Re: [PATCH] uprobes: Ignore unsupported instructions in uprobe_mmap

[Oleg Nesterov <oleg@redhat.com>]

On 08/02, Srikar Dronamraju wrote:
>
> uprobe_mmap()->install_breakpoint() can fail if the probed insn is not
> supported

But there are other reasons why it can fail,

> However failing mmap_region()/do_fork() because of a probe on an
> unsupported instruction is wrong.

Srikar, I strongly, absolutely disagree. Please correct me, but..

Do you realize how much uprobes hooks in mmap_region/dup_mmap are broken?

(cough, can't resist, vma_adjust()->uprobe_mmap() is not right too, but
 this is another story).

OK, lets start with dup_mmap:

		// retval == 0

		if (file && uprobe_mmap(tmp))
			goto out;

	out:
		up_write(&mm->mmap_sem);
		flush_tlb_mm(oldmm);
		up_write(&oldmm->mmap_sem);
		return retval;

Given that retval == 0, what do you think dup_mmap() returns if
uprobe_mmap() fails? And note that we didn't copy all vmas.
OK, at least this can't crash (afaics), and easy to fix.


But mmap_region() is worse, much worse. It simply can _not_ fail
after uprobe_mmap (of course, I am not saying this is unfixable)
without the crash. And note that the crash is "delayed". And btw,
like dup_mmap(), mmap_region() doesn't return the error too.

Srikar, I strongly believe this horror must not exist. Either
we should teach mmap_region() and dup_mmap() (and vma_adjust!)
to fail correctly, or we should ignore the error code.

It is that simple, isn't it?

Whatever you do with uprobe_mmap(), even if you change it to always
return 0, the code in mmap_region() is absolutely, absolutely broken.

Do you agree?

And once again. I agree, in the long term we should reconsider
this change. But we need a simple fix for now/stable.

> Hence change uprobe_mmap() to ignore unsupported instructions.

OK. Now suppose that mmap_region()-> uprobe_mmap() fails because
the caller is SIGKILL'ed (so __get_user_pages fails). Given that
mmap_region() can't handle the error correctly, the kernel can
crash.

Oleg.