Sorry for the late reply, I was on PTO.
On 05/14, Deepak Gupta wrote:
>
> Question,
>
> Is it kernel who is maintaining all return probes, meaning original return addresses
> are saved in kernel data structures on per task basis.
Yes. task_struct->utask->return_instances
See prepare_uretprobe() which inserts the new return_instance with
->orig_ret_vaddr = original return addresses
when the tracee enters the ret-probed function.
> Once uretprobe did its job then
> its kernel who is ensuring return to original return address ?
Yes. See instruction_pointer_set(regs, ri->orig_ret_vaddr) in
handle_trampoline().
I know absolutely nothing about the shadow stacks, trying to read
Documentation/arch/x86/shstk.rst but it doesn't tell me too much...
Where can I find more documentation? I didn't try to google yet.
Upon function return, the processor pops the shadow stack copy
and compares it to the normal stack copy. If the two differ, the
processor raises a control-protection fault.
grep-grep-grep... exc_control_protection I guess.
Let me ask a couple of really stupid questions. What if the shadow stack
is "shorter" than the normal stack? I mean,
enable_shstk()
{
prctl(ARCH_SHSTK_SHSTK);
}
what happens when enable_shstk() returns?
And what is the purpose of fpregs_lock_and_load() ? Why do we need to
fpregs_restore_userregs() in shstk_setup() and other places?
Oleg.
