Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp1242037lqo; Sat, 11 May 2024 14:10:05 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW5vWDD5/8Ec1GwpaM8zkFrUXurk/x3tSUkEJ+hqTMhmenvH9ur+m83WK9iqQN9iVDdxFs15U2NpRVTTtSVLFAJY0YANkcencfAPngVyg== X-Google-Smtp-Source: AGHT+IHh8JxUQ4rIp6uZ5xY/wKCknCv03kJkuSICmH7AFHDCzd71zaJsbZg92IgkhUGfbby38wA7 X-Received: by 2002:a05:6358:9046:b0:186:1abe:611e with SMTP id e5c5f4694b2df-193bd2f82e8mr693670555d.30.1715461805419; Sat, 11 May 2024 14:10:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715461805; cv=pass; d=google.com; s=arc-20160816; b=C3g5ln2RhiPEithNkPc5LVE7mowgOkmBOIh1gb8W4rb/lPDNZiEv5dqQEbNnR+i6Kw pJaJLNyjmBeGjSrcojGigvcgfUYxwhhocoQ8Pk49vaXKH49ypjg3chfl7Z+wsUQS7oBN NRSs3xCuN29A3lUPQHQ6gpvydt4+fc6q0a/gT3gBDukx6z38k5QvpMP+PceOFT4vTWuy nPcEka8P6yWYJYco59ltNHR75RSZd/7cfQUlp4TcE1SFcvL07pr3CumemS20xc4hkw4/ WGGJ9HraBc1Q5kQzGtGiP3sU2WY7ahq5Uskc/ChEFhbDbMjUgPOhz/qNXhAfqdBTJSC4 JyMA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:date:from:dkim-signature; bh=fhGglJZ+b8g6GXzg1Ll6IIdz99ZTq4GAj4YEaMs8Mvw=; fh=8FJxMDjCmuKSMMGyQyL5HjawbI9PKbT7TV6inDsM84Y=; b=u9LS1/BZfOo0tGGBoZV2mURBGeyhdBrfElhT9uq9AA+uqDBbWbbYMZJR0Eye3rdi4z 3MUvaG9iQzqGv3QTRgbL7JlE/UYiPi1pKPRPhTO6u3ysnqWsaD61HbHomjHrc162AxTE uAsfjAQfdc5WLgj7dQfb2/WU8GcnlpVcA8ujTktQvnYX4lt1QJElH93BS55iHWQ98uv1 yN5aH65T0gfyHZjpSz+d4mChI/gMU3xey9KYkZaMzGHAZYGky0TANG28hxYDyucMNfau Wc2Mpfe0JvgLHtRoZv4QhbS7Pa/mxCSbFzw4ygPqJEdcf7xflwWcArURO15DUN39Rdvu 93eQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EwgJIpsT; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-176730-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176730-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d75a77b69052e-43e1142181dsi5694001cf.235.2024.05.11.14.10.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 May 2024 14:10:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-176730-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EwgJIpsT; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-176730-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176730-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2137C1C20C44 for ; Sat, 11 May 2024 21:10:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 08D9422619; Sat, 11 May 2024 21:09:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="EwgJIpsT" Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF69F1BC44; Sat, 11 May 2024 21:09:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715461794; cv=none; b=YGbuCIs8JyLj/wEm1kRYCQWqFeQ1V0VHmaMJ/tldh3pcYB2MUdQNRS4lGtcvJIngmU5aoqQONwBoAkXHD2s4sMGvGuUPEw/gpv9e8n27mXX3KfXAFxt1GKGglX+NwaygnvqIeThkez99+CMBg35xHIMNpwp2u0YRk56LQ8C2HYM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715461794; c=relaxed/simple; bh=awyMliQSjbUNmHImBj3im/6MAmRLZaXBovw6qI33SIk=; h=From:Date:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=F1Bjh10QIkfp+b1jG7kKHmTh1bTqedkKosxEOdP89vtuxhjAH4NIqKGoWPIiTemLpIR3NFefKZALwHyMspYKWZTB13q4HpkBzxl8+xSKdUvKBM2hqP6WAnPuWKkJm5aIEygqHhK2cGXNzgb5UxZZs3sLcjAN/nRy+HSb2SyN18I= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=EwgJIpsT; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1ed835f3c3cso28434355ad.3; Sat, 11 May 2024 14:09:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715461792; x=1716066592; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:date:from:from:to :cc:subject:date:message-id:reply-to; bh=fhGglJZ+b8g6GXzg1Ll6IIdz99ZTq4GAj4YEaMs8Mvw=; b=EwgJIpsTzH4OkgLZBVo4ouzRadD8+NqZY4U4PWYqdHpx2X23MXCuQ05TBfBwF6U8gW LQH7Wp0GjXY4Ka28s3/nSyaNd4P8QyQannKor0vPmml+NeXNO0nY0mx60MYqMIi8eA0Z YSCPc2hyI+GIqSPPXSCWOcsIApyjgHw1WHgpegd6rZ1cA6aROkxBKmMTmG3NK3GUP4yh Y+MXxvTTeC+WTREBoi7RdCwZnxTvtjkAdtrmvZP+ZEszJq8OTjUc0AKHdA8tQhlpHa4N