From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dichen@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id A106B385BF9C
 for <systemtap@sourceware.org>; Fri,  3 Dec 2021 06:46:25 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A106B385BF9C
Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com
 [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-484-gVUC6J-1OWCrjpPNe4eLNg-1; Fri, 03 Dec 2021 01:46:21 -0500
X-MC-Unique: gVUC6J-1OWCrjpPNe4eLNg-1
Received: by mail-ed1-f71.google.com with SMTP id
 w18-20020a056402071200b003e61cbafdb4so1727632edx.4
 for <systemtap@sourceware.org>; Thu, 02 Dec 2021 22:46:21 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=W8fxVl3I5JXgmu+E1lrf7bJpbsPEPAzaBnEp16uuzV4=;
 b=i0JTtKO2gBSsGLRav7d+kAS5xT/yymLmfiw6Yk6T+FFqPAkjOy3ED0l1q9B0IxVKwj
 gnmexiMroJsru2qxQdG9rJD3s4aO9AL6eLidNActuj6ov2g+LCqvxaHNLHsYXL4pyOL7
 fpHLyKP0QkNQhbsINPqUDw4WPEGQb8oHRO3LXj3qKR9VFiw6N9cuXbiRTrt4UoZSQyz+
 UR0vB/hXiaJ0I+wP3hKdFk6UiYKx/sVs5gpWOGNF+qQISSSAx+PO9pTfh+dHdxfo7/Nr
 gUt66YLRUAxL7jXw4u7sQnpHTskr0ISaI5ZOhp33lhokNYp6aBqndx43/Iwrr6Sminp3
 ueFQ==
X-Gm-Message-State: AOAM530cIZfmhyn7xdGyhdaXkFq+OHuv2NOecTfgKJ5h8EWBULtEzpx+
 7Parn2cupWk3KoVcwt7iXYuaSnMz0hhUIKaJBKhCctpXXaxH8OEZst6Onpo6hKyoJcZETsGY8T5
 bas1rweQuZttUxSEPll4Oa4dU2ooN27R5uls=
X-Received: by 2002:a17:906:6a1a:: with SMTP id
 qw26mr21125082ejc.489.1638513980252; 
 Thu, 02 Dec 2021 22:46:20 -0800 (PST)
X-Google-Smtp-Source: ABdhPJw7yvCiFbBBCei8QqWODS6zpJ3KKAOXYuxCXvmkG/tCp7im+6msp6/S7jAFEC+kj3C4/7gIPJqrWQ63MbK2thE=
X-Received: by 2002:a17:906:6a1a:: with SMTP id
 qw26mr21125055ejc.489.1638513979935; 
 Thu, 02 Dec 2021 22:46:19 -0800 (PST)
MIME-Version: 1.0
From: Di Chen <dichen@redhat.com>
Date: Fri, 3 Dec 2021 14:46:08 +0800
Message-ID: <CAN-Pu7RBZ5ur5MXXMRcpGCQ=ZqiL1Zy=Jh6AG_s8Nv1PH8QLGA@mail.gmail.com>
Subject: [PATCH] Add support for new syscall memfd_secret
To: systemtap@sourceware.org
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-13.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 HTML_MESSAGE, KAM_SHORT, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,
 SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: systemtap@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Systemtap mailing list <systemtap.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/systemtap>,
 <mailto:systemtap-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/systemtap/>
List-Help: <mailto:systemtap-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/systemtap>,
 <mailto:systemtap-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2021 06:46:27 -0000

>From d2afae5de4c5135046606420787d539865b1832c Mon Sep 17 00:00:00 2001
From: Di Chen <dichen@redhat.com>
Date: Fri, 5 Nov 2021 22:34:37 +0800
Subject: [PATCH] Add support for new syscall memfd_secret

Linux 5.14 added the memfd_secret syscall, adding tapset support.

memfd_secret() was disabled by default and a command-line option
was added to enable it at boot time.

