kprobes, livepatch and FTRACE_OPS_FL_IPMODIFY

[Joe Lawrence <joe.lawrence@redhat.com>]

Hi Masami,

I wanted to revisit FTRACE_OPS_FL_IPMODIFY blocking of kprobes and
livepatch, at least in cases where kprobe pre_handlers don't modify
regs->ip.

(We've discussed this previously at part of a kpatch github issue #47:
https://github.com/dynup/kpatch/issues/47)

The particular use case I was wondering about was perf probing a
particular function, then attempting to livepatch that same function:

  % uname -r
  5.3.0-rc1+

  % dmesg -C
  % perf probe --add cmdline_proc_show
  Added new event:
    probe:cmdline_proc_show (on cmdline_proc_show)

  You can now use it in all perf tools, such as:

          perf record -e probe:cmdline_proc_show -aR sleep 1

  % perf record -e probe:cmdline_proc_show -aR sleep 30 &
  [1] 1007
  % insmod samples/livepatch/livepatch-sample.ko
  insmod: ERROR: could not insert module samples/livepatch/livepatch-sample.ko: Device or resource busy
  % dmesg
  [  440.913962] livepatch_sample: tainting kernel with TAINT_LIVEPATCH
  [  440.917123] livepatch_sample: module verification failed: signature and/or required key missing - tainting kernel
  [  440.942493] livepatch: enabling patch 'livepatch_sample'
  [  440.943445] livepatch: failed to register ftrace handler for function 'cmdline_proc_show' (-16)
  [  440.944576] livepatch: failed to patch object 'vmlinux'
  [  440.945270] livepatch: failed to enable patch 'livepatch_sample'
  [  440.946085] livepatch: 'livepatch_sample': unpatching complete

This same behavior holds in reverse, if we want to probe a livepatched
function:

  % insmod samples/livepatch/livepatch-sample.ko
  % perf probe --add cmdline_proc_show
  Added new event:
    probe:cmdline_proc_show (on cmdline_proc_show)

  You can now use it in all perf tools, such as:

          perf record -e probe:cmdline_proc_show -aR sleep 1

  % perf record -e probe:cmdline_proc_show -aR sleep 30
  Error:
  The sys_perf_event_open() syscall returned with 16 (Device or resource busy) for event (probe:cmdline_proc_show).
  /bin/dmesg | grep -i perf may provide additional information.


Now, if I read kernel/trace/trace_kprobe.c :: kprobe_dispatcher()
correctly, it's only going to return !0 (indicating a modified regs->ip)
when kprobe_perf_func() returns !0, i.e. regs->ip changes over a call to
trace_call_bpf().

Aside: should kprobe_ftrace_handler() check that FTRACE_OPS_FL_IPMODIFY
is set when a pre_handler returns !0?

In kpatch #47, Josh suggested:

- If a kprobe handler needs to modify IP, user sets KPROBE_FLAG_IPMODIFY
  flag to register_kprobe, and then kprobes sets FTRACE_OPS_FL_IPMODIFY
  when registering with ftrace for that probe.

- If KPROBE_FLAG_IPMODIFY is not used, kprobe_ftrace_handler() can
  detect when a kprobe handler changes regs->ip and restore it to its
  original value (regs->ip = ip).

Is this something that could still be supported?  In cases like perf
probe, could we get away with not setting FTRACE_OPS_FL_IPMODIFY?  The
current way that we're applying that flag, kprobes and livepatch are
mutually exclusive (for the same function).

Regards,

-- Joe