs(current);
+       static uprobe_opcode_t insn = UPROBE_SWBP_INSN;
+
+       if (user_64bit_mode(regs)) {
+               *psize = uretprobe_syscall_end - uretprobe_syscall_entry;
+               return uretprobe_syscall_entry;
+       }
+
+       *psize = UPROBE_SWBP_INSN_SIZE;
+       return &insn;


not sure it's worth the effort to add the trampoline, I'll check


jirka

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