$ cat /proc/cmdline
[...] secretmem.enable=y

https://sourceware.org/bugzilla/show_bug.cgi?id=28418
https://lwn.net/Articles/865256/

Signed-off-by: Di Chen <dichen@redhat.com>
---
 runtime/linux/compat_unistd.h              |   4 +
 tapset/linux/aux_syscalls.stp              |   3 +
 tapset/linux/sysc_memfd_secret.stp         | 102 +++++++++++++++++++++
 testsuite/systemtap.syscall/memfd_secret.c |  22 +++++
 4 files changed, 131 insertions(+)
 create mode 100644 tapset/linux/sysc_memfd_secret.stp
 create mode 100644 testsuite/systemtap.syscall/memfd_secret.c

diff --git a/runtime/linux/compat_unistd.h b/runtime/linux/compat_unistd.h
index 5a932cc17..5e73950b9 100644
--- a/runtime/linux/compat_unistd.h
+++ b/runtime/linux/compat_unistd.h
@@ -920,6 +920,9 @@
 #ifndef __NR_ia32_memfd_create
 #define __NR_ia32_memfd_create 356
 #endif
+#ifndef __NR_ia32_memfd_secret
+#define __NR_ia32_memfd_secret 447
+#endif
 #ifndef __NR_ia32_migrate_pages
 #define __NR_ia32_migrate_pages 294
 #endif
@@ -1999,6 +2002,7 @@
 #define __NR_compat_mbind __NR_mbind
 #define __NR_compat_membarrier __NR_membarrier
 #define __NR_compat_memfd_create __NR_memfd_create
+#define __NR_compat_memfd_secret   __NR_memfd_secret
 #define __NR_compat_migrate_pages __NR_migrate_pages
 #define __NR_compat_mincore __NR_mincore
 #define __NR_compat_mkdir __NR_mkdir
diff --git a/tapset/linux/aux_syscalls.stp b/tapset/linux/aux_syscalls.stp
index 3313fb441..4a4bac4df 100644
--- a/tapset/linux/aux_syscalls.stp
+++ b/tapset/linux/aux_syscalls.stp
@@ -1703,6 +1703,9 @@ static const _stp_val_array _stp_mfd_flags_list[] = {
 #endif
 #ifdef MFD_ALLOW_SEALING
         V(MFD_ALLOW_SEALING),
+#endif
+#ifdef O_CLOEXEC
+        V(O_CLOEXEC),
 #endif
         {0, NULL}
 };
diff --git a/tapset/linux/sysc_memfd_secret.stp
b/tapset/linux/sysc_memfd_secret.stp
new file mode 100644
index 000000000..aa9b125ec
--- /dev/null
+++ b/tapset/linux/sysc_memfd_secret.stp
@@ -0,0 +1,102 @@
+# memfd_secret _____________________________________________________
+# long sys_memfd_secret (unsigned int flags)
+
+/* kernel 5.14+ */
+@define _SYSCALL_MEMFD_SECRET_NAME
+%(
+ name = "memfd_secret"
+%)
+
+@define _SYSCALL_MEMFD_SECRET_ARGSTR
+%(
+ argstr = sprintf("%s", flags_str)
+%)
+
+@define _SYSCALL_MEMFD_SECRET_REGARGS
+%(
+ flags = uint_arg(1)
+ flags_str = _mfd_flags_str(uint_arg(1))
+%)
+
+@define _SYSCALL_MEMFD_SECRET_REGARGS_STORE
+%(
+ if (@probewrite(flags))
+  set_uint_arg(1, flags)
+%)
+
+probe syscall.memfd_secret = dw_syscall.memfd_secret !,
nd_syscall.memfd_secret ? {}
+probe syscall.memfd_secret.return = dw_syscall.memfd_secret.return !,
nd_syscall.memfd_secret.return ? {}
+
+# dw_memfd_secret _____________________________________________________
+
