From: Russell King - ARM Linux <linux@armlinux.org.uk>
To: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H . Peter Anvin" <hpa@zytor.com>, Jon Medhurst <tixy@linaro.org>,
Wang Nan <wangnan0@huawei.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
"David A . Long" <dave.long@linaro.org>,
Sandeepa Prabhu <sandeepa.s.prabhu@gmail.com>
Subject: Re: [BUGFIX PATCH tip/master V2 3/3] kprobes/arm: Fix a possible deadlock case in kretprobe
Date: Fri, 10 Feb 2017 23:21:13 +0000 [thread overview]
Message-ID: <20170210232113.GP27312@n2100.armlinux.org.uk> (raw)
In-Reply-To: <20170211073316.bde61bc3706ede8261bf991d@kernel.org>
On Sat, Feb 11, 2017 at 07:33:16AM +0900, Masami Hiramatsu wrote:
> On Fri, 10 Feb 2017 11:34:45 +0900
> Masami Hiramatsu <mhiramat@kernel.org> wrote:
> > Ah, in_nmi() means FIQ on arm :)
> > OK, but actually it is too late to check it in the enter of
> > trampoline_handler() since we don't know where is the real
> > return address at that point. So I'll check that in setup site
> > - kretprobe_pre_handler().
>
> Hmm, pre_handler_kretprobe() already checked in_nmi().
> So, I think this will no problem on FIQ too.
I don't blame you for missing that - the tracing and probes code is (at
least to me) quite a maze of code.
>From what I can tell, you're right - pre_handler_kretprobe() checks
in_nmi() early on, which prevents arch_prepare_kretprobe() (which
replaces regs->ARM_lr with the trampoline address) being run. Hence,
the trampoline should not be run if we were entered in FIQ mode.
However, looking at kprobe_handler(), I'm much less convinced. This is
called as a result of hitting a probe instruction via
kprobe_trap_handler().
Now, if we have two kprobes, one in non-FIQ context and one in FIQ
context, and the non-FIQ context one is hit, we set the current kprobe:
} else if (p->ainsn.insn_check_cc(regs->ARM_cpsr)) {
/* Probe hit and conditional execution check ok. */
set_current_kprobe(p);
kcb->kprobe_status = KPROBE_HIT_ACTIVE;
and call the pre-handler (which succeeds.) If we then take a FIQ and
hit a kprobe in a function called from FIQ, we will re-enter this
function.
In this case, "cur" will be the non-FIQ kprobe, and "p" will be the FIQ
kprobe. It looks to me like we will single-step over the kprobe, and
resume. However, it will modify the kprobe_status to KPROBE_REENTER,
which may not be desirable.
However, there does seem to be a hole. Let's say that we have a similar
scenario, except that the FIQ is well-timed to happen:
if (!p->pre_handler || !p->pre_handler(p, regs)) {
kcb->kprobe_status = KPROBE_HIT_SS;
/* HERE */
singlestep(p, regs, kcb);
if (p->post_handler) {
kcb->kprobe_status = KPROBE_HIT_SSDONE;
In that case:
/* Kprobe is pending, so we're recursing. */
switch (kcb->kprobe_status) {
case KPROBE_HIT_ACTIVE:
case KPROBE_HIT_SSDONE:
...
default:
/* impossible cases */
BUG();
becomes not such an "impossible case", so the kernel is likely to
explode.
This doesn't look good to me, and the pre-handler does nothing to
prevent this, so I still think we need some higher level protection in
kprobe_handler() against being entered in FIQ context - not only to
prevent that BUG() but also to prevent the kprobe status being changed
to "re-enter".
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
next prev parent reply other threads:[~2017-02-10 23:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-09 16:28 [BUGFIX PATCH tip/master V2 0/3] kprobes: Fix a possible deadlock in kretprobe Masami Hiramatsu
2017-02-09 16:30 ` [BUGFIX PATCH tip/master V2 1/3] kprobes/x86: Fix a possible deadlock case " Masami Hiramatsu
2017-02-09 16:31 ` [BUGFIX PATCH tip/master V2 2/3] kprobes/arm64: " Masami Hiramatsu
2017-02-09 16:32 ` [BUGFIX PATCH tip/master V2 3/3] kprobes/arm: " Masami Hiramatsu
2017-02-09 16:49 ` Russell King - ARM Linux
2017-02-10 2:34 ` Masami Hiramatsu
2017-02-10 22:33 ` Masami Hiramatsu
2017-02-10 23:21 ` Russell King - ARM Linux [this message]
2017-02-11 9:21 ` Masami Hiramatsu
2017-02-10 22:52 ` [BUGFIX PATCH tip/master V2 0/3] kprobes: Fix a possible deadlock " Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170210232113.GP27312@n2100.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=ananth@linux.vnet.ibm.com \
--cc=catalin.marinas@arm.com \
--cc=dave.long@linaro.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sandeepa.s.prabhu@gmail.com \
--cc=tglx@linutronix.de \
--cc=tixy@linaro.org \
--cc=wangnan0@huawei.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.