| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZmhsSF1UPcNZX8E_@x1>
Date: Tue, 11 Jun 2024 12:24:56 -0300
From: Arnaldo Carvalho de Melo <acme@...nel.org>
To: Howard Chu <howardchu95@...il.com>
Cc: peterz@...radead.org, mingo@...hat.com, namhyung@...nel.org,
mark.rutland@....com, alexander.shishkin@...ux.intel.com,
jolsa@...nel.org, irogers@...gle.com, adrian.hunter@...el.com,
kan.liang@...ux.intel.com, mic@...ikod.net, gnoack@...gle.com,
brauner@...nel.org, linux-perf-users@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org,
bpf@...r.kernel.org
Subject: Re: [PATCH] perf trace: Fix syscall untraceable bug
On Sun, Jun 09, 2024 at 01:21:46AM +0800, Howard Chu wrote:
> as for the perf trace output:
>
> before
>
> perf $ perf trace -e faccessat2 --max-events=1
> [no output]
>
> after
>
> perf $ ./perf trace -e faccessat2 --max-events=1
> 0.000 ( 0.037 ms): waybar/958 faccessat2(dfd: 40, filename: "uevent") = 0
Yeah, before there is no output, after, with the following test case:
⬢[acme@...lbox c]$ cat faccessat2.c
#include <fcntl.h> /* Definition of AT_* constants */
#include <sys/syscall.h> /* Definition of SYS_* constants */
#include <unistd.h>
#include <stdio.h>
/* Provide own perf_event_open stub because glibc doesn't */
__attribute__((weak))
int faccessat2(int dirfd, const char *pathname, int mode, int flags)
{
return syscall(SYS_faccessat2, dirfd, pathname, mode, flags);
}
int main(int argc, char *argv[])
{
int err = faccessat2(123, argv[1], X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW);
printf("faccessat2(123, %s, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = %d\n", argv[1], err);
return err;
}
⬢[acme@...lbox c]$ make faccessat2
cc faccessat2.c -o faccessat2
⬢[acme@...lbox c]$ ./faccessat2 bla
faccessat2(123, bla, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = -1
⬢[acme@...lbox c]$
In the other terminal, as root:
root@...ber:~# perf trace --call-graph dwarf -e faccessat2 --max-events=1
0.000 ( 0.034 ms): bash/62004 faccessat2(dfd: 123, filename: "bla", mode: X, flags: EACCESS|SYMLINK_NOFOLLOW) = -1 EBADF (Bad file descriptor)
syscall (/usr/lib64/libc.so.6)
faccessat2 (/home/acme/c/faccessat2)
main (/home/acme/c/faccessat2)
__libc_start_call_main (/usr/lib64/libc.so.6)
__libc_start_main@@GLIBC_2.34 (/usr/lib64/libc.so.6)
_start (/home/acme/c/faccessat2)
root@...ber:~#
Now to write another test case, this time for the landlock syscall, to
test your btf_enum patch.
In the future please add the test case so that one can quickly reproduce
your testing steps.
- Arnaldo
Powered by blists - more mailing lists