| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jun 2024 23:43:56 +0800
From: Howard Chu <howardchu95@...il.com>
To: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: peterz@...radead.org, mingo@...hat.com, namhyung@...nel.org,
mark.rutland@....com, alexander.shishkin@...ux.intel.com, jolsa@...nel.org,
irogers@...gle.com, adrian.hunter@...el.com, kan.liang@...ux.intel.com,
mic@...ikod.net, gnoack@...gle.com, brauner@...nel.org,
linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH] perf trace: Fix syscall untraceable bug
Hello Arnaldo,
On Tue, Jun 11, 2024 at 11:25 PM Arnaldo Carvalho de Melo
<acme@...nel.org> wrote:
>
> On Sun, Jun 09, 2024 at 01:21:46AM +0800, Howard Chu wrote:
> > as for the perf trace output:
> >
> > before
> >
> > perf $ perf trace -e faccessat2 --max-events=1
> > [no output]
> >
> > after
> >
> > perf $ ./perf trace -e faccessat2 --max-events=1
> > 0.000 ( 0.037 ms): waybar/958 faccessat2(dfd: 40, filename: "uevent") = 0
>
> Yeah, before there is no output, after, with the following test case:
>
> ⬢[acme@...lbox c]$ cat faccessat2.c
> #include <fcntl.h> /* Definition of AT_* constants */
> #include <sys/syscall.h> /* Definition of SYS_* constants */
> #include <unistd.h>
> #include <stdio.h>
>
> /* Provide own perf_event_open stub because glibc doesn't */
> __attribute__((weak))
> int faccessat2(int dirfd, const char *pathname, int mode, int flags)
> {
> return syscall(SYS_faccessat2, dirfd, pathname, mode, flags);
> }
>
> int main(int argc, char *argv[])
> {
> int err = faccessat2(123, argv[1], X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW);
>
> printf("faccessat2(123, %s, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = %d\n", argv[1], err);
> return err;
> }
> ⬢[acme@...lbox c]$ make faccessat2
> cc faccessat2.c -o faccessat2
> ⬢[acme@...lbox c]$ ./faccessat2 bla
> faccessat2(123, bla, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = -1
> ⬢[acme@...lbox c]$
>
> In the other terminal, as root:
>
> root@...ber:~# perf trace --call-graph dwarf -e faccessat2 --max-events=1
> 0.000 ( 0.034 ms): bash/62004 faccessat2(dfd: 123, filename: "bla", mode: X, flags: EACCESS|SYMLINK_NOFOLLOW) = -1 EBADF (Bad file descriptor)
> syscall (/usr/lib64/libc.so.6)
> faccessat2 (/home/acme/c/faccessat2)
> main (/home/acme/c/faccessat2)
> __libc_start_call_main (/usr/lib64/libc.so.6)
> __libc_start_main@@GLIBC_2.34 (/usr/lib64/libc.so.6)
> _start (/home/acme/c/faccessat2)
> root@...ber:~#
>
> Now to write another test case, this time for the landlock syscall, to
> test your btf_enum patch.
>
> In the future please add the test case so that one can quickly reproduce
> your testing steps.
Thank you for testing this patch, sorry for the inconvenience, I will
attach tests to speed up reproduction in the future. Also, your
simplification looks good, thank you so much.
Thanks,
Howard
>
> - Arnaldo
Powered by blists - more mailing lists