dFPTKpwo5sVqBqp4qBZdoOfv/KMyiJ8V1jXrTP20mOm6PpWGFxgYmepgLdq0XU7552+3 XQWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715461792; x=1716066592; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fhGglJZ+b8g6GXzg1Ll6IIdz99ZTq4GAj4YEaMs8Mvw=; b=BMFTKLvxEZnVlDb152oocQtcALWqGYBaVp4tluPrK4SOd+MR11S2E/t56t4cqHegA7 4MI2c634enpvFwm8mZKJ23T59madS05IHA9RD0n7bCIbIcqpo8Oalq+u4rLEz7gNrn/H 0F1oLpVEj/8KZ8hxFiLZOgy6RE3Q3hwYRwM0l1nAWPde8E4pbW+OUyXIVxa2+GcFCXTw L4Av4F1KdGRfx2NwJXkEat/PcgapRxKo+pQ3sC3GbgE3qhw9Q2lETU6A8oSq9kUyvCbx hqQz36bdv6h4jsgE4/9vFveiaHM57s2lOVJsVpAjUfZ857U5iJWp4duWqOanHAgurciq GmIQ== X-Forwarded-Encrypted: i=1; AJvYcCX7be1Hzc+FAQBcBrQzPngzwbWsPoSIhQlVxYLx6M+WqLqN+hxabNjy1C6G3k2VbfMpYoHG3tzppAaHsFI/DgwYuR0ibUUZRDVZNo5h6IRedwH0+7yW4L4P0W84ArF3qj6rebW2c6PFUOfNQIRMmhAurUsnI1IZcT49jBP4n/tAqjuj02EpKN/+AZByGSKMQygYRgG0jClIocKoHjE9oLjhoeSMVzYScv7mx48lx8nbPulk1nQWszwJ1pRM X-Gm-Message-State: AOJu0Yya3bLLR9QbdMt1BaCejySBhYPzNQXjiNKdn+bbDbByek+g3QqY TejS8kRzTLYEHRFL1BaphqgGgSqKYyQwcoJlSf8MhkBIHie88lPU X-Received: by 2002:a17:902:82ca:b0:1e6:116b:b0d3 with SMTP id d9443c01a7336-1ef43d2ec00mr73548335ad.28.1715461791943; Sat, 11 May 2024 14:09:51 -0700 (PDT) Received: from krava ([204.113.88.211]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bf30c7asm52841025ad.171.2024.05.11.14.09.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 May 2024 14:09:51 -0700 (PDT) From: Jiri Olsa X-Google-Original-From: Jiri Olsa Date: Sat, 11 May 2024 15:09:48 -0600 To: "Edgecombe, Rick P" Cc: "olsajiri@gmail.com" , "songliubraving@fb.com" , "luto@kernel.org" , "mhiramat@kernel.org" , "andrii@kernel.org" , "debug@rivosinc.com" , "john.fastabend@gmail.com" , "linux-api@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "mingo@redhat.com" , "rostedt@goodmis.org" , "ast@kernel.org" , "tglx@linutronix.de" , "yhs@fb.com" , "oleg@redhat.com" , "peterz@infradead.org" , "linux-man@vger.kernel.org" , "daniel@iogearbox.net" , "linux-trace-kernel@vger.kernel.org" , "bp@alien8.de" , "bpf@vger.kernel.org" , "x86@kernel.org" Subject: Re: [PATCHv5 bpf-next 6/8] x86/shstk: Add return uprobe support Message-ID: References: <20240507105321.71524-1-jolsa@kernel.org> <20240507105321.71524-7-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Thu, May 09, 2024 at 04:24:37PM +0000, Edgecombe, Rick P wrote: > On Thu, 2024-05-09 at 10:30 +0200, Jiri Olsa wrote: > > > Per the earlier discussion, this cannot be reached unless uretprobes are in > > > use, > > > which cannot happen without something with privileges taking an action. But > > > are > > > uretprobes ever used for monitoring applications where security is > > > important? Or > > > is it strictly a debug-time thing? > > > > sorry, I don't have that level of detail, but we do have customers > > that use uprobes in general or want to use it and complain about > > the speed > > > > there are several tools in bcc [1] that use uretprobes in scripts, > > like: > > ? memleak, sslsniff, trace, bashreadline, gethostlatency, argdist, > > ? funclatency > > Is it possible to have shadow stack only use the non-syscall solution? It seems > it exposes a more limited compatibility in that it only allows writing the > specific trampoline address. (IIRC) Then shadow stack users could still use > uretprobes, but just not the new optimized solution. There are already > operations that are slower with shadow stack, like longjmp(), so this could be > ok maybe. I guess it's doable, we'd need to keep both trampolines around, because shadow stack is enabled by app dynamically and use one based on the state of shadow stack when uretprobe is installed so you're worried the optimized syscall path could be somehow exploited to add data on shadow stack? jirka