Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753296AbdLFAel (ORCPT <rfc822;w@1wt.eu>);
        Tue, 5 Dec 2017 19:34:41 -0500
Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:39688 "EHLO
        mx0b-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1753125AbdLFAeg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Dec 2017 19:34:36 -0500
Subject: Re: [PATCH][v5] uprobes/x86: emulate push insns for uprobe on x86
From: Yonghong Song <yhs@fb.com>
To: <mingo@kernel.org>, <peterz@infradead.org>, <oleg@redhat.com>,
        <linux-kernel@vger.kernel.org>, <x86@kernel.org>
CC: <kernel-team@fb.com>
References: <20171201001202.3706564-1-yhs@fb.com>
Message-ID: <93935c11-c185-dd4d-912e-3be437781bb9@fb.com>
Date: Tue, 5 Dec 2017 16:33:46 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <20171201001202.3706564-1-yhs@fb.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [2620:10d:c090:200::7:265f]
X-ClientProxiedBy: BN6PR16CA0036.namprd16.prod.outlook.com (10.172.26.22) To
 BN6PR15MB1827.namprd15.prod.outlook.com (10.174.239.12)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ea0a2d48-4820-4e71-f8a6-08d53c4109e0
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603286);SRVR:BN6PR15MB1827;
X-Microsoft-Exchange-Diagnostics: 1;BN6PR15MB1827;3:taY3ZCG+ixaCyGqRYRk9sPHkaCfkBiYOXQQTIFcYKS9EKyUh9Edzc+yeECQoEDZAZiC51j+aEOJ68UfMq9cKGNgRiZrOpR688O9ebo/CHVpHulKIre0ox6i26YRUOlVGZutho883yVlRHYjoTw2bU89/xVaHiLbyur7Uatngy82jWmiioJBOqcp5qXs/LBbMM6EkMkjZQ2jCoisT+/7H2ShiVmYq+JHt/03c7T1gtoD30BZdRe6NaYWGsV5uNmzd;25:zJGpLf3qnGzPmvAPpwHAlkCc77UkRJDU54DmpsGPc1pPxO7YkcOnYxJWeHPJxaokWkv8os+eJhGpFQDHAzRSqZjWvQeQt6ZOGxRNcfGyoMcP1SnXGyc88nHozzO2no7fAUXpN4uZK1gCVAG8YU99frnbQMmHUQ1s2mbAY1VdV0EZIv4h2AYgtjmFLHIeqROK4Z12uBCtG+F1jBtVbuWRU16JX8v6t2WxV+csDSSzOOzh2xF/beqJrjTfB8efm2EndiK1X0bRMVbnCzA7svzWBV0D+fLS5Zph5fCS6WJMY4y5p2KAsN+0EZ9+GAvAamWerwstXU7GSN7MLLF/0GyB3Q==;31:hvlqtnrHkoWzrYL3dqt4wcY9YWPUaUrpOsJpn7RNisN+9+bxitQi9EGZrKXLZfy1TGe+JpSztFfLUGLtwPwfUUIGlOgd5Qh7OIj67Klnd40HaIbQi4D4exO0dY3etbPPix8UuZayAYwzPiAamOkP7+XtvIbJHahj5s1qqFdNXr2uKr5H6i3uDe9jIWqtqRF94r0LID1gU4lexKOjyrwRhelcjcPFzcCQhFv6AqW1Cis=
X-MS-TrafficTypeDiagnostic: BN6PR15MB1827:
X-Microsoft-Exchange-Diagnostics: 