[lttng-dev] https://lists.lttng.org/pipermail/lttng-dev/2020-May/029631.html
yashvardhan kukreti
yashvardhankukreti at gmail.com
Mon Mar 27 11:52:41 EDT 2023
62 #ifdef LTTNG_CONFIG_PPC64_ELF_ABI_V2
63 /* Substract 4 bytes to get what we originally want */
64 addr = (unsigned long)(((char *)probe.addr) - 4);
65 #elif defined*(LTTNG_*CONFIG_PPC64_ELF_ABI_V1) << incorrect MACRO to
used in gerrit review. this is the correct one.
66 /*
67 * Build a function descriptor from the address of
/lttng-module-2.13.8/src/wrapper/kallsyms.c:72:32: error: invalid use of
undefined type 'struct func_desc'
| 72 | kallsyms_lookup_name_func_desc.addr = (unsigned long)probe.addr;
/lttng-module-2.13.8/src/wrapper/kallsyms.c:73:32: error: invalid use of
undefined type 'struct func_desc'
| 73 | kallsyms_lookup_name_func_desc.toc = ((struct func_desc *)
&sprint_symbol)->toc;
you either want to use func_descr_t
https://elixir.bootlin.com/linux/v5.15.104/source/arch/powerpc/include/asm/types.h#L30
or
struct ppc64_opd_entry
https://elixir.bootlin.com/linux/v5.17.15/source/arch/powerpc/include/uapi/asm/elf.h#L293
both of which are discontinued from 5.18
On Mon, Mar 27, 2023 at 5:56 PM Mathieu Desnoyers <
mathieu.desnoyers at efficios.com> wrote:
> On 2023-03-26 11:00, yashvardhan kukreti wrote:
> >
> > Hi Mathew,
> >
> > I have a question about this patch for lttng-modules and the use of
> > register_kprobe() to fetch the function ptr.
> > The question in this regard is especially from PPC64 ELF_ABI_v1
> > perspective.
> >
> > The functions on PPC64 are accessed via the Function descriptor
> > while what register_kprobes returns is the entry point of the
> function.
> > Hence using the return pointer tends to interpret the addr as the
> > address of the function descriptor and dereferences the ppc_inst as
> > the function entry point and crashes
> >
> > [ 4145.483594] kernel tried to execute exec-protected page
> > (7c0802a6fb81ffe0) - exploit attempt? (uid: 0)
> > here 7c0802a6 is the mfspr instruction from the code text section of
> > the kallsyms_lookup_name()
> >
> > note for PPC_ELF_ABI_v1 the register_kprobes() searches for the dot
> > variant of the symbol and only in case if cannot find the dot
> > variant looks for the normal symbol.
> > register_kprobe() -> kprobe_addr() -> kprobe_lookup_name() [arch
> > variant replaces weak symbol]
> >
> https://elixir.bootlin.com/linux/v5.10.174/C/ident/kprobe_lookup_name <
> https://elixir.bootlin.com/linux/v5.10.174/C/ident/kprobe_lookup_name>
> >
> > Please let me know if i make sense or that i may have missed
> something.
> >
> > I have looked at the code of 2.12.8 as well and 2.12.3 verstion of
> > lttng-modules.
>
> Please have a look at commits (from stable-2.12 branch of lttng-modules):
>
> commit 53772db24facd84f1f3ddcf21a1ef5f162608721
> Author: He Zhe <zhe.he at windriver.com>
> Date: Tue Sep 27 15:59:42 2022 +0800
>
> wrapper: powerpc64: fix kernel crash caused by do_get_kallsyms
>
> commit 8fe888d86ccad4226b05a536efb73d71bb091062
> Author: Michael Jeanson <mjeanson at efficios.com>
> Date: Thu Nov 24 14:25:33 2022 -0500
>
> fix: kallsyms wrapper on ppc64el
>
> I suspect you'll also need this change currently in review:
>
> https://review.lttng.org/c/lttng-modules/+/9113
>
> Please let us know if especially this last change fixes things on your
> side.
>
> Thanks,
>
> Mathieu
>
>
> >
> > Regards,
> > Shashank
> >
>
> --
> Mathieu Desnoyers
> EfficiOS Inc.
> https://www.efficios.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.lttng.org/pipermail/lttng-dev/attachments/20230327/7acf6326/attachment.htm>
More information about the lttng-dev
mailing list