On Tue, Jan 14, 2025 at 6:19 AM Jiri Olsa <olsajiri@xxxxxxxxx> wrote: > > On Tue, Jan 14, 2025 at 11:58:03AM +0100, Oleg Nesterov wrote: > > On 01/14, Jiri Olsa wrote: > > > > > > --- a/arch/x86/kernel/uprobes.c > > > +++ b/arch/x86/kernel/uprobes.c > > > @@ -315,14 +315,25 @@ asm ( > > > ".global uretprobe_trampoline_entry\n" > > > "uretprobe_trampoline_entry:\n" > > > "pushq %rax\n" > > > + "pushq %rbx\n" > > > "pushq %rcx\n" > > > "pushq %r11\n" > > > + "movq $1, %rbx\n" > > > "movq $" __stringify(__NR_uretprobe) ", %rax\n" > > > "syscall\n" > > > ".global uretprobe_syscall_check\n" > > > "uretprobe_syscall_check:\n" > > > + "or %rbx,%rbx\n" > > > + "jz uretprobe_syscall_return\n" > > > "popq %r11\n" > > > "popq %rcx\n" > > > + "popq %rbx\n" > > > + "popq %rax\n" > > > + "int3\n" > > > + "uretprobe_syscall_return:\n" > > > + "popq %r11\n" > > > + "popq %rcx\n" > > > + "popq %rbx\n" > > > > But why do we need to abuse %rbx? Can't uretprobe_trampoline_entry do > > > > syscall > > > > // int3_section, in case sys_uretprobe() doesn't work > > popq %r11 > > popq %rcx > > popq %rax > > int3 > > > > uretprobe_syscall_return: > > popq %r11 > > popq %rcx > > popq %rbx > > retq > > > > and change sys_uretprobe() to do > > > > - regs->ip = ip; > > + regs->ip = ip + sizeof(int3_section); > > nice idea, I wonder we get the trampoline size under one xol slot with that > Should we just fix whoever is blocking kernel-internal special syscall (sys_uretprobe)? What would happen if someone blocked that other special kernel-internal syscall for signal handling (can't remember the name, but the one that was an inspiration/justification for sys_uretprobe)? > thanks, > jirka
