> > > Hi Mathew, > > I have a question about this patch for lttng-modules and the use of > register_kprobe() to fetch the function ptr. > The question in this regard is especially from PPC64 ELF_ABI_v1 > perspective. > > The functions on PPC64 are accessed via the Function descriptor while what > register_kprobes returns is the entry point of the function. > Hence using the return pointer tends to interpret the addr as the address > of the function descriptor and dereferences the ppc_inst as the function > entry point and crashes > > [ 4145.483594] kernel tried to execute exec-protected page > (7c0802a6fb81ffe0) - exploit attempt? (uid: 0) > > here 7c0802a6 is the mfspr instruction from the code text section of the > kallsyms_lookup_name() > > note for PPC_ELF_ABI_v1 the register_kprobes() searches for the dot > variant of the symbol and only in case if cannot find the dot variant looks > for the normal symbol. > register_kprobe() -> kprobe_addr() -> kprobe_lookup_name() [arch variant > replaces weak symbol] > https://elixir.bootlin.com/linux/v5.10.174/C/ident/kprobe_lookup_name > > Please let me know if i make sense or that i may have missed something. > > I have looked at the code of 2.12.8 as well and 2.12.3 verstion of > lttng-modules. > > Regards, > Shashank > >
_______________________________________________ lttng-dev mailing list lttng-dev@lists.lttng.org https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
