lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220224130223.70cd09a9f0fe1209bf36bad0@kernel.org>
Date:   Thu, 24 Feb 2022 13:02:23 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Jiri Olsa <olsajiri@...il.com>
Cc:     Jiri Olsa <jolsa@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>, netdev@...r.kernel.org,
        bpf@...r.kernel.org, lkml <linux-kernel@...r.kernel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...omium.org>,
        Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [PATCH 02/10] bpf: Add multi kprobe link

On Wed, 23 Feb 2022 18:44:33 +0100
Jiri Olsa <olsajiri@...il.com> wrote:

> On Wed, Feb 23, 2022 at 02:58:40PM +0900, Masami Hiramatsu wrote:
> > Hi Jiri,
> > 
> > On Tue, 22 Feb 2022 18:05:52 +0100
> > Jiri Olsa <jolsa@...nel.org> wrote:
> > 
> > [snip]
> > > +
> > > +static void
> > > +kprobe_multi_link_handler(struct fprobe *fp, unsigned long entry_ip,
> > > +			  struct pt_regs *regs)
> > > +{
> > > +	unsigned long saved_ip = instruction_pointer(regs);
> > > +	struct bpf_kprobe_multi_link *link;
> > > +
> > > +	/*
> > > +	 * Because fprobe's regs->ip is set to the next instruction of
> > > +	 * dynamic-ftrace instruction, correct entry ip must be set, so
> > > +	 * that the bpf program can access entry address via regs as same
> > > +	 * as kprobes.
> > > +	 */
> > > +	instruction_pointer_set(regs, entry_ip);
> > 
> > This is true for the entry_handler, but false for the exit_handler,
> > because entry_ip points the probed function address, not the
> > return address. Thus, when this is done in the exit_handler,
> > the bpf prog seems to be called from the entry of the function,
> > not return.
> > 
> > If it is what you expected, please explictly comment it to
> > avoid confusion. Or, make another handler function for exit
> > probing.
> 
> yes we want the ip of the function we are tracing, so it's correct,
> I'll adjust the comment
> 
> > 
> > > +
> > > +	link = container_of(fp, struct bpf_kprobe_multi_link, fp);
> > > +	kprobe_multi_link_prog_run(link, regs);
> > > +
> > > +	instruction_pointer_set(regs, saved_ip);
> > > +}
> > > +
> > > +static int
> > > +kprobe_multi_resolve_syms(const void *usyms, u32 cnt,
> > > +			  unsigned long *addrs)
> > > +{
> > > +	unsigned long addr, size;
> > > +	const char **syms;
> > > +	int err = -ENOMEM;
> > > +	unsigned int i;
> > > +	char *func;
> > > +
> > > +	size = cnt * sizeof(*syms);
> > > +	syms = kvzalloc(size, GFP_KERNEL);
> > > +	if (!syms)
> > > +		return -ENOMEM;
> > > +
> > > +	func = kmalloc(KSYM_NAME_LEN, GFP_KERNEL);
> > > +	if (!func)
> > > +		goto error;
> > > +
> > > +	if (copy_from_user(syms, usyms, size)) {
> > > +		err = -EFAULT;
> > > +		goto error;
> > > +	}
> > > +
> > > +	for (i = 0; i < cnt; i++) {
> > > +		err = strncpy_from_user(func, syms[i], KSYM_NAME_LEN);
> > > +		if (err == KSYM_NAME_LEN)
> > > +			err = -E2BIG;
> > > +		if (err < 0)
> > > +			goto error;
> > > +
> > > +		err = -EINVAL;
> > > +		if (func[0] == '\0')
> > > +			goto error;
> > > +		addr = kallsyms_lookup_name(func);
> > > +		if (!addr)
> > > +			goto error;
> > > +		if (!kallsyms_lookup_size_offset(addr, &size, NULL))
> > > +			size = MCOUNT_INSN_SIZE;
> > 
> > Note that this is good for x86, but may not be good for other arch
> > which use some preparation instructions before mcount call.  Maybe you
> > can just reject it if kallsyms_lookup_size_offset() fails.
> 
> I 'borrowed' this from fprobe's get_ftrace_locations function,
> and it still seems to match.. do you plan to change that?

Oops, indeed, I need to fix my code too!
Thank you! 

> 
> thanks,
> jirka


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