Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp5090594iob;
        Mon, 9 May 2022 08:25:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw4pYW90XVo/wVygupVWTmSFJfweJ7Isz1h+fJS3tyTgExYINpCHP44BazLNM14jAC1zMjb
X-Received: by 2002:a05:6870:42c5:b0:ed:a89c:e9ca with SMTP id z5-20020a05687042c500b000eda89ce9camr7112796oah.97.1652109910497;
        Mon, 09 May 2022 08:25:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652109910; cv=none;
        d=google.com; s=arc-20160816;
        b=rTdk98xLQTc/mVeZe8y5eGlEKK94yzatlS9dawHJOQeR8SWgI/wryv4zu49rVwEGx0
         Y5tLSNtXa7PcoRSl9ImZhf8rL4tRDrRzcXcKzEYpg7WdJPCxtvHpWAwKMn2X5eNQ6WFZ
         7l2lWxh1R4ZulwXW0I4VWfNCEkbqcGq22OfLkxeqM17+nzbJHbGYbqYq/oWWNHPEEs+d
         aLF/ezrqbkN47/TuLKhBrIlvZacRjE0tWAvuiFS0M/+6txBr6LbfzSEh2U363UDu7/RM
         xkIYbBEhwq+dAvPWKvu5SH5wUNknL0OaDLwkm7E4Y4WuIcaK7nyIfxyGuPqgOUEbllfV
         V6Jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature:dkim-filter;
        bh=V8m3pMalZV2o68GnS/qNSir7EImgItaMWaFe/5bI2jw=;
        b=T4Oabwhm2GL6oqbUrzIxCXY8aXDcdm294kTOecilzMGPk791cmN7VS8piqoqJUo6bH
         q44kOObbTe9bGl7NbHZH9zeZlj8/yoO0GC77tQ6DREGQ0vfJSEFJYqBn28AmSoG7GeRS
         EfhCUjR093+88nVl+JZl7QcUkufVu2qBbyubL1AKaFaZUpapd/Ys3YfSswfpCIbVwvVV
         s0Xbs18wbcY6s+Upmpc5zkYwQ47RNirrAPrqft76x1Iyjt6TIE0/f+AVbkBIdFcZs9q4
         /pS06WxRDURN+5RQevFSIOFTjWmn715wzkrxqgYJlPQYQOVBZI9ALeRmR9P7zZ47ubWh
         ZMTg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=UIjcOSb7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id o29-20020a9d411d000000b006063f222f1fsi10542636ote.95.2022.05.09.08.25.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 09 May 2022 08:25:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=UIjcOSb7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id E7861291CD9;
	Mon,  9 May 2022 08:20:30 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238250AbiEIPYQ (ORCPT <rfc822;apple4onegiven@gmail.com>
        + 99 others); Mon, 9 May 2022 11:24:16 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50706 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238196AbiEIPYK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 9 May 2022 11:24:10 -0400
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8735C28FE9D;
        Mon,  9 May 2022 08:20:13 -0700 (PDT)
Received: from localhost.localdomain (154.pool92-186-13.dynamic.orange.es [92.186.13.154])
        by linux.microsoft.com (Postfix) with ESMTPSA id 7974620EC5AF;
        Mon,  9 May 2022 08:20:08 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7974620EC5AF
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1652109613;
        bh=V8m3pMalZV2o68GnS/qNSir7EImgItaMWaFe/5bI2jw=;
        h=From:To:Cc:Subject:Date:From;
        b=UIjcOSb7HpLRo2MDEgBNBfLrupiHnP8HpcoxSmfEHm5OF30bDqsmX72i6GVxfmNHr
         M8mjaxRlDg5K0egs9cCdMVMwK40QbItuOjzXQSWdUAy6SmHMxmKWv0uXh2O36vZ3U2
         f8uuSSOrQRfLKcDVyi45co7jynQHzMgv+E+10VK4=
From:   Francis Laniel <flaniel@linux.microsoft.com>
To:     linux-arm-kernel@lists.infradead.org
Cc:     linux-trace-devel@vger.kernel.org,
        Francis Laniel <flaniel@linux.microsoft.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        Peter Collingbourne <pcc@google.com>,
        Mark Brown <broonie@kernel.org>,
        Mark Rutland <mark.rutland@arm.com>,
        Daniel Kiss <daniel.kiss@arm.com>,
        Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org
Subject: [RFC PATCH v1 0/1] Call forget_syscall() if different than execve*()
Date:   Mon,  9 May 2022 16:19:56 +0100
Message-Id: <20220509151958.441240-1-flaniel@linux.microsoft.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,
	USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi.


First, I hope you are fine and the same for your relatives.

With this contribution, I enabled using syscalls:sys_exit_execve and
syscalls:sys_exit_execveat as tracepoints on arm64.
Indeed, before this contribution, the above tracepoint would not print their
information as syscall number was set to -1 by calling forget_syscall().

Now, forget_syscall() is called only if previous syscall number was different
than __NR_execve and __NR_execveat.
I tested it by compiling a kernel for arm64 and running it within a VM:
# Perf was compiled with linux kernel source.
root@vm-arm64:~# perf record -ag -e 'syscalls:sys_exit_execve' -e 'syscalls:sys_enter_execve' &
[1] 263
root@vm-arm64:~# ls
perf.data  share
root@vm-arm64:~# fg
perf record -ag -e 'syscalls:sys_exit_execve' -e 'syscalls:sys_enter_execve'
^C[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.061 MB perf.data (2 samples) ]
root@vm-arm64:~# perf script
bash   264 [000]    66.220187: syscalls:sys_enter_execve: filename: 0xaaab05d9d
...
# Below line does not appear with this patch.
ls   264 [000]    66.226848:  syscalls:sys_exit_execve: 0x0
...

Nonetheless, this contribution is not perfect, hence I marked it as RFC.
First, I am not really sure if this is safe to not call forget_syscall() all the
time, even though I did not have problem while testing it.
Then, by including <asm-generic/unistd.h> to the modified file I ended with
some warnings at compile time:

So, if you see any way to improve this contribution, feel free to share!

Francis Laniel (1):
  arm64: Forget syscall if different from execve*()

 arch/arm64/include/asm/processor.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


Best regards and thank you in advance.
-- 
2.25.1