lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8c93b586-1ebd-44c1-87d6-bcbb8030f795@linux.dev>
Date: Fri, 12 Sep 2025 14:09:50 -0700
From: Ihor Solodrai <ihor.solodrai@...ux.dev>
To: Jiri Olsa <olsajiri@...il.com>
Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>,
 Oleg Nesterov <oleg@...hat.com>, Masami Hiramatsu <mhiramat@...nel.org>,
 Peter Zijlstra <peterz@...radead.org>, Andrii Nakryiko <andrii@...nel.org>,
 bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-trace-kernel@...r.kernel.org, x86@...nel.org,
 Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
 John Fastabend <john.fastabend@...il.com>, Hao Luo <haoluo@...gle.com>,
 Steven Rostedt <rostedt@...dmis.org>, Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCHv3 perf/core 0/6] uprobe,bpf: Allow to change app registers
 from uprobe registers

On 9/12/25 1:55 PM, Jiri Olsa wrote:
> On Fri, Sep 12, 2025 at 01:28:55PM -0700, Ihor Solodrai wrote:
>> On 9/9/25 9:41 AM, Andrii Nakryiko wrote:
>>> On Tue, Sep 9, 2025 at 8:39 AM Jiri Olsa <jolsa@...nel.org> wrote:
>>>>
>>>> hi,
>>>> we recently had several requests for tetragon to be able to change
>>>> user application function return value or divert its execution through
>>>> instruction pointer change.
>>>>
>>>> This patchset adds support for uprobe program to change app's registers
>>>> including instruction pointer.
>>>>
>>>> v3 changes:
>>>> - deny attach of kprobe,multi with kprobe_write_ctx set [Alexei]
>>>> - added more tests for denied kprobe attachment
>>>>
>>>> thanks,
>>>> jirka
>>>>
>>>>
>>>> ---
>>>> Jiri Olsa (6):
>>>>         bpf: Allow uprobe program to change context registers
>>>>         uprobe: Do not emulate/sstep original instruction when ip is changed
>>>>         selftests/bpf: Add uprobe context registers changes test
>>>>         selftests/bpf: Add uprobe context ip register change test
>>>>         selftests/bpf: Add kprobe write ctx attach test
>>>>         selftests/bpf: Add kprobe multi write ctx attach test
>>>>
>>>
>>> For the series:
>>>
>>> Acked-by: Andrii Nakryiko <andrii@...nel.org>
>>>
>>> Question is which tree will this go through? Most changes are in BPF,
>>> so probably bpf-next, right?
>>
>> Hi Jiri.
>>
>> This series does not apply to current bpf-next, see below.
>>
>> Could you please respin it with bpf-next tag?
>> E.g. "[PATCH v4 bpf-next 0/6] ..."
>>
> 
> hi,
> the uprobe change it needs to be on top of the optimized uprobes (tip/perf/core)
> but the bpf selftests patches could be applied on bpf-next/master and disabled
> in CI until tip/perf/core changes are merged in?

Currently the series isn't even picked up by CI properly because it
doesn't apply. It's not that the tests are failing.

If there is a dependency on external (to bpf-next) commit, we could
add it as a temporary CI patch or just wait for it to be merged in.

But if you can make this series applicable to bpf-next without
tip/perf/core changes, you can do that and add relevant tests to
`tools/testing/selftests/bpf/DENYLIST`. It's important to not forget
to remove them later though.

> 
> thanks,
> jirka
> 
> 
>> Thanks!
>>
>> $ git log -1 --oneline
>> a578b54a8ad2 (HEAD -> master, origin/master, origin/HEAD,
>> kernel-patches/bpf-next) Merge branch
>> 'bpf-report-arena-faults-to-bpf-streams'
>> $ b4 am 20250909123857.315599-1-jolsa@...nel.org
>> [...]
>> $ git am ./v3_20250909_jolsa_uprobe_bpf_allow_to_change_app_registers_from_uprobe_registers.mbx
>> Applying: bpf: Allow uprobe program to change context registers
>> Applying: uprobe: Do not emulate/sstep original instruction when ip is
>> changed
>> error: patch failed: kernel/events/uprobes.c:2768
>> error: kernel/events/uprobes.c: patch does not apply
>> Patch failed at 0002 uprobe: Do not emulate/sstep original instruction when
>> ip is changed
>> [...]
>>
>>>
>>>>    include/linux/bpf.h                                        |   1 +
>>>>    kernel/events/core.c                                       |   4 +++
>>>>    kernel/events/uprobes.c                                    |   7 +++++
>>>>    kernel/trace/bpf_trace.c                                   |   7 +++--
>>>>    tools/testing/selftests/bpf/prog_tests/attach_probe.c      |  28 +++++++++++++++++
>>>>    tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c |  27 ++++++++++++++++
>>>>    tools/testing/selftests/bpf/prog_tests/uprobe.c            | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
>>>>    tools/testing/selftests/bpf/progs/kprobe_write_ctx.c       |  22 +++++++++++++
>>>>    tools/testing/selftests/bpf/progs/test_uprobe.c            |  38 +++++++++++++++++++++++
>>>>    9 files changed, 287 insertions(+), 3 deletions(-)
>>>>    create mode 100644 tools/testing/selftests/bpf/progs/kprobe_write_ctx.c
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