bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* HELP: bpf_probe_user_write for registers
@ 2020-11-29 18:34 Markus Ongyerth
  2020-11-29 22:22 ` Alexei Starovoitov
  0 siblings, 1 reply; 4+ messages in thread
From: Markus Ongyerth @ 2020-11-29 18:34 UTC (permalink / raw)
  To: bpf

Hi,

I've been looking into introspecting and possibly convincing an application to behave slightly different with bpf measures.

I found `bpf_probe_user_write` but as far as I can tell, that only works for memory areas. 
Is there an alternative that can be used on registers as well?

Thanks,
ongy

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: HELP: bpf_probe_user_write for registers
  2020-11-29 18:34 HELP: bpf_probe_user_write for registers Markus Ongyerth
@ 2020-11-29 22:22 ` Alexei Starovoitov
  2020-11-30  4:33   ` Markus Ongyerth
  0 siblings, 1 reply; 4+ messages in thread
From: Alexei Starovoitov @ 2020-11-29 22:22 UTC (permalink / raw)
  To: Markus Ongyerth; +Cc: bpf

On Sun, Nov 29, 2020 at 10:38 AM Markus Ongyerth <bpf@ongy.net> wrote:
>
> Hi,
>
> I've been looking into introspecting and possibly convincing an application to behave slightly different with bpf measures.
>
> I found `bpf_probe_user_write` but as far as I can tell, that only works for memory areas.
> Is there an alternative that can be used on registers as well?

fyi bpf_probe_write_user() warns in dmesg.
That was done on purpose to avoid usage of this helper in production code.
A new helper can be added to adjust user regs, but it will have similar warning.
It's better to discuss the use case first.
Do you envision user regs to be changed after uprobe in an arbitrary location
or in some fixed place and only particular regs?

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: HELP: bpf_probe_user_write for registers
  2020-11-29 22:22 ` Alexei Starovoitov
@ 2020-11-30  4:33   ` Markus Ongyerth
  2020-12-01  2:27     ` Alexei Starovoitov
  0 siblings, 1 reply; 4+ messages in thread
From: Markus Ongyerth @ 2020-11-30  4:33 UTC (permalink / raw)
  To: Alexei Starovoitov; +Cc: bpf

On Sun, Nov 29, 2020, at 23:22, Alexei Starovoitov wrote:
> On Sun, Nov 29, 2020 at 10:38 AM Markus Ongyerth <bpf@ongy.net> wrote:
> >
> > Hi,
> >
> > I've been looking into introspecting and possibly convincing an application to behave slightly different with bpf measures.
> >
> > I found `bpf_probe_user_write` but as far as I can tell, that only works for memory areas.
> > Is there an alternative that can be used on registers as well?
> 
> fyi bpf_probe_write_user() warns in dmesg.
I've seen the note about that. I don't really mind, since it's not spammy but once when the code is loaded.
> That was done on purpose to avoid usage of this helper in production code.
> A new helper can be added to adjust user regs, but it will have similar warning.
> It's better to discuss the use case first.
> Do you envision user regs to be changed after uprobe in an arbitrary location
> or in some fixed place and only particular regs?
My current usecase needs to be able to set PT_REGS_PARM2 and PT_REG_PARM4 I think in specific function entry uprobes to modify an argument usually passed in a register by ABI.
And that's what I'd use for playing around with things in general I think. Arbitrary registers at arbitrary points sounds like fund but also way more dangerous.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: HELP: bpf_probe_user_write for registers
  2020-11-30  4:33   ` Markus Ongyerth
@ 2020-12-01  2:27     ` Alexei Starovoitov
  0 siblings, 0 replies; 4+ messages in thread
From: Alexei Starovoitov @ 2020-12-01  2:27 UTC (permalink / raw)
  To: Markus Ongyerth; +Cc: bpf

On Mon, Nov 30, 2020 at 05:33:27AM +0100, Markus Ongyerth wrote:
> On Sun, Nov 29, 2020, at 23:22, Alexei Starovoitov wrote:
> > On Sun, Nov 29, 2020 at 10:38 AM Markus Ongyerth <bpf@ongy.net> wrote:
> > >
> > > Hi,
> > >
> > > I've been looking into introspecting and possibly convincing an application to behave slightly different with bpf measures.
> > >
> > > I found `bpf_probe_user_write` but as far as I can tell, that only works for memory areas.
> > > Is there an alternative that can be used on registers as well?
> > 
> > fyi bpf_probe_write_user() warns in dmesg.
> I've seen the note about that. I don't really mind, since it's not spammy but once when the code is loaded.
> > That was done on purpose to avoid usage of this helper in production code.
> > A new helper can be added to adjust user regs, but it will have similar warning.
> > It's better to discuss the use case first.
> > Do you envision user regs to be changed after uprobe in an arbitrary location
> > or in some fixed place and only particular regs?
> My current usecase needs to be able to set PT_REGS_PARM2 and PT_REG_PARM4 I think in specific function entry uprobes to modify an argument usually passed in a register by ABI.
> And that's what I'd use for playing around with things in general I think. Arbitrary registers at arbitrary points sounds like fund but also way more dangerous.

The uprobe can tap anywhere. Are you using USDT in such user space process?
In other words does user process expect to be altered this way?
In the past folks proposed an idea of user space tracepoints like USDT, but
with less overhead. uprobe is quite slow to use in production for anything
other than debugging.
If we could add static_jump-like construct for user space to use and let
kernel enable that jump that will do a syscall into kernel then we can
allow bpf prog change syscall args and return arbitrary stuff back.
Sort-of like USDT semaphore but without uprobe trap.
This way user space will have predefined points in the code where it
can expect changes to the flow of the code and data.

On the other side hacking user's pt_regs from uprobe isn't such a big deal,
since we allow probe_write_user already. If you can prepare a patch I think
it has a good chance to land.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-12-01  2:28 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-29 18:34 HELP: bpf_probe_user_write for registers Markus Ongyerth
2020-11-29 22:22 ` Alexei Starovoitov
2020-11-30  4:33   ` Markus Ongyerth
2020-12-01  2:27     ` Alexei Starovoitov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).