| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 May 2024 15:09:48 -0600 From: Jiri Olsa <olsajiri@...il.com> To: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com> Cc: "olsajiri@...il.com" <olsajiri@...il.com>, "songliubraving@...com" <songliubraving@...com>, "luto@...nel.org" <luto@...nel.org>, "mhiramat@...nel.org" <mhiramat@...nel.org>, "andrii@...nel.org" <andrii@...nel.org>, "debug@...osinc.com" <debug@...osinc.com>, "john.fastabend@...il.com" <john.fastabend@...il.com>, "linux-api@...r.kernel.org" <linux-api@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mingo@...hat.com" <mingo@...hat.com>, "rostedt@...dmis.org" <rostedt@...dmis.org>, "ast@...nel.org" <ast@...nel.org>, "tglx@...utronix.de" <tglx@...utronix.de>, "yhs@...com" <yhs@...com>, "oleg@...hat.com" <oleg@...hat.com>, "peterz@...radead.org" <peterz@...radead.org>, "linux-man@...r.kernel.org" <linux-man@...r.kernel.org>, "daniel@...earbox.net" <daniel@...earbox.net>, "linux-trace-kernel@...r.kernel.org" <linux-trace-kernel@...r.kernel.org>, "bp@...en8.de" <bp@...en8.de>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org> Subject: Re: [PATCHv5 bpf-next 6/8] x86/shstk: Add return uprobe support On Thu, May 09, 2024 at 04:24:37PM +0000, Edgecombe, Rick P wrote: > On Thu, 2024-05-09 at 10:30 +0200, Jiri Olsa wrote: > > > Per the earlier discussion, this cannot be reached unless uretprobes are in > > > use, > > > which cannot happen without something with privileges taking an action. But > > > are > > > uretprobes ever used for monitoring applications where security is > > > important? Or > > > is it strictly a debug-time thing? > > > > sorry, I don't have that level of detail, but we do have customers > > that use uprobes in general or want to use it and complain about > > the speed > > > > there are several tools in bcc [1] that use uretprobes in scripts, > > like: > > memleak, sslsniff, trace, bashreadline, gethostlatency, argdist, > > funclatency > > Is it possible to have shadow stack only use the non-syscall solution? It seems > it exposes a more limited compatibility in that it only allows writing the > specific trampoline address. (IIRC) Then shadow stack users could still use > uretprobes, but just not the new optimized solution. There are already > operations that are slower with shadow stack, like longjmp(), so this could be > ok maybe. I guess it's doable, we'd need to keep both trampolines around, because shadow stack is enabled by app dynamically and use one based on the state of shadow stack when uretprobe is installed so you're worried the optimized syscall path could be somehow exploited to add data on shadow stack? jirka
Powered by blists - more mailing lists