From: Masami Hiramatsu <mhiramat@kernel.org>
To: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>,
LKML <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@amacapital.net>
Subject: Re: Strange hang with gcc 8 of kprobe multiple_kprobes test
Date: Tue, 4 Dec 2018 17:02:29 +0900 [thread overview]
Message-ID: <20181204170229.4442d43ce956d48619c1d232@kernel.org> (raw)
In-Reply-To: <20181204164007.956a3458c9fd301b3d173eba@kernel.org>
On Tue, 4 Dec 2018 16:40:07 +0900
Masami Hiramatsu <mhiramat@kernel.org> wrote:
> Hi Steve,
>
> On Mon, 3 Dec 2018 21:18:07 -0500
> Steven Rostedt <rostedt@goodmis.org> wrote:
>
> > Hi Masami,
> >
> > I started testing some of my new code and the system got into a
> > strange state. Debugging further, I found the cause came from the
> > kprobe tests. It became stranger to me that I could reproduce it with
> > older kernels. I went back as far as 4.16 and it triggered. I thought
> > this very strange because I ran this test on all those kernels in the
> > past.
> >
> > After a bit of hair pulling, I figured out what changed. I upgraded to
> > gcc 8.1 (and I reproduce it with 8.2 as well). I convert back to gcc 7
> > and the tests pass without issue.
>
> OK, let me see.
>
> > The issue that I notice when the system gets into this strange state is
> > that I can't log into the box. Nor can I reboot. Basically it's
> > anything to do with systemd just doesn't work (insert your jokes here
> > now, and then let's move on).
> >
> > I was able to narrow down what the exact function was that caused the
> > issues and it is: update_vsyscall()
> >
> > gcc 7 looks like this:
> >
> > ffffffff81004bf0 <update_vsyscall>:
> > ffffffff81004bf0: e8 0b cc 9f 00 callq ffffffff81a01800 <__fentry__>
> > ffffffff81004bf1: R_X86_64_PC32 __fentry__-0x4
> > ffffffff81004bf5: 48 8b 07 mov (%rdi),%rax
> > ffffffff81004bf8: 8b 15 96 5f 34 01 mov 0x1345f96(%rip),%edx # ffffffff8234ab94 <vclocks_used>
> > ffffffff81004bfa: R_X86_64_PC32 vclocks_used-0x4
> > ffffffff81004bfe: 83 05 7b 84 6f 01 01 addl $0x1,0x16f847b(%rip) # ffffffff826fd080 <vsyscall_gtod_data>
> > ffffffff81004c00: R_X86_64_PC32 vsyscall_gtod_data-0x5
> > ffffffff81004c05: 8b 48 24 mov 0x24(%rax),%ecx
> > ffffffff81004c08: b8 01 00 00 00 mov $0x1,%eax
> > ffffffff81004c0d: d3 e0 shl %cl,%eax
> >
> > And gcc 8 looks like this:
> >
> > ffffffff81004c90 <update_vsyscall>:
> > ffffffff81004c90: e8 6b cb 9f 00 callq ffffffff81a01800 <__fentry__>
> > ffffffff81004c91: R_X86_64_PC32 __fentry__-0x4
> > ffffffff81004c95: 48 8b 07 mov (%rdi),%rax
> > ffffffff81004c98: 83 05 e1 93 6f 01 01 addl $0x1,0x16f93e1(%rip) # ffffffff826fe080 <vsyscall_gtod_data>
>
> Hm this is a RIP relative instruction, it should be modified by kprobes.
>
> > ffffffff81004c9a: R_X86_64_PC32 vsyscall_gtod_data-0x5
> > ffffffff81004c9f: 8b 50 24 mov 0x24(%rax),%edx
> > ffffffff81004ca2: 8b 05 ec 5e 34 01 mov 0x1345eec(%rip),%eax # ffffffff8234ab94 <vclocks_used>
> > ffffffff81004ca4: R_X86_64_PC32 vclocks_used-0x4
> >
> > The test adds a kprobe (optimized) at udpate_vsyscall+5. And will
> > insert a jump on the two instructions after fentry. The difference
> > between v7 and v8 is that v7 is touching vclocks_used and v8 is
> > touching vsyscall_gtod_data.
> >
> > Is there some black magic going on with the vsyscall area with
> > vsyscall_gtod_data that is causing havoc when a kprobe is added there?
>
> I think it might miss something when preprocessing RIP relative instruction.
Ah, I got it. I thought it had been fixed, but not...
In arch/x86/kernel/kprobes/opt.c, copy_optimized_instructions() does a copy
loop, but only update src and dest cursors, but not update real address
which is used for adjusting RIP relative instruction.
while (len < RELATIVEJUMP_SIZE) {
ret = __copy_instruction(dest + len, src + len, real, &insn);
if (!ret || !can_boost(&insn, src + len))
return -EINVAL;
len += ret;
}
I remember I have fixed this, and actually WE did it :-D
https://lkml.org/lkml/2018/8/23/1203
Ah, we hit a same bug...
Ingo, could you pick the patch? Should I resend it?
Thank you,
--
Masami Hiramatsu <mhiramat@kernel.org>
next prev parent reply other threads:[~2018-12-04 8:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-04 2:18 Strange hang with gcc 8 of kprobe multiple_kprobes test Steven Rostedt
2018-12-04 7:40 ` Masami Hiramatsu
2018-12-04 8:02 ` Masami Hiramatsu [this message]
2018-12-04 8:15 ` Ingo Molnar
2018-12-04 19:38 ` Steven Rostedt
2018-12-09 22:01 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181204170229.4442d43ce956d48619c1d232@kernel.org \
--to=mhiramat@kernel.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.