lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Mar 2022 09:05:26 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Masami Hiramatsu <mhiramat@...nel.org>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        Jiri Olsa <jolsa@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>, netdev@...r.kernel.org,
        bpf@...r.kernel.org, lkml <linux-kernel@...r.kernel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...omium.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        "Naveen N . Rao" <naveen.n.rao@...ux.ibm.com>,
        Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
        "David S . Miller" <davem@...emloft.net>
Subject: Re: [PATCH v13 bpf-next 1/1] rethook: x86: Add rethook x86
 implementation

On Wed, Mar 23, 2022 at 11:34:59AM +0900, Masami Hiramatsu wrote:
> Add rethook for x86 implementation. Most of the code has been copied from
> kretprobes on x86.

Right; as said, I'm really unhappy with growing a carbon copy of this
stuff instead of sharing. Can we *please* keep it a single instance?
Them being basically indentical, it should be trivial to have
CONFIG_KPROBE_ON_RETHOOK (or somesuch) and just share this.

Also, what's rethook for anyway?

> diff --git a/arch/x86/kernel/kprobes/common.h b/arch/x86/kernel/kprobes/common.h
> index 7d3a2e2daf01..c993521d4933 100644
> --- a/arch/x86/kernel/kprobes/common.h
> +++ b/arch/x86/kernel/kprobes/common.h
> @@ -6,6 +6,7 @@
>  
>  #include <asm/asm.h>
>  #include <asm/frame.h>
> +#include <asm/insn.h>
>  
>  #ifdef CONFIG_X86_64
>  
> diff --git a/arch/x86/kernel/rethook.c b/arch/x86/kernel/rethook.c
> new file mode 100644
> index 000000000000..3e916361c33b
> --- /dev/null
> +++ b/arch/x86/kernel/rethook.c
> @@ -0,0 +1,121 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * x86 implementation of rethook. Mostly copied from arch/x86/kernel/kprobes/core.c.
> + */
> +#include <linux/bug.h>
> +#include <linux/rethook.h>
> +#include <linux/kprobes.h>
> +#include <linux/objtool.h>
> +
> +#include "kprobes/common.h"
> +
> +__visible void arch_rethook_trampoline_callback(struct pt_regs *regs);
> +
> +/*
> + * When a target function returns, this code saves registers and calls
> + * arch_rethook_trampoline_callback(), which calls the rethook handler.
> + */
> +asm(
> +	".text\n"
> +	".global arch_rethook_trampoline\n"
> +	".type arch_rethook_trampoline, @function\n"
> +	"arch_rethook_trampoline:\n"
> +#ifdef CONFIG_X86_64
> +	ANNOTATE_NOENDBR	/* This is only jumped from ret instruction */
> +	/* Push a fake return address to tell the unwinder it's a kretprobe. */
> +	"	pushq $arch_rethook_trampoline\n"
> +	UNWIND_HINT_FUNC
	"	pushq $" __stringify(__KERNEL_DS) "\n" /* %ss */
	/* Save the 'sp - 16', this will be fixed later. */
> +	"	pushq %rsp\n"
> +	"	pushfq\n"
> +	SAVE_REGS_STRING
> +	"	movq %rsp, %rdi\n"
> +	"	call arch_rethook_trampoline_callback\n"
> +	RESTORE_REGS_STRING
	/* In the callback function, 'regs->flags' is copied to 'regs->ss'. */

	this comment could do with a 'why' though... Because neither
	this nor the one in the handler really explains why it is
	important to have popf last

	"	addq $16, %rsp\n"
> +	"	popfq\n"
> +#else

same for i386:

> +	/* Push a fake return address to tell the unwinder it's a kretprobe. */
> +	"	pushl $arch_rethook_trampoline\n"
> +	UNWIND_HINT_FUNC
	/* Save the 'sp - 8', this will be fixed later. */
	"	pushl %ss\n"
> +	"	pushl %esp\n"
> +	"	pushfl\n"
> +	SAVE_REGS_STRING
> +	"	movl %esp, %eax\n"
> +	"	call arch_rethook_trampoline_callback\n"
> +	RESTORE_REGS_STRING
	/* In the callback function, 'regs->flags' is copied to 'regs->ss'. */
	"	addl $8, %esp\n"
> +	"	popfl\n"
> +#endif
> +	ASM_RET
> +	".size arch_rethook_trampoline, .-arch_rethook_trampoline\n"
> +);
> +NOKPROBE_SYMBOL(arch_rethook_trampoline);
> +
> +/*
> + * Called from arch_rethook_trampoline
> + */
> +__used __visible void arch_rethook_trampoline_callback(struct pt_regs *regs)
> +{
> +	unsigned long *frame_pointer;
> +
> +	/* fixup registers */
> +	regs->cs = __KERNEL_CS;
> +#ifdef CONFIG_X86_32
> +	regs->gs = 0;
> +#endif
> +	regs->ip = (unsigned long)&arch_rethook_trampoline;
> +	regs->orig_ax = ~0UL;
	regs->sp += 2*sizeof(long);
> +	frame_pointer = &regs->sp + 1;
> +
> +	/*
> +	 * The return address at 'frame_pointer' is recovered by the
> +	 * arch_rethook_fixup_return() which called from this
> +	 * rethook_trampoline_handler().
> +	 */
> +	rethook_trampoline_handler(regs, (unsigned long)frame_pointer);
> +
> +	/*
> +	 * Copy FLAGS to 'pt_regs::sp' so that arch_rethook_trapmoline()
> +	 * can do RET right after POPF.
> +	 */
	regs->ss = regs->flags;
> +}
> +NOKPROBE_SYMBOL(arch_rethook_trampoline_callback);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