Re: [BUG][-tip] kprobes on module functions hits kernel BUG in text_poke on x86-32

[Masami Hiramatsu <mhiramat@redhat.com>]

Masami Hiramatsu wrote:
> Masami Hiramatsu wrote:
>> Mathieu Desnoyers wrote:
>>> * Masami Hiramatsu (mhiramat@redhat.com) wrote:
>>>> Hi,
>>>>
>>>> I found text_poke() problem on x86-32 with the latest-tip tree.
>>>> When I put a kprobe on a module function, text_poke() hit a BUG.
>>>>
>>>> This bug can be reproduced on x86-32, but not on x86-64.
>>>> And inserting kprobes on a kernel-core function is OK.
>>>>
>>>> Thank you,
>>>>
>>> Hi Masami,
>>>
>>> OK, so text_poke safety net saves the day :)
>>>
>>> Basically, what we have here is the BUG_ON I have put :
>>>
>>>        for (i = 0; i < len; i++)
>>>                 BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
>>>
>>> Which checks that the modification is really preceivable in the kernel
>>> code, triggers this bug. Only for modules you say.
>>>
>>> It might not be this, but.. let's try something simple (this could be
>>> completely unrelated, but won't take long to test): can you try to add a
>>> vmalloc_sync_all() at the beginning of text_poke ? This would make sure
>>> that lazily-populated TLB entries, which include module code and data on
>>> x86, will be populated. I wonder if we hit this problem because
>>> vmalloc_to_page would be returning a mapping to a yet unpopulated TLB
>>> entry, if it is ever possible.
>> Hmm, from the result of my test, vmalloc_sync_all() didn't change anything...
>>
>>> If that's not this, then I guess we have some problem with setting a
>>> fixmap to a page returned by vmalloc on x86 32.

Hmm, ok. AFAICS, fixmap is only for lowmem, and pkmap is only for highmem.

So, I think we have some options;

A) Separate text_poke into __text_poke and __text_poke_highmem. And
  use pkmap_atomic in __text_poke_highmem. This way doesn't require
  any additional change except adding KM_TEXT_POKE0/1 in km_type.

B) Add set_fixmap_page and use it in text_poke. This will require
  changes in paravirt_ops and pgtable.c. We need to ensure there is
  no side effects.

C) Change pkmap_atomic_prot to map lowmem only if the page's pgprot
  is different from user specified pgprot. And use it instead of
  fixmap. This also requires KM_TEXT_POKE0/1, however we can
  remove FIX_TEXT_POKE0/1.

etc...

I think A) is for short-term solution. I guess it will be acceptable
for next release. But for long-term, C) might be better.

Thank you,

-- 
Masami Hiramatsu

Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division

e-mail: mhiramat@redhat.com