... since uprobes pt_regs may leak kernel data
Reviewed all tapset functions. Ones that use CONTEXT->regs: registers_valid() valid, only nullness test user_mode() valid, only to test user mode flag in MSR stp_pid() only mentioned for completeness; uses task_pt_regs() only ucontext-unwind.stp:*: unsure, maybe should task_pt_regs() only; mjw? utrace.stp: Ditto. Actually, should rewrite src/tapset-utrace.cxx to use expression embedded-c and remove these tapset fns entirely.
(In reply to comment #1) > ucontext-unwind.stp:*: unsure, maybe should task_pt_regs() only; mjw? That comes from the fact that most backtracing code was written before user space support was added. All code handles both in-kernel and in-user backtraces, up to the dwarf unwinder. We could push the kernel/user split down into the tapset functions and only pass around a pt_regs struct that is tailored to kernel/user if that is safer. What exactly is the problem with passing around CONTEXT->regs?
(In reply to comment #2) > What exactly is the problem with passing around CONTEXT->regs? OK, I finally got a clue... commit ec3c800b3556d90be2b2e810d2f0a496ddaba08b Author: Mark Wielaard <mjw@redhat.com> Date: Thu Jul 1 16:42:30 2010 +0200 PR11444 Don't leak CONTEXT->regs in unwind, explicitly use task_pt_regs. CONTEXT->regs might be kernel regs, or not set at all, so check whether we have a real task and grab the task_pt_regs before proceeding. * tapset/ucontext-unwind.stp (print_ubacktrace): Check current->mm and grab task_pt_regs. (print_ubacktrace_brief): Likewise. (ubacktrace): Likewise.
Problem fixed long ago ...