+probe dw_syscall.memfd_secret = kernel.function("sys_memfd_secret").call ?
+{
+ @_SYSCALL_MEMFD_SECRET_NAME
+ flags = $flags
+ flags_str = _mfd_flags_str($flags)
+ @_SYSCALL_MEMFD_SECRET_ARGSTR
+}
+probe dw_syscall.memfd_secret.return =
kernel.function("sys_memfd_secret").return ?
+{
+ @_SYSCALL_MEMFD_SECRET_NAME
+ @SYSC_RETVALSTR($return)
+}
+
+# nd_memfd_secret _____________________________________________________
+
+probe nd_syscall.memfd_secret = nd1_syscall.memfd_secret!,
nd2_syscall.memfd_secret!, tp_syscall.memfd_secret
+  { }
+
+probe nd1_syscall.memfd_secret = kprobe.function("sys_memfd_secret") ?
+{
+ @_SYSCALL_MEMFD_SECRET_NAME
+ asmlinkage()
+ @_SYSCALL_MEMFD_SECRET_REGARGS
+ @_SYSCALL_MEMFD_SECRET_ARGSTR
+}
+
+probe nd2_syscall.memfd_secret = kprobe.function(@arch_syscall_prefix
"sys_memfd_secret") ?
+{
+ __set_syscall_pt_regs(pointer_arg(1))
+ @_SYSCALL_MEMFD_SECRET_NAME
+ @_SYSCALL_MEMFD_SECRET_REGARGS
+ @_SYSCALL_MEMFD_SECRET_ARGSTR
+},
+{
+        %( @_IS_SREG_KERNEL %? @_SYSCALL_MEMFD_SECRET_REGARGS_STORE %)
+}
+
+probe tp_syscall.memfd_secret = kernel.trace("sys_enter")
+{
+ __set_syscall_pt_regs($regs)
+ @__syscall_compat_gate(@const("__NR_memfd_secret"),
@const("__NR_compat_memfd_secret"))
+ @_SYSCALL_MEMFD_SECRET_NAME
+ @_SYSCALL_MEMFD_SECRET_REGARGS
+ @_SYSCALL_MEMFD_SECRET_ARGSTR
+},
+{
+        %( @_IS_SREG_KERNEL %? @_SYSCALL_MEMFD_SECRET_REGARGS_STORE %)
+}
+
+probe nd_syscall.memfd_secret.return = nd1_syscall.memfd_secret.return!,
nd2_syscall.memfd_secret.return!, tp_syscall.memfd_secret.return
+  { }
+
+probe nd1_syscall.memfd_secret.return =
kprobe.function("sys_memfd_secret").return ?
+{
+ @_SYSCALL_MEMFD_SECRET_NAME
+ @SYSC_RETVALSTR(returnval())
+}
+
+probe nd2_syscall.memfd_secret.return =
kprobe.function(@arch_syscall_prefix "sys_memfd_secret").return ?
+{
+ @_SYSCALL_MEMFD_SECRET_NAME
+ @SYSC_RETVALSTR(returnval())
+}
+
+probe tp_syscall.memfd_secret.return = kernel.trace("sys_exit")
+{
+ __set_syscall_pt_regs($regs)
+ @__syscall_compat_gate(@const("__NR_memfd_secret"),
@const("__NR_compat_memfd_secret"))
+ @_SYSCALL_MEMFD_SECRET_NAME
+ @SYSC_RETVALSTR($ret)
+}
diff --git a/testsuite/systemtap.syscall/memfd_secret.c
b/testsuite/systemtap.syscall/memfd_secret.c
new file mode 100644
index 000000000..9a467db86
--- /dev/null
+++ b/testsuite/systemtap.syscall/memfd_secret.c
@@ -0,0 +1,22 @@
+/* COVERAGE: memfd_secret */
+
+/*
+ * Glibc doesn't support memfd_secret yet, so we have to use syscall(2)
+ */
+#define _GNU_SOURCE
+#include <sys/syscall.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#ifdef __NR_memfd_secret
+
+int main()
+{
+    int fd;
+    fd = syscall(__NR_memfd_secret, O_CLOEXEC);
+    //staptest// memfd_secret (O_CLOEXEC) = NNNN
+
+    close(fd);
+}
+
+#endif
-- 
2.33.1