Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp1713115lqm; Fri, 3 May 2024 04:35:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUs/gOKW+IwceydicT5iOhteMkh06dqozATnFxn2Avth5uAk2R0PnUiy2THNKU88IF8nUzKNa1hWaTjCRcAEuKsiwMIoqKaUTCH+Xr9sw== X-Google-Smtp-Source: AGHT+IFyFxGrMm56rtcsKPGD0SXJ4IC2j8gexXE+0WSTE50x2Wz3y5ikoXOjQAR2soAElxNmVFZE X-Received: by 2002:a05:620a:21dd:b0:790:6e28:17e5 with SMTP id h29-20020a05620a21dd00b007906e2817e5mr2246429qka.55.1714736123048; Fri, 03 May 2024 04:35:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714736123; cv=pass; d=google.com; s=arc-20160816; b=mUs+6YAXU3zdyNBD0FlYpKQ5wVEmQ4QYb7s55uS7H7Ai2fkz/Qz4JCzcHoLsL85NK6 j3na7uHezgO+QLN518cXJ+UuZfF1NXvCqV4NFddxWTLyXmOM3vCjFGNAx1BiVE3siAOp mQ+zZ4xMEKuVR6R/Qovn8ACpNLXsNMKDygo5zvaI+69t0dZxrn2LA6klDymCvCLM5G/9 maiihEdanXlKZPgTVd1rPzrcEUIY2CvlCpFGTp6jtPtWYXTg3AKpnC2QLa6NkXbY9XOk Dk/2hYYlVtQNh7cmY/Xp5PaH2tFJJATb8AGl/egIPfwKCjJVxgSH+TkqxJAdsvElrH4A 7vEg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=sxVQ/UPJFlyGRDmIkbFV8gUftaJHcE4mZegeO9XShts=; fh=KR/UbLRVcFmFqp0DhHH5pQsXyiWFQUTp03/6EShi61E=; b=yvaCu3FHIyljfnCSzYgOwWHotZEi2hyl4Nlsm4CE/Ir9vHtHsTZz9/AGLOLPvAViRu R1ZsUwYEmhicNH3ttNtU8s/aALenS7v7oohY2OLolRe+fjlO2NRvnwXSta+5rDOP5oJ4 G0tV7HskehDF6TuGt8x+u/AQP83ywyJ11wklESl7BBwmUQeb5Q8D1IQFxsekP/g5LoqE V0zDRw3rLZB1AtuaFDi6wFgZlWlZbK9ROn0B8e8y1dEsjVI5yq3NVWA19JlOp28pBMXQ nFn4aIw7vjPcRd7jlmQPw4aTyqP7AmpgS/3kQjw1VNYUhcsY8L6o+FOV7puK+BhKG2Zb 3eFA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=EXuP307l; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-167589-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-167589-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id xy17-20020a05620a5dd100b00790fd4fc22dsi2813628qkn.465.2024.05.03.04.35.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 May 2024 04:35:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-167589-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=EXuP307l; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-167589-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-167589-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 4FECF1C221CE for ; Fri, 3 May 2024 11:35:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 26B11152DE5; Fri, 3 May 2024 11:35:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="EXuP307l" Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E7A4152180; Fri, 3 May 2024 11:35:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.50.34 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714736111; cv=none; b=q2fLiPD8gEl/o91Ew48Pi8cLDB3S5CS7Lev/PI6M6/MRKuuQ+do3Z83IrYeXc7ehrzovpZbF6dlWZ3ZDsDi84dY168coxPuZNUJ60mx+ZGS8j5LrRCDhG5oGPwjNanQRMKLYS91MOl7oframZjFIr8dkGvfnzvXT8tPuTobH/hw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714736111; c=relaxed/simple; bh=NGCnV/jwRUnhIBk4eqhuNe7GPUCIIScfqyZphbH1u3s=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=WC+Y8zT6rOAqVqaUCs+rPfz6UCXVZAQFfXBOtXxWJg480qGvRMsVsnlB6MOBSx33NM1VHA0dmH0764rarVpFZ0ygoNLODwz88zl1s6qB4d/Dz1KQQnQI0JeDm7SjiZEa5hqwzmkIuLagK2Nx/n8nhHMFihiM/gzYIsZKmGF0ONA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=EXuP307l; arc=none smtp.client-ip=90.155.50.34 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=sxVQ/UPJFlyGRDmIkbFV8gUftaJHcE4mZegeO9XShts=; b=EXuP307lalwf/R+RmqAOGe5qq7 fd0cZn6+STJkV0IVWQAvGai3Xv8VqeUTQDeTM+eLovrpsJdA9poPUUo9ixiHOuhGjF9pcTh0+BcBV 5tY53XLfIFtG8bdHSl+1j9o/lYoG40IWQwJXh/T4LNo3GVaieoUX1gaYBiWvHUgUzv0coI0C1AwoQ FTHXpzpbryJZzYtmVfrCsQ/kB/mf/OJNoRS+FnZaKoFOmdQd1sQiDqi+9UOkh2/g1INakPnV9JkRg t1bIFnHXZ6bizin2WR/1+A43kT8i2CgTUPF7wwMczJZyPxRRftalTK75WgFLre8CBtjD9ChyoDKe3 1nL5c0vg==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.97.1 #2 (Red Hat Linux)) id 1s2rBl-00000003z6t-33bZ; Fri, 03 May 2024 11:34:53 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 1000) id 62FD73001FD; Fri, 3 May 2024 13:34:53 +0200 (CEST) Date: Fri, 3 May 2024 13:34:53 +0200 From: Peter Zijlstra To: Jiri Olsa Cc: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski , rick.p.edgecombe@intel.com Subject: Re: [PATCHv4 bpf-next 2/7] uprobe: Add uretprobe syscall to speed up return probe Message-ID: <20240503113453.GK40213@noisy.programming.kicks-ass.net> References: <20240502122313.1579719-1-jolsa@kernel.org> <20240502122313.1579719-3-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240502122313.1579719-3-jolsa@kernel.org> On Thu, May 02, 2024 at 02:23:08PM +0200, Jiri Olsa wrote: > Adding uretprobe syscall instead of trap to speed up return probe. > > At the moment the uretprobe setup/path is: > > - install entry uprobe > > - when the uprobe is hit, it overwrites probed function's return address > on stack with address of the trampoline that contains breakpoint > instruction > > - the breakpoint trap code handles the uretprobe consumers execution and > jumps back to original return address > > This patch replaces the above trampoline's breakpoint instruction with new > ureprobe syscall call. This syscall does exactly the same job as the trap > with some more extra work: > > - syscall trampoline must save original value for rax/r11/rcx registers > on stack - rax is set to syscall number and r11/rcx are changed and > used by syscall instruction > > - the syscall code reads the original values of those registers and > restore those values in task's pt_regs area > > - only caller from trampoline exposed in '[uprobes]' is allowed, > the process will receive SIGILL signal otherwise > Did you consider shadow stacks? IIRC we currently have userspace shadow stack support available, and that will utterly break all of this. It would be really nice if the new scheme would consider shadow stacks.