From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 57584C433EF for ; Mon, 9 May 2022 15:21:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=Qpu1r+n5PbvuMMlWGf24y2uAbkeuOTy48hYXmmyvECw=; b=srQaw1WHW7mi8Y /jcT592E5daMQP4Jhnp1VsXo/qYns20OX8bwK9+022CqJIynf4pfuI5ye71p1U+vAqUmElofp8kFc jWVWfwZYw7tuxFt8tsCmnrRxlEryrqEIcJ6qTx34EV8t1pab4a6zYfSZI1TwIqx2/N1DkRBHsm92g Mgo20t6p7ccaQQyCKnRgujFANmpZCbyjEVF3/NWKTrytaAP/Yj2cXgaKouYAEhOXEhjmurBVfN7Dt JL9RVJF7HV9FcnxPYfK8xpSZ81SxLB7WGwdJKipLIDde7MJ5kdz/CBTfVMT6iIVpz7zbqnlsICQXz C1WtHqq/PHnwcSF1ZRPw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1no5BV-00F48p-Vr; Mon, 09 May 2022 15:20:30 +0000 Received: from linux.microsoft.com ([13.77.154.182]) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1no5BM-00F42g-9W for linux-arm-kernel@lists.infradead.org; Mon, 09 May 2022 15:20:21 +0000 Received: from localhost.localdomain (154.pool92-186-13.dynamic.orange.es [92.186.13.154]) by linux.microsoft.com (Postfix) with ESMTPSA id 7974620EC5AF; Mon, 9 May 2022 08:20:08 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7974620EC5AF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1652109613; bh=V8m3pMalZV2o68GnS/qNSir7EImgItaMWaFe/5bI2jw=; h=From:To:Cc:Subject:Date:From; b=UIjcOSb7HpLRo2MDEgBNBfLrupiHnP8HpcoxSmfEHm5OF30bDqsmX72i6GVxfmNHr M8mjaxRlDg5K0egs9cCdMVMwK40QbItuOjzXQSWdUAy6SmHMxmKWv0uXh2O36vZ3U2 f8uuSSOrQRfLKcDVyi45co7jynQHzMgv+E+10VK4= From: Francis Laniel To: linux-arm-kernel@lists.infradead.org Cc: linux-trace-devel@vger.kernel.org, Francis Laniel , Catalin Marinas , Will Deacon , Peter Collingbourne , Mark Brown , Mark Rutland , Daniel Kiss , Kees Cook , linux-kernel@vger.kernel.org Subject: [RFC PATCH v1 0/1] Call forget_syscall() if different than execve*() Date: Mon, 9 May 2022 16:19:56 +0100 Message-Id: <20220509151958.441240-1-flaniel@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220509_082020_385188_06C65AED X-CRM114-Status: GOOD ( 13.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi. First, I hope you are fine and the same for your relatives. With this contribution, I enabled using syscalls:sys_exit_execve and syscalls:sys_exit_execveat as tracepoints on arm64. Indeed, before this contribution, the above tracepoint would not print their information as syscall number was set to -1 by calling forget_syscall(). Now, forget_syscall() is called only if previous syscall number was different than __NR_execve and __NR_execveat. I tested it by compiling a kernel for arm64 and running it within a VM: # Perf was compiled with linux kernel source. root@vm-arm64:~# perf record -ag -e 'syscalls:sys_exit_execve' -e 'syscalls:sys_enter_execve' & [1] 263 root@vm-arm64:~# ls perf.data share root@vm-arm64:~# fg perf record -ag -e 'syscalls:sys_exit_execve' -e 'syscalls:sys_enter_execve' ^C[ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.061 MB perf.data (2 samples) ] root@vm-arm64:~# perf script bash 264 [000] 66.220187: syscalls:sys_enter_execve: filename: 0xaaab05d9d ... # Below line does not appear with this patch. ls 264 [000] 66.226848: syscalls:sys_exit_execve: 0x0 ... Nonetheless, this contribution is not perfect, hence I marked it as RFC. First, I am not really sure if this is safe to not call forget_syscall() all the time, even though I did not have problem while testing it. Then, by including to the modified file I ended with some warnings at compile time: So, if you see any way to improve this contribution, feel free to share! Francis Laniel (1): arm64: Forget syscall if different from execve*() arch/arm64/include/asm/processor.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) Best regards and thank you in advance. -- 2.25.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel