lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251126123755.47aa3f11@gandalf.local.home>
Date: Wed, 26 Nov 2025 12:37:55 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Thomas Richter <tmricht@...ux.ibm.com>
Cc: acme@...nel.org, Namhyung Kim <namhyung@...nel.org>,
 linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org,
 linux-perf-users@...r.kernel.org, agordeev@...ux.ibm.com,
 gor@...ux.ibm.com, sumanthk@...ux.ibm.com, hca@...ux.ibm.com,
 japo@...ux.ibm.com
Subject: Re: [PATCH Linux-next] perf test: Fix test case perf trace BTF
 general tests

On Wed, 26 Nov 2025 12:12:29 -0500
Steven Rostedt <rostedt@...dmis.org> wrote:

> Arnaldo,
> 
> How can I make perf trace not confused by the extra fields in the system
> call trace events?
> 
> Ftrace can now show the contents of the system call user space buffers, but
> it appears that this breaks perf!!!
> 
> system: syscalls
> name: sys_enter_write
> ID: 791
> format:
> 	field:unsigned short common_type;	offset:0;	size:2;	signed:0;
> 	field:unsigned char common_flags;	offset:2;	size:1;	signed:0;
> 	field:unsigned char common_preempt_count;	offset:3;	size:1;	signed:0;
> 	field:int common_pid;	offset:4;	size:4;	signed:1;
> 
> 	field:int __syscall_nr;	offset:8;	size:4;	signed:1;
> 	field:unsigned int fd;	offset:16;	size:8;	signed:0;
> 	field:const char * buf;	offset:24;	size:8;	signed:0;
> 	field:size_t count;	offset:32;	size:8;	signed:0;
> 	field:__data_loc char[] __buf_val;	offset:40;	size:4;	signed:0;
> 
> That new __buf_val appears to confuse perf, but I'm having a hell of a time
> trying to figure out where it reads it!
> 

Hmm, it gets less confused (at least it doesn't crash), when I don't have
perf read the extra values.

Thomas, if you add the below patch, does it fix things for you?

-- Steve

diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
index e96d0063cbcf..add809d226dc 100644
--- a/kernel/trace/trace_syscalls.c
+++ b/kernel/trace/trace_syscalls.c
@@ -1403,7 +1403,6 @@ static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
 	struct hlist_head *head;
 	unsigned long args[6];
 	bool valid_prog_array;
-	bool mayfault;
 	char *user_ptr;
 	int user_sizes[SYSCALL_FAULT_MAX_CNT] = {};
 	int buf_size = CONFIG_TRACE_SYSCALL_BUF_SIZE_DEFAULT;
@@ -1431,15 +1430,6 @@ static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
 
 	syscall_get_arguments(current, regs, args);
 
-	/* Check if this syscall event faults in user space memory */
-	mayfault = sys_data->user_mask != 0;
-
-	if (mayfault) {
-		if (syscall_get_data(sys_data, args, &user_ptr,
-				     &size, user_sizes, &uargs, buf_size) < 0)
-			return;
-	}
-
 	head = this_cpu_ptr(sys_data->enter_event->perf_events);
 	valid_prog_array = bpf_prog_array_valid(sys_data->enter_event);
 	if (!valid_prog_array && hlist_empty(head))
@@ -1457,9 +1447,6 @@ static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
 	rec->nr = syscall_nr;
 	memcpy(&rec->args, args, sizeof(unsigned long) * sys_data->nb_args);
 
-	if (mayfault)
-		syscall_put_data(sys_data, rec, user_ptr, size, user_sizes, uargs);
-
 	if ((valid_prog_array &&
 	     !perf_call_bpf_enter(sys_data->enter_event, fake_regs, sys_data, rec)) ||
 	    hlist_empty(head)) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