1;BN6PR15MB1827;20:yhUHcz2Pi8rs7zL/Ls7obuUV0DUYq50UKfwfea7T4MvtOwETHR/eBjZGolBonUGlqJqkU7vuCvNZPZg56bz1mKeVAJoWEF2dKGpMpa9RD9O6VOXubFdIVLM/OI5xe20sixCiVtd7k719D8Qk0zyTgUaccVutErGRp7okgiNHcOEt/Nj27yaxshtLnfU9+eJdIYPwn3bkjx85OslAFEhOx3bDSijpHdPNVpXWh7BAi3vMEii1Q+GH+3Fs/2wjmpxEzbhMDGQsFfdSPI6KIKQivv2H9FmqFN84wHWWFcCjzUi7FMS0fAmG2fedyqAzoUcVwvjATl/WrjDcJCfEegQHZCBudrIByrlNLSc+kAP/ScsVrI3p3K0P2FJ/5S3uV6mSCHxjlHyA0WK4yvs4jKMrlDBpEGWDzxUW7khaOLz+Yo0GJg7zMA7hjYJmihEJCMbb5X23b4jZvGbBVVWcWFsGRZ5lpVfbZC/ZcWF1qBrQ1F0jJuDMh6fnXH5/q4R++UNu;4:NZkAGF+0f7pGpjfmRc8/OGoV8T9iXY+A5+dTUU8aguMmTHODc7yJaiOW3fEFJeBL4WbPpDnZFpDvLuckVq89AExKPjKVOx9LVs8nOQutqKJp9iJpLj2Xr4C9lY/gtFTgZfaIHGQtWVWv+o2TcZ1a88KbXmDiOAWUgBxQR3CMkbAG1XPHyiBHUTsBYljcCpzVSJ+p583PUZdXxA2PPHHvLW5nC0VKNFb21dtFY905xwFhTY+DkZ/3RFOjTszGEtkiSwwNWwTGhIwO8BLECm052CFYzPjU+5VqDC9mshHR6x38S/kmBkAVXxXaidfq0Io1AsyZtStAJF0eczGG6CvwwfYPQAkvX08F3tGfeqO7Fb0=
X-Microsoft-Antispam-PRVS: <BN6PR15MB18279E96A941A252B37CB785D3320@BN6PR15MB1827.namprd15.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(166708455590820)(67672495146484);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(11241501159)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231022)(93006095)(93001095)(6041248)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011);SRVR:BN6PR15MB1827;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:BN6PR15MB1827;
X-Forefront-PRVS: 05134F8B4F
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(346002)(376002)(366004)(24454002)(54534003)(199004)(189003)(36756003)(64126003)(52396003)(6306002)(31686004)(86362001)(478600001)(52146003)(2486003)(52116002)(83506002)(67846002)(966005)(23676004)(6506006)(6246003)(230700001)(6512007)(229853002)(6486002)(53936002)(76176011)(8676002)(50466002)(2906002)(31696002)(305945005)(81166006)(97736004)(81156014)(7736002)(316002)(25786009)(68736007)(58126008)(47776003)(6116002)(65956001)(65806001)(53546010)(4326008)(65826007)(33646002)(2950100002)(105586002)(106356001)(8936002)(101416001)(6666003)(5660300001)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1827;H:raviram-mbp.DHCP.thefacebook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjE1TUIxODI3OzIzOkQyOWxXbnBiZTZBRjRyWmZoN3BoODliZzJ1?=
 =?utf-8?B?K0ZtYlA1Z0YzOVdEVDRHckF2LzNnL1NmUmVKUlVIU2lQY1FVRm5wVGxqb2I2?=
 =?utf-8?B?aFB4RFBSWVdBaVByL1J1bGhDcVBjdDhBYURaZjVqRnA2aTJQVFJLVnVZNUdT?=
 =?utf-8?B?NWRnSGd0bHlRNnczMkFmRkU4ZzVqdVdVSm1ZaTlWTnBaMFZVSmVMcWorWHJp?=
 =?utf-8?B?MTNtZlpLQ2YwQU1zNkR2Tlpob1VwMFRmdTBoNlhLVFZBZU1IdlhRcG9NblQ2?=
 =?utf-8?B?bFBrYldnTDR4eTZGdmlEMVV3Y3RvdGxaSzJPd0hvSlh2M25Sd1BlNGdsZDRR?=
 =?utf-8?B?aGRSTjc5M1RxMTUyaUovbHU0dGtjWlVvem42MEZ0WDZTaCswWURoWWZJbCtX?=
 =?utf-8?B?NUduTXRQQ2x4L0ZNMWJrYTMxejBxR2FzZmV6dHVFdlduVVlhWUE2a3pwZlpa?=
 =?utf-8?B?enFBSUZNVEJHZ2paaVhTdTE2d1NLVERXQU8rQlBMckxjNER5OGpUeC8yTGho?=
 =?utf-8?B?bFA0ekduQkQwT0luWlJ6RFZyRnY0aDJldGpDcTdnWXVkdTZtRzJMM1J5NXAr?=
 =?utf-8?B?d0owUkQyRTVueG1seExWYWIrUHZhSGwxUldvNlFyam9JdEFRQ2NQY0ZRdGRy?=
