From patchwork Thu May 2 12:23:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 13651676 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58D2F79B87; Thu, 2 May 2024 12:23:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652613; cv=none; b=mA53dPyize4SpY56rkC2jrAFgdYSz1R0Uh5V01qrnEWSDk+DnouUUt6oCo9VmhhXrebA+t/0semhesP+Qax4N6rmJ1TnURkYxspfEp6UplhlZl7JjRVBT1YMv8kHK08MjULdT5qJ2QnWpWpebbJasvwx8s7zrhtBNHaOrh/xeMc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652613; c=relaxed/simple; bh=E5mBBj7H+FbDyWHA7CcEj363KWYlCnqsF3O54TPh5Qo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PdG7LD/CD1st12Fxl8rnORlMLhHBJek5HMf4JYucxQqwgODCugigqBusax2X90VASMzmd3TPkBc2yM+VVdb5DJcE6IUk9ISziz0q3MyG4wqr1/xEeqIaNOswmDAefMqYD0PRRqg77z9Yb7iDl5b+zXWBf7bOrEIisFRSKCWZ3RQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=J+07Pk7s; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="J+07Pk7s" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A749C113CC; Thu, 2 May 2024 12:23:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714652613; bh=E5mBBj7H+FbDyWHA7CcEj363KWYlCnqsF3O54TPh5Qo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J+07Pk7sD7MGVUUbcEBVGjt6/cPQrt2hkGzytFOnyV8z9AUCMHsgI2zGKHi1g8vWc UrX2Q3RgrNHnkQ81OYOS1oZ2/tNy0/sTMIbfVvI74Wg1WD5wKjyM8PWfsJ7EWz4J+s YR4yU4dCLiWKpLYXSKe+0EcWooE9gpj0AIvGlXo77pdW77uLAKLSeMS76bimIjAa1Y 2tEIZ8+adyQNy/1NWNJxThQ6bn3asSl1rld7atXhi56CEYPQBLxq3mV6noSfC432JW zIaDylqdZZ/NDmAtuvwQbCBhj+pd/TNR2188BQRrHELszbGBsruB7jQYyoxrbXg3g5 hYPZ8lcNYtlqA== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski Subject: [PATCHv4 bpf-next 1/7] uprobe: Wire up uretprobe system call Date: Thu, 2 May 2024 14:23:07 +0200 Message-ID: <20240502122313.1579719-2-jolsa@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502122313.1579719-1-jolsa@kernel.org> References: <20240502122313.1579719-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Wiring up uretprobe system call, which comes in following changes. We need to do the wiring before, because the uretprobe implementation needs the syscall number. Note at the moment uretprobe syscall is supported only for native 64-bit process. Reviewed-by: Oleg Nesterov Reviewed-by: Masami Hiramatsu (Google) Acked-by: Andrii Nakryiko Signed-off-by: Jiri Olsa --- arch/x86/entry/syscalls/syscall_64.tbl | 1 + include/linux/syscalls.h | 2 ++ include/uapi/asm-generic/unistd.h | 5 ++++- kernel/sys_ni.c | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index 7e8d46f4147f..af0a33ab06ee 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -383,6 +383,7 @@ 459 common lsm_get_self_attr sys_lsm_get_self_attr 460 common lsm_set_self_attr sys_lsm_set_self_attr 461 common lsm_list_modules sys_lsm_list_modules +462 64 uretprobe sys_uretprobe # # Due to a historical design error, certain syscalls are numbered differently diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index e619ac10cd23..5318e0e76799 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -972,6 +972,8 @@ asmlinkage long sys_lsm_list_modules(u64 *ids, u32 *size, u32 flags); /* x86 */ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int on); +asmlinkage long sys_uretprobe(void); + /* pciconfig: alpha, arm, arm64, ia64, sparc */ asmlinkage long sys_pciconfig_read(unsigned long bus, unsigned long dfn, unsigned long off, unsigned long len, diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 75f00965ab15..8a747cd1d735 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -842,8 +842,11 @@ __SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) #define __NR_lsm_list_modules 461 __SYSCALL(__NR_lsm_list_modules, sys_lsm_list_modules) +#define __NR_uretprobe 462 +__SYSCALL(__NR_uretprobe, sys_uretprobe) + #undef __NR_syscalls -#define __NR_syscalls 462 +#define __NR_syscalls 463 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index faad00cce269..be6195e0d078 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -391,3 +391,5 @@ COND_SYSCALL(setuid16); /* restartable sequence */ COND_SYSCALL(rseq); + +COND_SYSCALL(uretprobe); From patchwork Thu May 2 12:23:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 13651677 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0065D26A; Thu, 2 May 2024 12:23:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652626; cv=none; b=nFvTQTXaKmQlkQipzKDBQ0q7xXGZIACm7tz3UkZhcY3dHy9nlpqiwUCTmbOG32+BNxyJ5A/mASQnr/FLbpQdUb9cbvn8Tm8jpYOuDMRWim+1+E6Q4XhPAjNsjIBzzNSIrIyRdu73wXes0DJuwsYrJfNrXc+mB4YMOJR6mwwOmRE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652626; c=relaxed/simple; bh=vlG7tlGdmKDoaLxWamWkA1dw1zwEzZq9akp3W7H34Ws=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hia1XNieVJcoqDi3O3PNJBfM1ABJ2xswxx+mZKtXJ04LfsGmNOY55x8LzKP3trWp4l/z0gNqOJ7kyB2bLZ9Z6BsIkp364VS54jRP9BBeF7Ii4qDek5VHClTd8rdMfYaAFovC6MOPgFj5oXAGyLvFObn21njiuG0AjUyZ8Q7BeXE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dJOG/gYG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dJOG/gYG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C347DC113CC; Thu, 2 May 2024 12:23:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714652625; bh=vlG7tlGdmKDoaLxWamWkA1dw1zwEzZq9akp3W7H34Ws=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dJOG/gYGX/B/OjmarTUUq/eLHdwso8IJOZpy/HsHuzE7difG/vfsjy7RtF/23+vR2 ag7C4Q+fgVI+OFDwhPHykIXi6s4ZjkLiQrxv1mxUto68ENKeySKYIQiD846/zIoeh6 MbJ2t3Hl5G3IOu8cV07h0yNx1GS9mVlMpuCUz0bpxsuu2dKevnY8LZ5giFQ0pqu6JS d/t0my2KNSvpxPsLq0rPUiGdE2VmWsBByvQo3BQ0IAKuqObrdpx/63jWbabUSNsKES p3feLKZu6C6+PH1pTU1OiZUULvlQOsRFn5q0VPCxqzs8N+t08AKi7csz32VRR34KQz N6V5jKdhv/DYw== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski Subject: [PATCHv4 bpf-next 2/7] uprobe: Add uretprobe syscall to speed up return probe Date: Thu, 2 May 2024 14:23:08 +0200 Message-ID: <20240502122313.1579719-3-jolsa@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502122313.1579719-1-jolsa@kernel.org> References: <20240502122313.1579719-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Adding uretprobe syscall instead of trap to speed up return probe. At the moment the uretprobe setup/path is: - install entry uprobe - when the uprobe is hit, it overwrites probed function's return address on stack with address of the trampoline that contains breakpoint instruction - the breakpoint trap code handles the uretprobe consumers execution and jumps back to original return address This patch replaces the above trampoline's breakpoint instruction with new ureprobe syscall call. This syscall does exactly the same job as the trap with some more extra work: - syscall trampoline must save original value for rax/r11/rcx registers on stack - rax is set to syscall number and r11/rcx are changed and used by syscall instruction - the syscall code reads the original values of those registers and restore those values in task's pt_regs area - only caller from trampoline exposed in '[uprobes]' is allowed, the process will receive SIGILL signal otherwise Even with some extra work, using the uretprobes syscall shows speed improvement (compared to using standard breakpoint): On Intel (11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz) current: uretprobe-nop : 1.498 ± 0.000M/s uretprobe-push : 1.448 ± 0.001M/s uretprobe-ret : 0.816 ± 0.001M/s with the fix: uretprobe-nop : 1.969 ± 0.002M/s < 31% speed up uretprobe-push : 1.910 ± 0.000M/s < 31% speed up uretprobe-ret : 0.934 ± 0.000M/s < 14% speed up On Amd (AMD Ryzen 7 5700U) current: uretprobe-nop : 0.778 ± 0.001M/s uretprobe-push : 0.744 ± 0.001M/s uretprobe-ret : 0.540 ± 0.001M/s with the fix: uretprobe-nop : 0.860 ± 0.001M/s < 10% speed up uretprobe-push : 0.818 ± 0.001M/s < 10% speed up uretprobe-ret : 0.578 ± 0.000M/s < 7% speed up The performance test spawns a thread that runs loop which triggers uprobe with attached bpf program that increments the counter that gets printed in results above. The uprobe (and uretprobe) kind is determined by which instruction is being patched with breakpoint instruction. That's also important for uretprobes, because uprobe is installed for each uretprobe. The performance test is part of bpf selftests: tools/testing/selftests/bpf/run_bench_uprobes.sh Note at the moment uretprobe syscall is supported only for native 64-bit process, compat process still uses standard breakpoint. Suggested-by: Andrii Nakryiko Reviewed-by: Oleg Nesterov Reviewed-by: Masami Hiramatsu (Google) Acked-by: Andrii Nakryiko Signed-off-by: Oleg Nesterov Signed-off-by: Jiri Olsa --- arch/x86/kernel/uprobes.c | 115 ++++++++++++++++++++++++++++++++++++++ include/linux/uprobes.h | 3 + kernel/events/uprobes.c | 24 +++++--- 3 files changed, 135 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c index 6c07f6daaa22..81e6ee95784d 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include @@ -308,6 +309,120 @@ static int uprobe_init_insn(struct arch_uprobe *auprobe, struct insn *insn, bool } #ifdef CONFIG_X86_64 + +asm ( + ".pushsection .rodata\n" + ".global uretprobe_syscall_entry\n" + "uretprobe_syscall_entry:\n" + "pushq %rax\n" + "pushq %rcx\n" + "pushq %r11\n" + "movq $" __stringify(__NR_uretprobe) ", %rax\n" + "syscall\n" + ".global uretprobe_syscall_check\n" + "uretprobe_syscall_check:\n" + "popq %r11\n" + "popq %rcx\n" + + /* The uretprobe syscall replaces stored %rax value with final + * return address, so we don't restore %rax in here and just + * call ret. + */ + "retq\n" + ".global uretprobe_syscall_end\n" + "uretprobe_syscall_end:\n" + ".popsection\n" +); + +extern u8 uretprobe_syscall_entry[]; +extern u8 uretprobe_syscall_check[]; +extern u8 uretprobe_syscall_end[]; + +void *arch_uprobe_trampoline(unsigned long *psize) +{ + static uprobe_opcode_t insn = UPROBE_SWBP_INSN; + struct pt_regs *regs = task_pt_regs(current); + + /* + * At the moment the uretprobe syscall trampoline is supported + * only for native 64-bit process, the compat process still uses + * standard breakpoint. + */ + if (user_64bit_mode(regs)) { + *psize = uretprobe_syscall_end - uretprobe_syscall_entry; + return uretprobe_syscall_entry; + } + + *psize = UPROBE_SWBP_INSN_SIZE; + return &insn; +} + +static unsigned long trampoline_check_ip(void) +{ + unsigned long tramp = uprobe_get_trampoline_vaddr(); + + return tramp + (uretprobe_syscall_check - uretprobe_syscall_entry); +} + +SYSCALL_DEFINE0(uretprobe) +{ + struct pt_regs *regs = task_pt_regs(current); + unsigned long err, ip, sp, r11_cx_ax[3]; + + if (regs->ip != trampoline_check_ip()) + goto sigill; + + err = copy_from_user(r11_cx_ax, (void __user *)regs->sp, sizeof(r11_cx_ax)); + if (err) + goto sigill; + + /* expose the "right" values of r11/cx/ax/sp to uprobe_consumer/s */ + regs->r11 = r11_cx_ax[0]; + regs->cx = r11_cx_ax[1]; + regs->ax = r11_cx_ax[2]; + regs->sp += sizeof(r11_cx_ax); + regs->orig_ax = -1; + + ip = regs->ip; + sp = regs->sp; + + uprobe_handle_trampoline(regs); + + /* + * uprobe_consumer has changed sp, we can do nothing, + * just return via iret + */ + if (regs->sp != sp) + return regs->ax; + regs->sp -= sizeof(r11_cx_ax); + + /* for the case uprobe_consumer has changed r11/cx */ + r11_cx_ax[0] = regs->r11; + r11_cx_ax[1] = regs->cx; + + /* + * ax register is passed through as return value, so we can use + * its space on stack for ip value and jump to it through the + * trampoline's ret instruction + */ + r11_cx_ax[2] = regs->ip; + regs->ip = ip; + + err = copy_to_user((void __user *)regs->sp, r11_cx_ax, sizeof(r11_cx_ax)); + if (err) + goto sigill; + + /* ensure sysret, see do_syscall_64() */ + regs->r11 = regs->flags; + regs->cx = regs->ip; + + return regs->ax; + +sigill: + force_sig(SIGILL); + return -1; +} + /* * If arch_uprobe->insn doesn't use rip-relative addressing, return * immediately. Otherwise, rewrite the instruction so that it accesses diff --git a/include/linux/uprobes.h b/include/linux/uprobes.h index f46e0ca0169c..b503fafb7fb3 100644 --- a/include/linux/uprobes.h +++ b/include/linux/uprobes.h @@ -138,6 +138,9 @@ extern bool arch_uretprobe_is_alive(struct return_instance *ret, enum rp_check c extern bool arch_uprobe_ignore(struct arch_uprobe *aup, struct pt_regs *regs); extern void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, void *src, unsigned long len); +extern void uprobe_handle_trampoline(struct pt_regs *regs); +extern void *arch_uprobe_trampoline(unsigned long *psize); +extern unsigned long uprobe_get_trampoline_vaddr(void); #else /* !CONFIG_UPROBES */ struct uprobes_state { }; diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index e4834d23e1d1..c550449d66be 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1474,11 +1474,20 @@ static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) return ret; } +void * __weak arch_uprobe_trampoline(unsigned long *psize) +{ + static uprobe_opcode_t insn = UPROBE_SWBP_INSN; + + *psize = UPROBE_SWBP_INSN_SIZE; + return &insn; +} + static struct xol_area *__create_xol_area(unsigned long vaddr) { struct mm_struct *mm = current->mm; - uprobe_opcode_t insn = UPROBE_SWBP_INSN; + unsigned long insns_size; struct xol_area *area; + void *insns; area = kmalloc(sizeof(*area), GFP_KERNEL); if (unlikely(!area)) @@ -1502,7 +1511,8 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) /* Reserve the 1st slot for get_trampoline_vaddr() */ set_bit(0, area->bitmap); atomic_set(&area->slot_count, 1); - arch_uprobe_copy_ixol(area->pages[0], 0, &insn, UPROBE_SWBP_INSN_SIZE); + insns = arch_uprobe_trampoline(&insns_size); + arch_uprobe_copy_ixol(area->pages[0], 0, insns, insns_size); if (!xol_add_vma(mm, area)) return area; @@ -1827,7 +1837,7 @@ void uprobe_copy_process(struct task_struct *t, unsigned long flags) * * Returns -1 in case the xol_area is not allocated. */ -static unsigned long get_trampoline_vaddr(void) +unsigned long uprobe_get_trampoline_vaddr(void) { struct xol_area *area; unsigned long trampoline_vaddr = -1; @@ -1878,7 +1888,7 @@ static void prepare_uretprobe(struct uprobe *uprobe, struct pt_regs *regs) if (!ri) return; - trampoline_vaddr = get_trampoline_vaddr(); + trampoline_vaddr = uprobe_get_trampoline_vaddr(); orig_ret_vaddr = arch_uretprobe_hijack_return_addr(trampoline_vaddr, regs); if (orig_ret_vaddr == -1) goto fail; @@ -2123,7 +2133,7 @@ static struct return_instance *find_next_ret_chain(struct return_instance *ri) return ri; } -static void handle_trampoline(struct pt_regs *regs) +void uprobe_handle_trampoline(struct pt_regs *regs) { struct uprobe_task *utask; struct return_instance *ri, *next; @@ -2187,8 +2197,8 @@ static void handle_swbp(struct pt_regs *regs) int is_swbp; bp_vaddr = uprobe_get_swbp_addr(regs); - if (bp_vaddr == get_trampoline_vaddr()) - return handle_trampoline(regs); + if (bp_vaddr == uprobe_get_trampoline_vaddr()) + return uprobe_handle_trampoline(regs); uprobe = find_active_uprobe(bp_vaddr, &is_swbp); if (!uprobe) { From patchwork Thu May 2 12:23:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 13651678 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FE5377F1B; Thu, 2 May 2024 12:23:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652638; cv=none; b=lEnSMuklvq6IInXPtSLhxF0rjBYcw+A9uTorogsAYh/ftxxbletKuAXWHHsA+xDIexZj3eGdZiCaA5QsyqJviBa+2DGRX7GzpzpNNz6A/tU06pyD0YR24J+q2QbIjUUS5ZKL3W7iic4iQ5D+FSSuRjZPmgJsC1+E6y1L7z5+wQE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652638; c=relaxed/simple; bh=X8WQoJWCi5EsqZ1cUiZDhhYWAyVOCBS3m1FJvk2LOc0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uKFCukQWQDj2cgQ/nOg4QoWo4PCJMUv9/QAWRIrc2im+KzpYkjWWKTBC8sMRjl7S8Spyzj8AFOFmfnG7rMHAqf+itX2Gx8iBCnbk2QQOT+a0qYgDDetjWe6USaKDnXAscg4kC/hMKBGh7cgYT4FuwLUnWpKdN2/2kSyuResRMuw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=IEcRxjKy; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="IEcRxjKy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0801FC113CC; Thu, 2 May 2024 12:23:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714652637; bh=X8WQoJWCi5EsqZ1cUiZDhhYWAyVOCBS3m1FJvk2LOc0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IEcRxjKyQMwZdKmZoVZyz4SJXNOa/d8pzvztoSOOomzNmJoZCcunFV4QhXvlFThkE 9RJ/tjT6DHJkk0cMbPtPdSd/Zrbe1mj6WSQxgLqjV9hBISVZOavFv8n6VKQ6gdssh0 V8wvW9VMUCQKhEi4secZRj2outLngjhEKWjtK/3KxRD1hG9tNAl0L5x1dUP9GSZRQV bQfQf0LSoNTZhqRI1HfgXF1kIj37BeLQmdGplMk7IWKdjyyFAQ0irtTZpMfPvrNi1L bd7qhQG0oKTcpeTK6AGsRwOtMvr5LRCakcjoy02ymsdOAn1RwzvpAVkswyKD7oL7Ig s5NhGzNCHPY8g== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski Subject: [PATCHv4 bpf-next 3/7] selftests/bpf: Add uretprobe syscall test for regs integrity Date: Thu, 2 May 2024 14:23:09 +0200 Message-ID: <20240502122313.1579719-4-jolsa@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502122313.1579719-1-jolsa@kernel.org> References: <20240502122313.1579719-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add uretprobe syscall test that compares register values before and after the uretprobe is hit. It also compares the register values seen from attached bpf program. Acked-by: Andrii Nakryiko Reviewed-by: Masami Hiramatsu (Google) Signed-off-by: Jiri Olsa --- tools/include/linux/compiler.h | 4 + .../selftests/bpf/prog_tests/uprobe_syscall.c | 163 ++++++++++++++++++ .../selftests/bpf/progs/uprobe_syscall.c | 15 ++ 3 files changed, 182 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c create mode 100644 tools/testing/selftests/bpf/progs/uprobe_syscall.c