Skip to content

uprobe,bpf: Allow to change app registers from uprobe #5675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kernel-patches-daemon-bpf-rc wants to merge 4 commits into from
Closed

uprobe,bpf: Allow to change app registers from uprobe #5675

kernel-patches-daemon-bpf-rc wants to merge 4 commits into from

Conversation

@kernel-patches-daemon-bpf-rc
Copy link

@kernel-patches-daemon-bpf-rc kernel-patches-daemon-bpf-rc bot commented Aug 1, 2025

Pull request for series with
subject: uprobe,bpf: Allow to change app registers from uprobe
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=987804

olsajiri added 4 commits August 1, 2025 14:08
@olsajiri
uprobe: Do not emulate/sstep original instruction when ip is changed
dca857a 
If uprobe handler changes instruction pointer we still execute single
step) or emulate the original instruction and increment the (new) ip
with its length.

This makes the new instruction pointer bogus and application will
likely crash on illegal instruction execution.

If user decided to take execution elsewhere, it makes little sense
to execute the original instruction, so let's skip it.

Signed-off-by: Jiri Olsa <[email protected]>
@olsajiri
bpf: Allow uprobe program to change context registers
90b1163 
Currently uprobe (BPF_PROG_TYPE_KPROBE) program can't write to the
context registers data. While this makes sense for kprobe attachments,
for uprobe attachment it might make sense to be able to change user
space registers to alter application execution.

Since uprobe and kprobe programs share the same type (BPF_PROG_TYPE_KPROBE),
we can't deny write access to context during the program load. We need
to check on it during program attachment to see if it's going to be
kprobe or uprobe.

Storing the program's write attempt to context and checking on it
during the attachment.

Signed-off-by: Jiri Olsa <[email protected]>
@olsajiri
selftests/bpf: Add uprobe context registers changes test
c72b57b 
Adding test to check we can change common register values through
uprobe program.

It's x86_64 specific test.

Signed-off-by: Jiri Olsa <[email protected]>
@olsajiri
selftests/bpf: Add uprobe context ip register change test
d5849e6 
Adding test to check we can change the application execution
through instruction pointer change through uprobe program.

It's x86_64 specific test.

Signed-off-by: Jiri Olsa <[email protected]>
@kernel-patches-daemon-bpf-rc
Copy link
Author

kernel-patches-daemon-bpf-rc bot commented Aug 1, 2025

Upstream branch: e8d780d
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=987804
version: 1

@kernel-patches-daemon-bpf-rc
Copy link
Author

kernel-patches-daemon-bpf-rc bot commented Aug 1, 2025

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=987804 expired. Closing PR.

@kernel-patches-daemon-bpf-rc kernel-patches-daemon-bpf-rc bot deleted the series/987804=>bpf-next branch August 4, 2025 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bpf-next rfc V1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@olsajiri