On Mon, Apr 08, 2024 at 06:22:59PM +0200, Oleg Nesterov wrote:
> On 04/08, Jiri Olsa wrote:
> >
> > On Fri, Apr 05, 2024 at 01:02:30PM +0200, Oleg Nesterov wrote:
> > >
> > > And what should sys_uretprobe() do if it is not called from the trampoline?
> > > I'd prefer force_sig(SIGILL) to punish the abuser ;) OK, OK, EINVAL.
> >
> > so the similar behaviour with int3 ends up with immediate SIGTRAP
> > and not invoking pending uretprobe consumers, like:
> >
> > - setup uretprobe for foo
> > - foo() {
> > executes int 3 -> sends SIGTRAP
> > }
> >
> > because the int3 handler checks if it got executed from the uretprobe's
> > trampoline.
>
> ... or the task has uprobe at this address
>
> > if not it treats that int3 as regular trap
>
> Yes this mimics the "default" behaviour without uprobes/uretprobes
>
> > so I think we should mimic int3 behaviour and:
> >
> > - setup uretprobe for foo
> > - foo() {
> > uretprobe_syscall -> check if we got executed from uretprobe's
> > trampoline and send SIGILL if that's not the case
>
> Agreed,
>
> > I think it's better to have the offending process killed right away,
> > rather than having more undefined behaviour, waiting for final 'ret'
> > instruction that jumps to uretprobe trampoline and causes SIGILL
>
> Agreed. In fact I think it should be also killed if copy_to/from_user()
> fails by the same reason.
+1 makes sense
jirka
>
> Oleg.
>