diff --git a/tools/include/linux/compiler.h b/tools/include/linux/compiler.h index 8a63a9913495..6f7f22ac9da5 100644 --- a/tools/include/linux/compiler.h +++ b/tools/include/linux/compiler.h @@ -62,6 +62,10 @@ #define __nocf_check __attribute__((nocf_check)) #endif +#ifndef __naked +#define __naked __attribute__((__naked__)) +#endif + /* Are two types/vars the same type (ignoring qualifiers)? */ #ifndef __same_type # define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c new file mode 100644 index 000000000000..311ac19d8992 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c @@ -0,0 +1,163 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include + +#ifdef __x86_64__ + +#include +#include +#include +#include "uprobe_syscall.skel.h" + +__naked unsigned long uretprobe_regs_trigger(void) +{ + asm volatile ( + "movq $0xdeadbeef, %rax\n" + "ret\n" + ); +} + +__naked void uretprobe_regs(struct pt_regs *before, struct pt_regs *after) +{ + asm volatile ( + "movq %r15, 0(%rdi)\n" + "movq %r14, 8(%rdi)\n" + "movq %r13, 16(%rdi)\n" + "movq %r12, 24(%rdi)\n" + "movq %rbp, 32(%rdi)\n" + "movq %rbx, 40(%rdi)\n" + "movq %r11, 48(%rdi)\n" + "movq %r10, 56(%rdi)\n" + "movq %r9, 64(%rdi)\n" + "movq %r8, 72(%rdi)\n" + "movq %rax, 80(%rdi)\n" + "movq %rcx, 88(%rdi)\n" + "movq %rdx, 96(%rdi)\n" + "movq %rsi, 104(%rdi)\n" + "movq %rdi, 112(%rdi)\n" + "movq $0, 120(%rdi)\n" /* orig_rax */ + "movq $0, 128(%rdi)\n" /* rip */ + "movq $0, 136(%rdi)\n" /* cs */ + "pushf\n" + "pop %rax\n" + "movq %rax, 144(%rdi)\n" /* eflags */ + "movq %rsp, 152(%rdi)\n" /* rsp */ + "movq $0, 160(%rdi)\n" /* ss */ + + /* save 2nd argument */ + "pushq %rsi\n" + "call uretprobe_regs_trigger\n" + + /* save return value and load 2nd argument pointer to rax */ + "pushq %rax\n" + "movq 8(%rsp), %rax\n" + + "movq %r15, 0(%rax)\n" + "movq %r14, 8(%rax)\n" + "movq %r13, 16(%rax)\n" + "movq %r12, 24(%rax)\n" + "movq %rbp, 32(%rax)\n" + "movq %rbx, 40(%rax)\n" + "movq %r11, 48(%rax)\n" + "movq %r10, 56(%rax)\n" + "movq %r9, 64(%rax)\n" + "movq %r8, 72(%rax)\n" + "movq %rcx, 88(%rax)\n" + "movq %rdx, 96(%rax)\n" + "movq %rsi, 104(%rax)\n" + "movq %rdi, 112(%rax)\n" + "movq $0, 120(%rax)\n" /* orig_rax */ + "movq $0, 128(%rax)\n" /* rip */ + "movq $0, 136(%rax)\n" /* cs */ + + /* restore return value and 2nd argument */ + "pop %rax\n" + "pop %rsi\n" + + "movq %rax, 80(%rsi)\n" + + "pushf\n" + "pop %rax\n" + + "movq %rax, 144(%rsi)\n" /* eflags */ + "movq %rsp, 152(%rsi)\n" /* rsp */ + "movq $0, 160(%rsi)\n" /* ss */ + "ret\n" +); +} + +static void test_uretprobe_regs_equal(void) +{ + struct uprobe_syscall *skel = NULL; + struct pt_regs before = {}, after = {}; + unsigned long *pb = (unsigned long *) &before; + unsigned long *pa = (unsigned long *) &after; + unsigned long *pp; + unsigned int i, cnt; + int err; + + skel = uprobe_syscall__open_and_load(); + if (!ASSERT_OK_PTR(skel, "uprobe_syscall__open_and_load")) + goto cleanup; + + err = uprobe_syscall__attach(skel); + if (!ASSERT_OK(err, "uprobe_syscall__attach")) + goto cleanup; + + uretprobe_regs(&before, &after); + + pp = (unsigned long *) &skel->bss->regs; + cnt = sizeof(before)/sizeof(*pb); + + for (i = 0; i < cnt; i++) { + unsigned int offset = i * sizeof(unsigned long); + + /* + * Check register before and after uretprobe_regs_trigger call + * that triggers the uretprobe. + */ + switch (offset) { + case offsetof(struct pt_regs, rax): + ASSERT_EQ(pa[i], 0xdeadbeef, "return value"); + break; + default: + if (!ASSERT_EQ(pb[i], pa[i], "register before-after value check")) + fprintf(stdout, "failed register offset %u\n", offset); + } + + /* + * Check register seen from bpf program and register after + * uretprobe_regs_trigger call + */ + switch (offset) { + /* + * These values will be different (not set in uretprobe_regs), + * we don't care. + */ + case offsetof(struct pt_regs, orig_rax): + case offsetof(struct pt_regs, rip): + case offsetof(struct pt_regs, cs): + case offsetof(struct pt_regs, rsp): + case offsetof(struct pt_regs, ss): + break; + default: + if (!ASSERT_EQ(pp[i], pa[i], "register prog-after value check")) + fprintf(stdout, "failed register offset %u\n", offset); + } + } + +cleanup: + uprobe_syscall__destroy(skel); +} +#else +static void test_uretprobe_regs_equal(void) +{ + test__skip(); +} +#endif + +void test_uprobe_syscall(void) +{ + if (test__start_subtest("uretprobe_regs_equal")) + test_uretprobe_regs_equal(); +} diff --git a/tools/testing/selftests/bpf/progs/uprobe_syscall.c b/tools/testing/selftests/bpf/progs/uprobe_syscall.c new file mode 100644 index 000000000000..8a4fa6c7ef59 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/uprobe_syscall.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0 +#include "vmlinux.h" +#include +#include + +struct pt_regs regs; + +char _license[] SEC("license") = "GPL"; + +SEC("uretprobe//proc/self/exe:uretprobe_regs_trigger") +int uretprobe(struct pt_regs *ctx) +{ + __builtin_memcpy(®s, ctx, sizeof(regs)); + return 0; +} From patchwork Thu May 2 12:23:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 13651679 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2887F65E20; Thu, 2 May 2024 12:24:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652650; cv=none; b=Kgow0IuGlYGwxbXtbSRRW3MNdxI0u6Am6YgCxwFfecaRSuUUApIXndT3soSSPAkYJ6zszXL1ztSQl3OMzfTFnKNKsgLtMiKluBLy/1zJBizaBVmwzfN1BROs2qtUsJKXGw+5HVhGaj0DiunByynkuoWMqctLGbu6hzna5OAHClY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652650; c=relaxed/simple; bh=i71ywxUeskPv7X2cS5R4+uhw8eVE+iyv8HMxABm6vMU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=us2TTM2p940fFTDgUI8iI/YKIzX1JUAOWnLjqi1IeydNcpU8ddJVdwYQFsEC5vmeAWIPwM4SCA+bDGHo9b6jlZqUGjNUIETMVeBHYd16iT8JRiKT4i82GBh+jcCJatsaH9qOoBc8lsHkg3uNZh45XeoxGoPrBc8u6FPNhgRZLTI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=t2ne8OiY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="t2ne8OiY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 10AFAC113CC; Thu, 2 May 2024 12:24:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714652649; bh=i71ywxUeskPv7X2cS5R4+uhw8eVE+iyv8HMxABm6vMU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=t2ne8OiYCUdk2LwVmCsAW87c2foWTYTVVQswoiIr3gkeDC7XFho2CZTtWqLbvY9kD FR+ST2Qs0PwdxM1qyjgSsFT3NX0XsWi30tl2TTxuMyE1WxuSNc/tgdXQ4uAQlyJAge 4TUB8epf4nHWVMZTYlihIOp0Jv3Z1DIin+c7nJ94aY1yKTO7TpDNvzCChBl+vfXADh t6lJbNBdq0AfTZmChiAmfoOAqthVQhlmGfTbU9RbdUgWxewAKO1Dz6UlXPDXixi9CK sYwExxq+1hBZrl4krd5NsyEYRTPSw29NNaKHIf8/tjWTqwKREu25AiAPfV4uRAZAnn JkL9VmK8yRu+w== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski Subject: [PATCHv4 bpf-next 4/7] selftests/bpf: Add uretprobe syscall test for regs changes Date: Thu, 2 May 2024 14:23:10 +0200 Message-ID: <20240502122313.1579719-5-jolsa@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502122313.1579719-1-jolsa@kernel.org> References: <20240502122313.1579719-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Adding test that creates uprobe consumer on uretprobe which changes some of the registers. Making sure the changed registers are propagated to the user space when the ureptobe syscall trampoline is used on x86_64. To be able to do this, adding support to bpf_testmod to create uprobe via new attribute file: /sys/kernel/bpf_testmod_uprobe This file is expecting file offset and creates related uprobe on current process exe file and removes existing uprobe if offset is 0. The can be only single uprobe at any time. The uprobe has specific consumer that changes registers used in ureprobe syscall trampoline and which are later checked in the test. Acked-by: Andrii Nakryiko Reviewed-by: Masami Hiramatsu (Google) Signed-off-by: Jiri Olsa --- .../selftests/bpf/bpf_testmod/bpf_testmod.c | 123 +++++++++++++++++- .../selftests/bpf/prog_tests/uprobe_syscall.c | 67 ++++++++++ 2 files changed, 189 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c index eb2b78552ca2..27a12d125b9f 100644 --- a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c +++ b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c @@ -10,6 +10,7 @@ #include #include #include +#include #include "bpf_testmod.h" #include "bpf_testmod_kfunc.h" @@ -343,6 +344,119 @@ static struct bin_attribute bin_attr_bpf_testmod_file __ro_after_init = { .write = bpf_testmod_test_write, }; +/* bpf_testmod_uprobe sysfs attribute is so far enabled for x86_64 only, + * please see test_uretprobe_regs_change test + */ +#ifdef __x86_64__ + +static int +uprobe_ret_handler(struct uprobe_consumer *self, unsigned long func, + struct pt_regs *regs) + +{ + regs->ax = 0x12345678deadbeef; + regs->cx = 0x87654321feebdaed; + regs->r11 = (u64) -1; + return true; +} + +struct testmod_uprobe { + struct path path; + loff_t offset; + struct uprobe_consumer consumer; +}; + +static DEFINE_MUTEX(testmod_uprobe_mutex); + +static struct testmod_uprobe uprobe = { + .consumer.ret_handler = uprobe_ret_handler, +}; + +static int testmod_register_uprobe(loff_t offset) +{ + int err = -EBUSY; + + if (uprobe.offset) + return -EBUSY; + + mutex_lock(&testmod_uprobe_mutex); + + if (uprobe.offset) + goto out; + + err = kern_path("/proc/self/exe", LOOKUP_FOLLOW, &uprobe.path); + if (err) + goto out; + + err = uprobe_register_refctr(d_real_inode(uprobe.path.dentry), + offset, 0, &uprobe.consumer); + if (err) + path_put(&uprobe.path); + else + uprobe.offset = offset; + +out: + mutex_unlock(&testmod_uprobe_mutex); + return err; +} + +static void testmod_unregister_uprobe(void) +{ + mutex_lock(&testmod_uprobe_mutex); + + if (uprobe.offset) { + uprobe_unregister(d_real_inode(uprobe.path.dentry), + uprobe.offset, &uprobe.consumer); + uprobe.offset = 0; + } + + mutex_unlock(&testmod_uprobe_mutex); +} + +static ssize_t +bpf_testmod_uprobe_write(struct file *file, struct kobject *kobj, + struct bin_attribute *bin_attr, + char *buf, loff_t off, size_t len) +{ + unsigned long offset; + int err; + + if (kstrtoul(buf, 0, &offset)) + return -EINVAL; + + if (offset) + err = testmod_register_uprobe(offset); + else + testmod_unregister_uprobe(); + + return err ?: strlen(buf); +} + +static struct bin_attribute bin_attr_bpf_testmod_uprobe_file __ro_after_init = { + .attr = { .name = "bpf_testmod_uprobe", .mode = 0666, }, + .write = bpf_testmod_uprobe_write, +}; + +static int register_bpf_testmod_uprobe(void) +{ + return sysfs_create_bin_file(kernel_kobj, &bin_attr_bpf_testmod_uprobe_file); +} + +static void unregister_bpf_testmod_uprobe(void) +{ + testmod_unregister_uprobe(); + sysfs_remove_bin_file(kernel_kobj, &bin_attr_bpf_testmod_uprobe_file); +} + +#else +static int register_bpf_testmod_uprobe(void) +{ + return 0; +} + +static void unregister_bpf_testmod_uprobe(void) { } +#endif + BTF_KFUNCS_START(bpf_testmod_common_kfunc_ids) BTF_ID_FLAGS(func, bpf_iter_testmod_seq_new, KF_ITER_NEW) BTF_ID_FLAGS(func, bpf_iter_testmod_seq_next, KF_ITER_NEXT | KF_RET_NULL) @@ -655,7 +769,13 @@ static int bpf_testmod_init(void) return ret; if (bpf_fentry_test1(0) < 0) return -EINVAL; - return sysfs_create_bin_file(kernel_kobj, &bin_attr_bpf_testmod_file); + ret = sysfs_create_bin_file(kernel_kobj, &bin_attr_bpf_testmod_file); + if (ret < 0) + return ret; + ret = register_bpf_testmod_uprobe(); + if (ret < 0) + return ret; + return 0; } static void bpf_testmod_exit(void) @@ -669,6 +789,7 @@ static void bpf_testmod_exit(void) msleep(20); sysfs_remove_bin_file(kernel_kobj, &bin_attr_bpf_testmod_file); + unregister_bpf_testmod_uprobe(); } module_init(bpf_testmod_init); diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c