On 04/06, Masami Hiramatsu wrote:
>
> On Fri, 5 Apr 2024 13:02:30 +0200
> Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > With or without this patch userpace can also do
> >
> > foo() { <-- retprobe1
> > bar() {
> > jump to xol_area
> > }
> > }
> >
> > handle_trampoline() will handle retprobe1.
>
> This is OK because the execution path has been changed to trampoline,
Agreed, in this case the misuse is more clear. But please see below.
> but the above will continue running bar() after sys_uretprobe().
... and most probably crash
> > sigreturn() can be "improved" too. Say, it could validate sigcontext->ip
> > and return -EINVAL if this addr is not valid. But why?
>
> Because sigreturn() never returns, but sys_uretprobe() will return.
You mean, sys_uretprobe() returns to the next insn after syscall.
Almost certainly yes, but this is not necessarily true. If one of consumers
changes regs->sp sys_uretprobe() "returns" to another location, just like
sys_rt_sigreturn().
That said.
Masami, it is not that I am trying to prove that you are "wrong" ;) No.
I see your points even if I am biased, I understand that my objections are
not 100% "fair".
I am just trying to explain why, rightly or not, I care much less about the
abuse of sys_uretprobe().
Thanks!
Oleg.