 =?utf-8?B?Z0dqNzZwNWRxcU5rQjlPeVdCN1ZnS2g2Ui9ZWmM0Ti8xQjZJZnJBZ2dMMk51?=
 =?utf-8?B?b3hZRys1bXltdXY1MEliSDk3TWJma29Za2NUMzJBbXJMc0VkcW9KM2VIODZT?=
 =?utf-8?B?SERPVStBcS9UUmROTXBZNmFYQ1BFbnRnczRmb0lWdFlrblZxMlYxMnM5UGNk?=
 =?utf-8?B?T2RTUmV0R1ErUkJWcXkxVC9JMWh0V2pPZDB0VGlXQmFjUGRnczNlOWF3eE9C?=
 =?utf-8?B?SThzbVd3YzFIRmFWdTdSVEtob0dMM3daaEMvRlB0cmY1TlEyR0NoSjBuT3B6?=
 =?utf-8?B?S2ZwTEY4dnI1cHFtcjNqOHFUcXpqMHZTUTFoRk94cEhRUFc0NTdEMUx2U2x2?=
 =?utf-8?B?b2gxZ1kyUlN0UEtqc2lLZDhSUitmK2JadkRiOGZDbTM1TG5YLytwWTlnekJl?=
 =?utf-8?B?OCtaNTgrejhyZWUzMEpBQWRJeURycHhDNkEvYjE1K1JnWnhockZDaURCR1Zp?=
 =?utf-8?B?NUdPdWVpMXlCVlMzYzNFTGdjRkhxMERYNzlWVDU2emtJRzJ1NXpkbDU2NERo?=
 =?utf-8?B?U0hoN1FtdEs1OHl5OE82eUJPLzBMcDZSWGZNaE96MU5aNFdoMTk5MXZyOGt1?=
 =?utf-8?B?MUphWS9HdDBDQm13TWxOTjJ1c2VKaVNJblptU25MaytWLytIcVNzejdxTFB0?=
 =?utf-8?B?SUJzVVFWclVTWkZCV0pMTlhJRjMrY282K3diZkw0NFNseDB5QnUya1RiRStK?=
 =?utf-8?B?SHZBOEVMd3pEOFdaYm9sYysrUDR6SzdSOHhjeEZNeldocTM4eUt0V3c3NUdq?=
 =?utf-8?B?TjhyeVJqMlJUcGthdE1waklMSGR5Q3hFM0VNZTV3OTkvME9pZTNkcC8vQSsr?=
 =?utf-8?B?UVBJZ2daUXVCbkNGUkRHK3o1Uy9Rb2p0c0tWUmFhSFFyKzFVQmpqbWI5S2Va?=
 =?utf-8?B?R3FXb3VlY1grV0hDWUdCV2FRc09Xa1duQ1F0dk9wSmRCUGNPdVVZc21RUHJx?=
 =?utf-8?B?K1FldE0rMitQVTZod1EyQmg4THRYRGZ5OE8vS0d2bDRpZk1UTk1sbFZUMGcz?=
 =?utf-8?B?dkN1RTFVVUhVcDRZWVgxY3N1SVlxTFJNSVVzOUxpTXdDSUc0NWhEdUFRYjRM?=
 =?utf-8?B?ZVh4MFk1NzhsaWdnNmxQOGY0WnA0UWM5RlFJSU9iYk1tdEgzdHdzakdicGVD?=
 =?utf-8?Q?o87MqTYo6OTBR?=
X-Microsoft-Exchange-Diagnostics: 1;BN6PR15MB1827;6:iOcccz/QnTPi5nzgwZ/X7ARZbixJ89h1JdFzKYH7K1kdSzdA+wNirz9ZscDSWLcr5Ws6uyzzeTk9cGq78QFtN5tceTUIEOEzidV5lDZvYKZOH0njlwoikcuOqdXU7TSKyZx7VGzXttCpOBfiGPbcf0VCd0UXWdmCELDmV5cTU2dZPHCXeyPcIgoadqxzhpcwlzvqASey0dGaPje7Fp9hzlXC6SQwlaZMTk0LYMuDNN1ARKw7RHfv3BCBnznJifhAfAamD1ZqaGtthlmgaOFVlCUW+Tj2nMEqmd0gImqPMzHlDKM/uJ7rSr58h4Su/thTKydhBhs/4lKcBgICWKvBM9Z2dR8xgLkCF4QT6QQlw+0=;5:qEpabnQMkSbsEOSgX7thWGC7gnRChLxLDOa/1G4/kJvwsgjGaaJIAqaXusKyQyLJRdQYl64hRzb4ABKR1BDKC2W3AZuW9PkO81F/D2fb7meARYSLzbTCgZN2OWFR5AaB6fke+GK5Rxhd6KAfNZYpKJgKwXdXaoQQYRbGLRiSNf8=;24:VMSlIpMt/z8rjFiA+OLkcI5dbSbGy/HGpAyLCebt++4jk2E22M9k2Pn5UTWTdm7D0r2huUx3EWLtvUS/lk/fqxM4myeEFtraVOMi188o3+s=;7:PkHoGzWkHzqypFCkG4CCti343DP2GnrJ3PRL9LooLGff3xElhYYSEof4gi3hHvxLcE2STBZaO13X9Y70YxFECxQZZZKR+bwBG3wREaMgy1K8Fcgmih2h0kVw+RNfIcGZBOeBay+6M63TpbaUaXsewA2Dfufa7b8fL+EDF3Qh3G6CPrkGarXtNjMbdDVEieUyZOGQmgN3pGJC1LhUInJZqlMO0TFRuKlSe0jwZhBGBJ+xhdn8tKtdGd86Q0qvTRhM
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;BN6PR15MB1827;20:7UqMLYc22y61lV82sxzJ5W1maCHQDnOigwwkVtmENabX0L3YHqMI4vF/4ZVd5eLOAhDK6Wl4v/nlLZ8s/uLsN2LbU6w8fW8W95HhLLQg44rrDbNAjj2NYMdJUl16xOBoFGtYa/ne9oPmBpetpw/tLlQ2L5cwRh54K7m/0It1w0s=
