On Wed, Jun 3, 2026 at 11:59 PM Jiri Olsa <[email protected]> wrote: > > On Tue, May 26, 2026 at 10:58:27PM +0200, Jiri Olsa wrote: > > hi, > > Andrii reported an issue with optimized uprobes [1] that can clobber > > redzone area with call instruction storing return address on stack > > where user code may keep temporary data without adjusting rsp. > > > > Fixing this by moving the optimized uprobes on top of 10-bytes nop > > instruction, so we can squeeze another instruction to escape the > > redzone area before doing the call. > > > > Note we need upstream update first for patch 3 (github.com/libbpf/usdt), > > if we decide to take this change. > > > > thanks, > > jirka > > > > > > v1: https://lore.kernel.org/bpf/[email protected]/ > > v2: https://lore.kernel.org/bpf/[email protected]/ > > v3: https://lore.kernel.org/bpf/[email protected]/ > > > > v4 changes: > > - do not use 2nd int3 (ont +5 offset) because the call instruction > > is allways the same for the given nop10 address [Andrii/Peter] > > - unmap unused trampoline vma after unsuccesfull optimization [sashiko] > > - small change to patch#2 moved user_64bit_mode earlier in the path > > and pass/use mm_struct pointer directly from arch_uprobe_optimize > > instead of gettting current->mm > > Andrii, keeping your ack, please shout otherwise > > hi, > I think bots did not find anything substantial, I have just small > selftests changes queued for v5 > > any other feedback/review would be great >
one small nit on only, otherwise LGTM. Peter, Masami, Ingo, should this go through tip tree or should we route this through bpf-next tree? I think we are fine either way, but might be more convenient to route through bpf-next given libbpf and BPF selftest changes. If so, I'd appreciate another look at first 5 patches by Peter, if that's ok. Thanks! > thanks, > jirka > > > > > > v3 changes: > > - use nop10 update suggested by Peter in [2] > > - remove struct uprobe_trampoline object, use vma objects directly instead > > - selftests fixes [sashiko] > > - ack from Andrii > > > > v2 changes: > > - several selftest fixes [sashiko] > > - consolidate is_lea_insn and is_call_insn insto single check [Jakub > > Sitnicki] > > - use proper mm_struct object in __in_uprobe_trampoline check [sashiko] > > - allow to copy uprobe trampolines vma objects on fork [sashiko] > > - change uprobe syscall detection error from -ENXIO to -EPROTO [Andrii] > > - added fork/clone tests > > - I kept the selftest changes and nop5->nop10 changes in separate > > commits for easier review, we can squash them later if we want to keep > > bisect working properly > > > > > > [1] https://lore.kernel.org/bpf/[email protected]/ > > [2] > > https://lore.kernel.org/bpf/[email protected]/#t > > --- > > Andrii Nakryiko (1): > > selftests/bpf: Add tests for uprobe nop10 red zone clobbering > > > > Jiri Olsa (12): > > uprobes/x86: Use proper mm_struct in __in_uprobe_trampoline > > uprobes/x86: Remove struct uprobe_trampoline object > > uprobes/x86: Allow to copy uprobe trampolines on fork > > uprobes/x86: Unmap trampoline vma object in case it's unused > > uprobes/x86: Move optimized uprobe from nop5 to nop10 > > libbpf: Change has_nop_combo to work on top of nop10 > > libbpf: Detect uprobe syscall with new error > > selftests/bpf: Emit nop,nop10 instructions combo for x86_64 arch > > selftests/bpf: Change uprobe syscall tests to use nop10 > > selftests/bpf: Change uprobe/usdt trigger bench code to use nop10 > > selftests/bpf: Add reattach tests for uprobe syscall > > selftests/bpf: Add tests for forked/cloned optimized uprobes > > > > arch/x86/kernel/uprobes.c | 379 > > +++++++++++++++++++++++++++++++++++++++++++----------------------------- > > include/linux/uprobes.h | 5 - > > kernel/events/uprobes.c | 10 -- > > kernel/fork.c | 1 - > > tools/lib/bpf/features.c | 4 +- > > tools/lib/bpf/usdt.c | 16 +-- > > tools/testing/selftests/bpf/bench.c | 20 ++-- > > tools/testing/selftests/bpf/benchs/bench_trigger.c | 38 ++++---- > > tools/testing/selftests/bpf/benchs/run_bench_uprobes.sh | 2 +- > > tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c | 307 > > +++++++++++++++++++++++++++++++++++++++++++++++++++++----- > > tools/testing/selftests/bpf/prog_tests/usdt.c | 74 > > ++++++++++++-- > > tools/testing/selftests/bpf/progs/test_usdt.c | 25 +++++ > > tools/testing/selftests/bpf/usdt.h | 2 +- > > tools/testing/selftests/bpf/usdt_2.c | 15 ++- > > 14 files changed, 653 insertions(+), 245 deletions(-)