index 311ac19d8992..1a50cd35205d 100644 --- a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c @@ -149,15 +149,82 @@ static void test_uretprobe_regs_equal(void) cleanup: uprobe_syscall__destroy(skel); } + +#define BPF_TESTMOD_UPROBE_TEST_FILE "/sys/kernel/bpf_testmod_uprobe" + +static int write_bpf_testmod_uprobe(unsigned long offset) +{ + size_t n, ret; + char buf[30]; + int fd; + + n = sprintf(buf, "%lu", offset); + + fd = open(BPF_TESTMOD_UPROBE_TEST_FILE, O_WRONLY); + if (fd < 0) + return -errno; + + ret = write(fd, buf, n); + close(fd); + return ret != n ? (int) ret : 0; +} + +static void test_uretprobe_regs_change(void) +{ + struct pt_regs before = {}, after = {}; + unsigned long *pb = (unsigned long *) &before; + unsigned long *pa = (unsigned long *) &after; + unsigned long cnt = sizeof(before)/sizeof(*pb); + unsigned int i, err, offset; + + offset = get_uprobe_offset(uretprobe_regs_trigger); + + err = write_bpf_testmod_uprobe(offset); + if (!ASSERT_OK(err, "register_uprobe")) + return; + + uretprobe_regs(&before, &after); + + err = write_bpf_testmod_uprobe(0); + if (!ASSERT_OK(err, "unregister_uprobe")) + return; + + for (i = 0; i < cnt; i++) { + unsigned int offset = i * sizeof(unsigned long); + + switch (offset) { + case offsetof(struct pt_regs, rax): + ASSERT_EQ(pa[i], 0x12345678deadbeef, "rax"); + break; + case offsetof(struct pt_regs, rcx): + ASSERT_EQ(pa[i], 0x87654321feebdaed, "rcx"); + break; + case offsetof(struct pt_regs, r11): + ASSERT_EQ(pa[i], (__u64) -1, "r11"); + break; + default: + if (!ASSERT_EQ(pa[i], pb[i], "register before-after value check")) + fprintf(stdout, "failed register offset %u\n", offset); + } + } +} + #else static void test_uretprobe_regs_equal(void) { test__skip(); } + +static void test_uretprobe_regs_change(void) +{ + test__skip(); +} #endif void test_uprobe_syscall(void) { if (test__start_subtest("uretprobe_regs_equal")) test_uretprobe_regs_equal(); + if (test__start_subtest("uretprobe_regs_change")) + test_uretprobe_regs_change(); } From patchwork Thu May 2 12:23:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 13651680 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E50907E107; Thu, 2 May 2024 12:24:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652662; cv=none; b=CiI8SLDtLu33TVkkWKFVaiRcx4B5vA/t4p6bRDLc3T9DuhJH7LAZ/MqZfTiHvqbX0cb83FNak+8PhXfATlvREThBPtvKeZWd+WcXRJ80JjLTeuwJAUDcazajGCK8as5lwvn11BhKSB4/hUwhK9dRVbYpPXo3gmWcwA8VNcvWi+Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652662; c=relaxed/simple; bh=tdd0DLiX6XUPXbMSZMcGly7Lb8412HmbtAEmC83jpvI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Nt97CgTFic23XS6tLikqBuxYKwu3Hqb6WXO7YGcH/EJsbWXpeQvkDT5QudobOx8MCgQWv1iFUtENs9Q+qlSkI+P0nLIqnPmPogW9gWaA4VT+6Qu+viAyty/Tin3J22J/8ohwvhd6Ps0qMWRFKKB6o4xV/PaeGFBrERTPaPKTiwU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jLc3wmUf; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jLc3wmUf" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CC7D4C113CC; Thu, 2 May 2024 12:24:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714652661; bh=tdd0DLiX6XUPXbMSZMcGly7Lb8412HmbtAEmC83jpvI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jLc3wmUfPnifVo6iNmCMOeWromMDp1tC3tmY02ms/BM2/aLj+0HH8n8kt8PFR61gQ hU0uupVaANPJILaHaVQnqOr/OOubAJOJOkBvGeoiQa1oaoIxDqq1i+XcC4itVrS/im ig6K3EeD5iO+rlcJB0rGq4OBpjr6RQO0JyCNlc59fuQEKaZZXISr21/2FWD/pPIJFi ZaepEqSkK9ISpjE31pWrLTmy83Dnfdp06c3TfSIquiGsS2wxqDrhT2hOTPiHJ7xve7 ZhPBkuPCupibkYuj9EGzOKuavRezjdNq0QzXCnkL1r/IEfjNRqKi/Ds7VaT9DJZhLW Z2CXT2P/cxw3Q== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski Subject: [PATCHv4 bpf-next 5/7] selftests/bpf: Add uretprobe syscall call from user space test Date: Thu, 2 May 2024 14:23:11 +0200 Message-ID: <20240502122313.1579719-6-jolsa@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502122313.1579719-1-jolsa@kernel.org> References: <20240502122313.1579719-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Adding test to verify that when called from outside of the trampoline provided by kernel, the uretprobe syscall will cause calling process to receive SIGILL signal and the attached bpf program is not executed. Reviewed-by: Masami Hiramatsu (Google) Signed-off-by: Jiri Olsa Acked-by: Andrii Nakryiko --- .../selftests/bpf/prog_tests/uprobe_syscall.c | 95 +++++++++++++++++++ .../bpf/progs/uprobe_syscall_executed.c | 17 ++++ 2 files changed, 112 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/uprobe_syscall_executed.c diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c index 1a50cd35205d..c6fdb8c59ea3 100644 --- a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c @@ -7,7 +7,10 @@ #include #include #include +#include +#include #include "uprobe_syscall.skel.h" +#include "uprobe_syscall_executed.skel.h" __naked unsigned long uretprobe_regs_trigger(void) { @@ -209,6 +212,91 @@ static void test_uretprobe_regs_change(void) } } +#ifndef __NR_uretprobe +#define __NR_uretprobe 462 +#endif + +__naked unsigned long uretprobe_syscall_call_1(void) +{ + /* + * Pretend we are uretprobe trampoline to trigger the return + * probe invocation in order to verify we get SIGILL. + */ + asm volatile ( + "pushq %rax\n" + "pushq %rcx\n" + "pushq %r11\n" + "movq $" __stringify(__NR_uretprobe) ", %rax\n" + "syscall\n" + "popq %r11\n" + "popq %rcx\n" + "retq\n" + ); +} + +__naked unsigned long uretprobe_syscall_call(void) +{ + asm volatile ( + "call uretprobe_syscall_call_1\n" + "retq\n" + ); +} + +static void test_uretprobe_syscall_call(void) +{ + LIBBPF_OPTS(bpf_uprobe_multi_opts, opts, + .retprobe = true, + ); + struct uprobe_syscall_executed *skel; + int pid, status, err, go[2], c; + + if (pipe(go)) + return; + + skel = uprobe_syscall_executed__open_and_load(); + if (!ASSERT_OK_PTR(skel, "uprobe_syscall_executed__open_and_load")) + goto cleanup; + + pid = fork(); + if (!ASSERT_GE(pid, 0, "fork")) + goto cleanup; + + /* child */ + if (pid == 0) { + close(go[1]); + + /* wait for parent's kick */ + err = read(go[0], &c, 1); + if (err != 1) + exit(-1); + + uretprobe_syscall_call(); + _exit(0); + } + + skel->links.test = bpf_program__attach_uprobe_multi(skel->progs.test, pid, + "/proc/self/exe", + "uretprobe_syscall_call", &opts); + if (!ASSERT_OK_PTR(skel->links.test, "bpf_program__attach_uprobe_multi")) + goto cleanup; + + /* kick the child */ + write(go[1], &c, 1); + err = waitpid(pid, &status, 0); + ASSERT_EQ(err, pid, "waitpid"); + + /* verify the child got killed with SIGILL */ + ASSERT_EQ(WIFSIGNALED(status), 1, "WIFSIGNALED"); + ASSERT_EQ(WTERMSIG(status), SIGILL, "WTERMSIG"); + + /* verify the uretprobe program wasn't called */ + ASSERT_EQ(skel->bss->executed, 0, "executed"); + +cleanup: + uprobe_syscall_executed__destroy(skel); + close(go[1]); + close(go[0]); +} #else static void test_uretprobe_regs_equal(void) { @@ -219,6 +307,11 @@ static void test_uretprobe_regs_change(void) { test__skip(); } + +static void test_uretprobe_syscall_call(void) +{ + test__skip(); +} #endif void test_uprobe_syscall(void) @@ -227,4 +320,6 @@ void test_uprobe_syscall(void) test_uretprobe_regs_equal(); if (test__start_subtest("uretprobe_regs_change")) test_uretprobe_regs_change(); + if (test__start_subtest("uretprobe_syscall_call")) + test_uretprobe_syscall_call(); } diff --git a/tools/testing/selftests/bpf/progs/uprobe_syscall_executed.c b/tools/testing/selftests/bpf/progs/uprobe_syscall_executed.c new file mode 100644 index 000000000000..0d7f1a7db2e2 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/uprobe_syscall_executed.c @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: GPL-2.0 +#include "vmlinux.h" +#include +#include + +struct pt_regs regs; + +char _license[] SEC("license") = "GPL"; + +int executed = 0; + +SEC("uretprobe.multi") +int test(struct pt_regs *regs) +{ + executed = 1; + return 0; +} From patchwork Thu May 2 12:23:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 13651681 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEE847E572; Thu, 2 May 2024 12:24:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652675; cv=none; b=f/ac9ZNawswJ6aCeWYqr62LZgGDH3WQd/019rLESutNPlAS5my2P6MNTRWmx8e5FKSqfCjwMQ016FzHRRKy6yp5LkvkFUprMFhRwiwIz6P7MMSCQ/Hrrwz3xFf+RNLtCs9b8UaPZHErB4yAD4QCVc1+2yOkbdeHxvtN73gQRxSo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652675; c=relaxed/simple; bh=mWPTncrHfcSbvk7ZrPHsoF82D8w6WmakvxUwocjd27M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ePJcvcNf76cuHFZjtgsqCKi9BwLxPp0UYpztJ/2erL3XTR4pzpxZSAkc5/DGmuQDSEbDCIttgCt0YlTbbpUUmDPAeRkeT52k8ADUTuNufxoKm/hrU0IFMXhqcroMMffDhvU6dw46TizHsimTkVu1T90w7xEGa3aiLExuTgYeeqU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TbXXD2nd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TbXXD2nd" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 39765C113CC; Thu, 2 May 2024 12:24:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714652674; bh=mWPTncrHfcSbvk7ZrPHsoF82D8w6WmakvxUwocjd27M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TbXXD2ndjyF0VwzzJ33+q4aW9IuxGR3i4LXarga1ddjMHZMdyE9xEHaaeJlc5fq/C Hyls2SCrN7ksHsKoUr5HiS6+3a+xOFZijobc1/mfRrQ7G+AvJPBaE8FsPNOJQuDQ+m lcxItl84dO6Vb21H5ON4ykueoD4d50b+xiM+CQ43sHM8OJqy2CgJGBOYJjMRGLubfm p1NJSwuD0nBJD2OptcgOTnj0UEJi3hy46Qxx1TXt1mHaHJqTdpE28zbiLo7G5UZfhF DEllKFNsvCQNEKnyiuJW02605jxMCtZckBPHiHUXOwhKiS8qxp/gn6jv9YE+HYuW1i UnPn2N7xajkUQ== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski Subject: [PATCHv4 bpf-next 6/7] selftests/bpf: Add uretprobe compat test Date: Thu, 2 May 2024 14:23:12 +0200 Message-ID: <20240502122313.1579719-7-jolsa@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502122313.1579719-1-jolsa@kernel.org> References: <20240502122313.1579719-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Adding test that adds return uprobe inside 32-bit task and verify the return uprobe and attached bpf programs get properly executed. Reviewed-by: Masami Hiramatsu (Google) Signed-off-by: Jiri Olsa Acked-by: Andrii Nakryiko --- tools/testing/selftests/bpf/.gitignore | 1 + tools/testing/selftests/bpf/Makefile | 7 ++- .../selftests/bpf/prog_tests/uprobe_syscall.c | 60 +++++++++++++++++++ 3 files changed, 67 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore index f1aebabfb017..69d71223c0dd 100644 --- a/tools/testing/selftests/bpf/.gitignore +++ b/tools/testing/selftests/bpf/.gitignore @@ -45,6 +45,7 @@ test_cpp /veristat /sign-file /uprobe_multi +/uprobe_compat *.ko *.tmp xskxceiver diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 82247aeef857..a94352162290 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -133,7 +133,7 @@ TEST_GEN_PROGS_EXTENDED = test_sock_addr test_skb_cgroup_id_user \ xskxceiver xdp_redirect_multi xdp_synproxy veristat xdp_hw_metadata \ xdp_features bpf_test_no_cfi.ko -TEST_GEN_FILES += liburandom_read.so urandom_read sign-file uprobe_multi +TEST_GEN_FILES += liburandom_read.so urandom_read sign-file uprobe_multi uprobe_compat ifneq ($(V),1) submake_extras := feature_display=0 @@ -631,6 +631,7 @@ TRUNNER_EXTRA_FILES := $(OUTPUT)/urandom_read $(OUTPUT)/bpf_testmod.ko \ $(OUTPUT)/xdp_synproxy \ $(OUTPUT)/sign-file \ $(OUTPUT)/uprobe_multi \ + $(OUTPUT)/uprobe_compat \ ima_setup.sh \ verify_sig_setup.sh \ $(wildcard progs/btf_dump_test_case_*.c) \ @@ -752,6 +753,10 @@ $(OUTPUT)/uprobe_multi: uprobe_multi.c $(call msg,BINARY,,$@) $(Q)$(CC) $(CFLAGS) -O0 $(LDFLAGS) $^ $(LDLIBS) -o $@ +$(OUTPUT)/uprobe_compat: + $(call msg,BINARY,,$@) + $(Q)echo "int main() { return 0; }" | $(CC) $(CFLAGS) -xc -m32 -O0 - -o $@ + EXTRA_CLEAN := $(SCRATCH_DIR) $(HOST_SCRATCH_DIR) \ prog_tests/tests.h map_tests/tests.h verifier/tests.h \ feature bpftool \ diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c index c6fdb8c59ea3..bfea9a0368a4 100644 --- a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c @@ -5,6 +5,7 @@ #ifdef __x86_64__ #include +#include #include #include #include @@ -297,6 +298,58 @@ static void test_uretprobe_syscall_call(void) close(go[1]); close(go[0]); } + +static void test_uretprobe_compat(void) +{ + LIBBPF_OPTS(bpf_uprobe_multi_opts, opts, + .retprobe = true, + ); + struct uprobe_syscall_executed *skel; + int err, go[2], pid, c, status; + + if (pipe(go)) + return; + + skel = uprobe_syscall_executed__open_and_load(); + if (!ASSERT_OK_PTR(skel, "uprobe_syscall_executed__open_and_load")) + goto cleanup; + + pid = fork(); + if (pid < 0) + goto cleanup; + + /* child */ + if (pid == 0) { + close(go[1]); + + /* wait for parent's kick */ + err = read(go[0], &c, 1); + if (err != 1) + exit(-1); + execl("./uprobe_compat", "./uprobe_compat", NULL); + exit(-1); + } + + skel->links.test = bpf_program__attach_uprobe_multi(skel->progs.test, pid, + "./uprobe_compat", "main", &opts); + if (!ASSERT_OK_PTR(skel->links.test, "bpf_program__attach_uprobe_multi")) + goto cleanup; + + /* kick the child */ + write(go[1], &c, 1); + err = waitpid(pid, &status, 0); + ASSERT_EQ(err, pid, "waitpid"); + + /* verify the child exited normally and the bpf program got executed */ + ASSERT_EQ(WIFEXITED(status), 1, "WIFEXITED"); + ASSERT_EQ(WEXITSTATUS(status), 0, "WEXITSTATUS"); + ASSERT_EQ(skel->bss->executed, 1, "executed"); + +cleanup: + uprobe_syscall_executed__destroy(skel); + close(go[0]); + close(go[1]); +} #else static void test_uretprobe_regs_equal(void) { @@ -312,6 +365,11 @@ static void test_uretprobe_syscall_call(void) { test__skip(); } + +static void test_uretprobe_compat(void) +{ + test__skip(); +} #endif void test_uprobe_syscall(void) @@ -322,4 +380,6 @@ void test_uprobe_syscall(void) test_uretprobe_regs_change(); if (test__start_subtest("uretprobe_syscall_call")) test_uretprobe_syscall_call(); + if (test__start_subtest("uretprobe_compat")) + test_uretprobe_compat(); } From patchwork Thu May 2 12:23:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 13651682 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4289D7F481; Thu, 2 May 2024 12:24:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652687; cv=none; b=Zk6ucTsmduAYMLNCwFfkdvN13YEmbWUQeGirSLhW6cDqfiAwEe0vXzVSMm1y9E4dDg+UZcdlyhQzm6dUd30QdpjJRjXcUYqc4c7yEdZKt1qpV6btmEdToWgzu1sLESwEju3siqD7FN+JB84eeXZqaPvIDDqfGW48vpkQgGaMIPQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714652687; c=relaxed/simple; bh=IxSJTvmJyyluDOgbN3Qv5eq4m8dBC+x6ly4U5xSNfi8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BMRdLeshHT1NlQDhlNocuzxMiz6W63wJf7M5SBh3ilm0LGFbY4KoWpQ8KfomaGn19ECPu7BDXvUqccM4T33GREdN9oaCXzA4nlQtqSB8dT+XRTP1G8OOHwIwb9lgNreLCm5UT5tOZvu8rvI9BGKH/v9Ct9fvGewxZJWn7JuBpOQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NkiS0twE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NkiS0twE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 11B3CC113CC; Thu, 2 May 2024 12:24:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714652686; bh=IxSJTvmJyyluDOgbN3Qv5eq4m8dBC+x6ly4U5xSNfi8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NkiS0twE1DcVIJty0dIiyfLue//ziLF3Br/jp/DRl4zBOr4neTnq8rTX1yTUdGXcB GEtXJnpJCRqAfn78vy1MPxMH2nr7ogcHv+OXLZTKquohizzO7Ma13iOiA/njI+AaCG wCi5qvXE2KpVNQ/FzlDGAqytSftpjCBpmDZhU6VxS9eGH1hJW5eFgy6/vIAfPSwUQc TwdkyCATEmtDutDB60ihVBEfqj64oiO3Qa4LcjPtR+VVU+1u6mQ7nz1ea7Zn7+E1BY sUrwuJjfyUFuRujYAOIelYTj3V1RLXNaiH7bBVdWvBR37I4c4UexTy9gctjYija7UE jKGmdjuy8XGtA== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski Subject: [PATCHv4 7/7] man2: Add uretprobe syscall page Date: Thu, 2 May 2024 14:23:13 +0200 Message-ID: <20240502122313.1579719-8-jolsa@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502122313.1579719-1-jolsa@kernel.org> References: <20240502122313.1579719-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Adding man page for new uretprobe syscall. Signed-off-by: Jiri Olsa --- man2/uretprobe.2 | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 man2/uretprobe.2 diff --git a/man2/uretprobe.2 b/man2/uretprobe.2 new file mode 100644 index 000000000000..08fe6a670430 --- /dev/null +++ b/man2/uretprobe.2 @@ -0,0 +1,45 @@ +.\" Copyright (C) 2024, Jiri Olsa +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH uretprobe 2 (date) "Linux man-pages (unreleased)" +.SH NAME +uretprobe \- execute pending return uprobes +.SH SYNOPSIS +.nf +.B int uretprobe(void) +.fi +.SH DESCRIPTION +Kernel is using +.BR uretprobe() +syscall to trigger uprobe return probe consumers instead of using +standard breakpoint instruction. + +The uretprobe syscall is not supposed to be called directly by user, it's allowed +to be invoked only through user space trampoline provided by kernel. +When called from outside of this trampoline, the calling process will receive +.BR SIGILL . + +.SH RETURN VALUE +.BR uretprobe() +return value is specific for given architecture. + +.SH VERSIONS +This syscall is not specified in POSIX, +and details of its behavior vary across systems. +.SH STANDARDS +None. +.SH NOTES +.BR uretprobe() +syscall is initially introduced on x86-64 architecture, because doing syscall +is faster than doing breakpoint trap on it. It might be extended to other +architectures. + +.BR uretprobe() +syscall exists only to allow the invocation of return uprobe consumers. +It should +.B never +be called directly. +Details of the arguments (if any) passed to +.BR uretprobe () +and the return value are specific for given architecture.