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 00:33:56.9853 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ea0a2d48-4820-4e71-f8a6-08d53c4109e0
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1827
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-12-05_09:,,
 signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 9311
Lines: 289

Hi, Ingo and Peter,

Could you take a look at this patch and if no objection
merge it into tip? This patch has been reviewed by
Oleg Nesterov.

Thanks!

Yonghong

On 11/30/17 4:12 PM, Yonghong Song wrote:
> Uprobe is a tracing mechanism for userspace programs.
> Typical uprobe will incur overhead of two traps.
> First trap is caused by replaced trap insn, and
> the second trap is to execute the original displaced
> insn in user space.
> 
> To reduce the overhead, kernel provides hooks
> for architectures to emulate the original insn
> and skip the second trap. In x86, emulation
> is done for certain branch insns.
> 
> This patch extends the emulation to "push <reg>"
> insns. These insns are typical in the beginning
> of the function. For example, bcc
> in https://github.com/iovisor/bcc repo provides
> tools to measure funclantency, detect memleak, etc.
> The tools will place uprobes in the beginning of
> function and possibly uretprobes at the end of function.
> This patch is able to reduce the trap overhead for
> uprobe from 2 to 1.
> 
> Without this patch, uretprobe will typically incur
> three traps. With this patch, if the function starts
> with "push" insn, the number of traps can be
> reduced from 3 to 2.
> 
> An experiment was conducted on two local VMs,
> fedora 26 64-bit VM and 32-bit VM, both 4 processors
> and 4GB memory, booted with latest tip repo (and this patch).
> The host is MacBook with intel i7 processor.
> 
> The test program looks like
>    #include <stdio.h>
>    #include <stdlib.h>
>    #include <time.h>
>    #include <sys/time.h>
> 
>    static void test() __attribute__((noinline));
>    void test() {}
>    int main() {
>      struct timeval start, end;
> 
>      gettimeofday(&start, NULL);
>      for (int i = 0; i < 1000000; i++) {
>        test();
>      }
>      gettimeofday(&end, NULL);
> 
>      printf("%ld\n", ((end.tv_sec * 1000000 + end.tv_usec)
>                       - (start.tv_sec * 1000000 + start.tv_usec)));
>      return 0;
>    }
> 
> The program is compiled without optimization, and
> the first insn for function "test" is "push %rbp".
