lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 9 May 2024 16:24:37 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "olsajiri@...il.com" <olsajiri@...il.com>
CC: "songliubraving@...com" <songliubraving@...com>, "luto@...nel.org"
	<luto@...nel.org>, "mhiramat@...nel.org" <mhiramat@...nel.org>,
	"andrii@...nel.org" <andrii@...nel.org>, "debug@...osinc.com"
	<debug@...osinc.com>, "john.fastabend@...il.com" <john.fastabend@...il.com>,
	"linux-api@...r.kernel.org" <linux-api@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"mingo@...hat.com" <mingo@...hat.com>, "rostedt@...dmis.org"
	<rostedt@...dmis.org>, "ast@...nel.org" <ast@...nel.org>,
	"tglx@...utronix.de" <tglx@...utronix.de>, "yhs@...com" <yhs@...com>,
	"oleg@...hat.com" <oleg@...hat.com>, "peterz@...radead.org"
	<peterz@...radead.org>, "linux-man@...r.kernel.org"
	<linux-man@...r.kernel.org>, "daniel@...earbox.net" <daniel@...earbox.net>,
	"linux-trace-kernel@...r.kernel.org" <linux-trace-kernel@...r.kernel.org>,
	"bp@...en8.de" <bp@...en8.de>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
	"x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCHv5 bpf-next 6/8] x86/shstk: Add return uprobe support

On Thu, 2024-05-09 at 10:30 +0200, Jiri Olsa wrote:
> > Per the earlier discussion, this cannot be reached unless uretprobes are in
> > use,
> > which cannot happen without something with privileges taking an action. But
> > are
> > uretprobes ever used for monitoring applications where security is
> > important? Or
> > is it strictly a debug-time thing?
> 
> sorry, I don't have that level of detail, but we do have customers
> that use uprobes in general or want to use it and complain about
> the speed
> 
> there are several tools in bcc [1] that use uretprobes in scripts,
> like:
>   memleak, sslsniff, trace, bashreadline, gethostlatency, argdist,
>   funclatency

Is it possible to have shadow stack only use the non-syscall solution? It seems
it exposes a more limited compatibility in that it only allows writing the
specific trampoline address. (IIRC) Then shadow stack users could still use
uretprobes, but just not the new optimized solution. There are already
operations that are slower with shadow stack, like longjmp(), so this could be
ok maybe.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