From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 78717383F871; Wed, 20 May 2020 11:37:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 78717383F871 From: "fche at redhat dot com" To: systemtap@sourceware.org Subject: [Bug tapsets/26015] New: make syscall arguments symbol-writeable again Date: Wed, 20 May 2020 11:37:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: systemtap X-Bugzilla-Component: tapsets X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fche at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: systemtap at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter blocked target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: systemtap@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Systemtap mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2020 11:37:22 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D26015 Bug ID: 26015 Summary: make syscall arguments symbol-writeable again Product: systemtap Version: unspecified Status: NEW Severity: normal Priority: P2 Component: tapsets Assignee: systemtap at sourceware dot org Reporter: fche at redhat dot com Blocks: 25580 Target Milestone: --- With the linux 4.17+ transition to pt_regs passing syscall wrappers (the nd2_syscall.* family of probe point aliases), as well as the tracepoint fallbacks (the tp_syscall.* family), we've lost the ability to modify sysca= ll parameters, even in guru mode. That's because the parameters are copied ou= t of pt_regs into script level variables, but that's a one-way trip only. IOW, previously we could do this, because the syscall alias expanded to a d= warf probe of the low level syscall handler function: stap -g -e 'probe syscall.foo { if (uid() =3D=3D 0) $var =3D 2 }' but now there is no $var. One way might be to extend the nd2_* and tp_* suite with a construct using epilogue-style probe aliases to copy back modified values into the pt_regs.= =20 This might almost work: old: probe nd2_syscall.mknod =3D kprobe.function(@arch_syscall_prefix "sys_mknod= ") ? { // .... _SYSCALL_MKNOD_REGARGS // .... } @define _SYSCALL_MKNOD_REGARGS %( pathname =3D user_string_quoted(pointer_arg(1)) mode =3D uint_arg(2) mode_str =3D _mknod_mode_str(mode) dev =3D uint_arg(3) %) add: probe nd2_syscall.mknod +=3D kprobe.function(@arch_syscall_prefix "sys_mkno= d") ? { // ... _SYSCALL_MKNOD_REGARGS_STORE } @define _SYSCALL_MKNOD_REGARGS_STORE %( store_user_string(pointer_arg(1), pathname) // or punt set_uint_arg(2, mode) set_uint_arg(3, dev) // ... %) then stap -g -e 'probe syscall.mknod { if (uid() =3D=3D 0) mode &=3D 0700 }' would work (to make root mknod's always have umask 077, apprx.). Or we may be able to expose the $mode name as an rvalue & lvalue, via some = sort of newfangled macro trickery? Maybe let probe points include a list of simulated context variables in context, with getter/setter expansion expressions kind of like tree rewriting rules: probe nd2_syscall.mknod =3D kprobe.function(@arch_syscall_prefix "sys_mknod= ") ? [$mode, get_uint_arg(2), set_uint_arg(2,$mode)] { mode =3D $mode } where then the $mode symbol itself becomes read-write. Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=3D25580 [Bug 25580] lp tracker --=20 You are receiving this mail because: You are the assignee for the bug.=