> The host is relatively idle.
> 
> Before the test run, the uprobe is inserted as below for uprobe:
>    echo 'p <binary>:<test_func_offset>' > /sys/kernel/debug/tracing/uprobe_events
>    echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable
> and for uretprobe:
>    echo 'r <binary>:<test_func_offset>' > /sys/kernel/debug/tracing/uprobe_events
>    echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable
> 
> Unit: microsecond(usec) per loop iteration
> 
> x86_64          W/ this patch   W/O this patch
> uprobe          1.55            3.1
> uretprobe       2.0             3.6
> 
> x86_32          W/ this patch   W/O this patch
> uprobe          1.41            3.5
> uretprobe       1.75            4.0
> 
> You can see that this patch significantly reduced the overhead,
> 50% for uprobe and 44% for uretprobe on x86_64, and even more
> on x86_32.
> 
> Signed-off-by: Yonghong Song <yhs@fb.com>
> Reviewed-by: Oleg Nesterov <oleg@redhat.com>
> ---
>   arch/x86/include/asm/uprobes.h |   4 ++
>   arch/x86/kernel/uprobes.c      | 107 +++++++++++++++++++++++++++++++++++++++--
>   2 files changed, 107 insertions(+), 4 deletions(-)
> 
> Changelogs:
> v4 -> v5:
>    . No code change from v4.
>    . Rebased on top of tip and added Reviewed-by from Oleg.
> v3 -> v4:
>    . Revert most of v3 change as 32bit emulation is not really working
>      on x86_64 platform as function emulate_push_stack() needs to account
>      for 32bit app on 64bit platform. A separate effort is ongoing to
>      address this issue.
> v2 -> v3:
>    . Do not emulate 32bit application on x86_64 platforms
> v1 -> v2:
>    . Address Oleg's comments
> 
> diff --git a/arch/x86/include/asm/uprobes.h b/arch/x86/include/asm/uprobes.h
> index 74f4c2f..d8bfa98 100644
> --- a/arch/x86/include/asm/uprobes.h
> +++ b/arch/x86/include/asm/uprobes.h
> @@ -53,6 +53,10 @@ struct arch_uprobe {
>   			u8	fixups;
>   			u8	ilen;
>   		} 			defparam;
> +		struct {
> +			u8	reg_offset;	/* to the start of pt_regs */
> +			u8	ilen;
> +		}			push;
>   	};
>   };
>   
> diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
> index a3755d2..85c7ef2 100644
> --- a/arch/x86/kernel/uprobes.c
> +++ b/arch/x86/kernel/uprobes.c
> @@ -528,11 +528,11 @@ static int default_pre_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
>   	return 0;
>   }
>   
> -static int push_ret_address(struct pt_regs *regs, unsigned long ip)
> +static int emulate_push_stack(struct pt_regs *regs, unsigned long val)
>   {
>   	unsigned long new_sp = regs->sp - sizeof_long();
>   
> -	if (copy_to_user((void __user *)new_sp, &ip, sizeof_long()))
> +	if (copy_to_user((void __user *)new_sp, &val, sizeof_long()))
>   		return -EFAULT;
>   
>   	regs->sp = new_sp;
> @@ -566,7 +566,7 @@ static int default_post_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs
>   		regs->ip += correction;
>   	} else if (auprobe->defparam.fixups & UPROBE_FIX_CALL) {
>   		regs->sp += sizeof_long(); /* Pop incorrect return address */
> -		if (push_ret_address(regs, utask->vaddr + auprobe->defparam.ilen))
> +		if (emulate_push_stack(regs, utask->vaddr + auprobe->defparam.ilen))
>   			return -ERESTART;
>   	}
>   	/* popf; tell the caller to not touch TF */
> @@ -655,7 +655,7 @@ static bool branch_emulate_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
>   		 *
>   		 * But there is corner case, see the comment in ->post_xol().
