Re: [PATCHv2 1/3] uprobe: Add uretprobe syscall to speed up return probe
From: Oleg Nesterov
Date: Wed Apr 03 2024 - 10:51:12 EST
Again, I leave this to you and Jiri, but
On 04/03, Masami Hiramatsu wrote:
>
> On Wed, 3 Apr 2024 11:47:41 +0200
> > > set in the user function, what happen if the user function directly
> > > calls this syscall? (maybe it consumes shadow stack?)
> >
> > the process should receive SIGILL if there's no pending uretprobe for
> > the current task, or it will trigger uretprobe if there's one pending
>
> No, that is too aggressive and not safe. Since the syscall is exposed to
> user program, it should return appropriate error code instead of SIGILL.
..
> Since the syscall is always exposed to the user program, it should
> - Do nothing and return an error unless it is properly called.
> - check the prerequisites for operation strictly.
We have sys_munmap(). should it check if the caller is going to unmap
the code region which contains regs->ip and do nothing?
I don't think it should. Userspace should blame itself, SIGSEGV is not
"too aggressive" in this case.
> I concern that new system calls introduce vulnerabilities.
Yes, we need to ensure that sys_uretprobe() can only damage the malicious
caller and nothing else.
Oleg.