From: Jiri Olsa <jolsa@kernel.org>
To: "Naveen N. Rao" <naveen.n.rao@linux.ibm.com>,
Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
"David S. Miller" <davem@davemloft.net>,
Masami Hiramatsu <mhiramat@kernel.org>
Cc: lkml <linux-kernel@vger.kernel.org>,
Srinivasa D S <srinivasa@in.ibm.com>,
Hien Nguyen <hien@us.ibm.com>, David Valin <dvalin@redhat.com>
Subject: [RFC] kprobes: Fix locking in recycle_rp_inst
Date: Tue, 26 Feb 2019 17:10:36 +0100 [thread overview]
Message-ID: <20190226161036.10680-1-jolsa@kernel.org> (raw)
hi,
David reported a crash related to return kprobes.
The change below tries to explain it and fix it,
but I'm sending it as RFC because I don't follow
kprobes code that much, so I might have missed
something.
thanks,
jirka
---
We can call recycle_rp_inst from both task and irq contexts,
so we should use irqsave/irqrestore locking functions.
I wasn't able to hit this particular lockup, but I found it
while checking on why return probe on _raw_spin_lock locks
the system, reported by David by using bpftrace on simple
script, like:
kprobe:_raw_spin_lock
{
@time[tid] = nsecs;
@symb[tid] = arg0;
}
kretprobe:_raw_spin_lock
/ @time[tid] /
{
delete(@time[tid]);
delete(@symb[tid]);
}
or by perf tool:
# perf probe -a _raw_spin_lock:%return
# perf record -e probe:_raw_spin_lock__return -a
The thing is that the _raw_spin_lock call in recycle_rp_inst,
is the only one that return-probe-code-paths call, and it
triggers another kprobe instance while already processing one
and locks up on kretprobe_table_lock lock:
#12 [ffff99c337403d28] queued_spin_lock_slowpath at ffffffff9712693b
#13 [ffff99c337403d28] _raw_spin_lock_irqsave at ffffffff9794c100
#14 [ffff99c337403d38] pre_handler_kretprobe at ffffffff9719435c
#15 [ffff99c337403d68] kprobe_ftrace_handler at ffffffff97059f12
#16 [ffff99c337403d98] ftrace_ops_assist_func at ffffffff971a0421
#17 [ffff99c337403dd8] handle_edge_irq at ffffffff97139f55
#18 [ffff99c337403df0] handle_edge_irq at ffffffff97139f55
#19 [ffff99c337403e58] _raw_spin_lock at ffffffff9794c111
#20 [ffff99c337403e88] _raw_spin_lock at ffffffff9794c115
#21 [ffff99c337403ea8] trampoline_handler at ffffffff97058a8f
#22 [ffff99c337403f00] kretprobe_trampoline at ffffffff970586d5
#23 [ffff99c337403fb0] handle_irq at ffffffff97027b1f
#24 [ffff99c337403fc0] do_IRQ at ffffffff97a01bc9
--- <IRQ stack> ---
#25 [ffffa5c3c1f9fb38] ret_from_intr at ffffffff97a0098f
[exception RIP: smp_call_function_many+460]
RIP: ffffffff9716685c RSP: ffffa5c3c1f9fbe0 RFLAGS: 00000202
RAX: 0000000000000005 RBX: ffff99c337421c80 RCX: ffff99c337566260
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff99c337421c88
RBP: ffff99c337421c88 R8: 0000000000000001 R9: ffffffff98352940
R10: ffff99c33703c910 R11: ffffffff9794c110 R12: ffffffff97055680
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000040
ORIG_RAX: ffffffffffffffde CS: 0010 SS: 0018
#26 [ffffa5c3c1f9fc20] on_each_cpu at ffffffff97166918
#27 [ffffa5c3c1f9fc40] ftrace_replace_code at ffffffff97055a34
#28 [ffffa5c3c1f9fc88] ftrace_modify_all_code at ffffffff971a3552
#29 [ffffa5c3c1f9fca8] arch_ftrace_update_code at ffffffff97055a6c
#30 [ffffa5c3c1f9fcb0] ftrace_run_update_code at ffffffff971a3683
#31 [ffffa5c3c1f9fcc0] ftrace_startup at ffffffff971a6638
#32 [ffffa5c3c1f9fce8] register_ftrace_function at ffffffff971a66a0
When we switch it to raw_spin_lock_irqsave the return probe
on _raw_spin_lock starts working.
Reported-by: David Valin <dvalin@redhat.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
kernel/kprobes.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index c83e54727131..c82056b354cc 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1154,9 +1154,11 @@ void recycle_rp_inst(struct kretprobe_instance *ri,
hlist_del(&ri->hlist);
INIT_HLIST_NODE(&ri->hlist);
if (likely(rp)) {
- raw_spin_lock(&rp->lock);
+ unsigned long flags;
+
+ raw_spin_lock_irqsave(&rp->lock, flags);
hlist_add_head(&ri->hlist, &rp->free_instances);
- raw_spin_unlock(&rp->lock);
+ raw_spin_unlock_irqrestore(&rp->lock, flags);
} else
/* Unregistering */
hlist_add_head(&ri->hlist, head);
--
2.17.2
next reply other threads:[~2019-02-26 16:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-26 16:10 Jiri Olsa [this message]
2019-02-27 8:38 ` [RFC] kprobes: Fix locking in recycle_rp_inst Masami Hiramatsu
2019-02-27 13:33 ` Jiri Olsa
2019-02-28 6:50 ` Masami Hiramatsu
2019-03-01 23:00 ` David Valin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190226161036.10680-1-jolsa@kernel.org \
--to=jolsa@kernel.org \
--cc=anil.s.keshavamurthy@intel.com \
--cc=davem@davemloft.net \
--cc=dvalin@redhat.com \
--cc=hien@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=naveen.n.rao@linux.ibm.com \
--cc=srinivasa@in.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.