>   		 */
> -		if (push_ret_address(regs, new_ip))
> +		if (emulate_push_stack(regs, new_ip))
>   			return false;
>   	} else if (!check_jmp_cond(auprobe, regs)) {
>   		offs = 0;
> @@ -665,6 +665,16 @@ static bool branch_emulate_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
>   	return true;
>   }
>   
> +static bool push_emulate_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
> +{
> +	unsigned long *src_ptr = (void *)regs + auprobe->push.reg_offset;
> +
> +	if (emulate_push_stack(regs, *src_ptr))
> +		return false;
> +	regs->ip += auprobe->push.ilen;
> +	return true;
> +}
> +
>   static int branch_post_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
>   {
>   	BUG_ON(!branch_is_call(auprobe));
> @@ -703,6 +713,10 @@ static const struct uprobe_xol_ops branch_xol_ops = {
>   	.post_xol = branch_post_xol_op,
>   };
>   
> +static const struct uprobe_xol_ops push_xol_ops = {
> +	.emulate  = push_emulate_op,
> +};
> +
>   /* Returns -ENOSYS if branch_xol_ops doesn't handle this insn */
>   static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn)
>   {
> @@ -750,6 +764,87 @@ static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn)
>   	return 0;
>   }
>   
> +/* Returns -ENOSYS if push_xol_ops doesn't handle this insn */
> +static int push_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn)
> +{
> +	u8 opc1 = OPCODE1(insn), reg_offset = 0;
> +
> +	if (opc1 < 0x50 || opc1 > 0x57)
> +		return -ENOSYS;
> +
> +	if (insn->length > 2)
> +		return -ENOSYS;
> +	if (insn->length == 2) {
> +		/* only support rex_prefix 0x41 (x64 only) */
> +#ifdef CONFIG_X86_64
> +		if (insn->rex_prefix.nbytes != 1 ||
> +		    insn->rex_prefix.bytes[0] != 0x41)
> +			return -ENOSYS;
> +
> +		switch (opc1) {
> +		case 0x50:
> +			reg_offset = offsetof(struct pt_regs, r8);
> +			break;
> +		case 0x51:
> +			reg_offset = offsetof(struct pt_regs, r9);
> +			break;
> +		case 0x52:
> +			reg_offset = offsetof(struct pt_regs, r10);
> +			break;
> +		case 0x53:
> +			reg_offset = offsetof(struct pt_regs, r11);
> +			break;
> +		case 0x54:
> +			reg_offset = offsetof(struct pt_regs, r12);
> +			break;
> +		case 0x55:
> +			reg_offset = offsetof(struct pt_regs, r13);
> +			break;
> +		case 0x56:
> +			reg_offset = offsetof(struct pt_regs, r14);
> +			break;
> +		case 0x57:
> +			reg_offset = offsetof(struct pt_regs, r15);
> +			break;
> +		}
> +#else
> +		return -ENOSYS;
> +#endif
> +	} else {
> +		switch (opc1) {
> +		case 0x50:
> +			reg_offset = offsetof(struct pt_regs, ax);
> +			break;
> +		case 0x51:
> +			reg_offset = offsetof(struct pt_regs, cx);
> +			break;
> +		case 0x52:
> +			reg_offset = offsetof(struct pt_regs, dx);
> +			break;
> +		case 0x53:
> +			reg_offset = offsetof(struct pt_regs, bx);
> +			break;
> +		case 0x54:
> +			reg_offset = offsetof(struct pt_regs, sp);
> +			break;
> +		case 0x55:
> +			reg_offset = offsetof(struct pt_regs, bp);
> +			break;
> +		case 0x56:
> +			reg_offset = offsetof(struct pt_regs, si);
> +			break;
> +		case 0x57:
> +			reg_offset = offsetof(struct pt_regs, di);
> +			break;
> +		}
> +	}
> +
> +	auprobe->push.reg_offset = reg_offset;
> +	auprobe->push.ilen = insn->length;
> +	auprobe->ops = &push_xol_ops;
> +	return 0;
> +}
> +
>   /**
>    * arch_uprobe_analyze_insn - instruction analysis including validity and fixups.
>    * @mm: the probed address space.
> @@ -771,6 +866,10 @@ int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
>   	if (ret != -ENOSYS)
>   		return ret;
>   
> +	ret = push_setup_xol_ops(auprobe, &insn);
> +	if (ret != -ENOSYS)
> +		return ret;
> +
>   	/*
>   	 * Figure out which fixups default_post_xol_op() will need to perform,
>   	 * and annotate defparam->fixups accordingly.
>