From: Masami Hiramatsu <mhiramat@redhat.com>
To: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>,
linux-kernel@vger.kernel.org, Ingo Molnar <mingo@elte.hu>,
Andrew Morton <akpm@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>, Li Zefan <lizf@cn.fujitsu.com>,
Lai Jiangshan <laijs@cn.fujitsu.com>,
"David S. Miller" <davem@davemloft.net>,
Stephen Hemminger <shemminger@linux-foundation.org>
Subject: Re: [PATCH 0/3][RFC] tracing/kprobes: prevent jprobes from crashing function graph tracer
Date: Mon, 02 Nov 2009 10:02:23 -0500 [thread overview]
Message-ID: <4AEEF47F.7090101@redhat.com> (raw)
In-Reply-To: <20091102003723.GF5263@nowhere>
Frederic Weisbecker wrote:
> On Thu, Oct 29, 2009 at 06:02:20PM -0400, Masami Hiramatsu wrote:
>> Steven Rostedt wrote:
>>> Lately I've been testing with an allyesconfig. When I ran the function graph
>>> tracer, it immediately crashed the kernel. Thanks to the new frame pointer
>>> test in function graph, it reported directly what the issue was and then
>>> panicked the kernel to prevent any unexpected damage from happening.
>>>
>>> It pointed the error to be with jtcp_rcv_established. Which is a jprobe
>>> function added to tcp_rcv_established at bootup when CONFIG_NET_TCPPROBE
>>> is enabled.
>>>
>>> Jprobes and the function graph tracer use the same mechanism to trace
>>> the exit of a function. Unfortunately, only one can be done at a time.
>>> The function graph tracer replaces the return address with its own handler,
>>> but so does jprobes. The two are not compatible.
>>
>> AFAIK, Jprobe doesn't trace the exit of a function. I assume that
>> jprobe's user handler causes the problem, since the handler never
>> returns normal way.
>> Instead of that, it just calls jprobe_return() which causes
>> int3 to be trapped by kprobe's break handler. And the break handler
>> fixup regs->ip to back to traced function.
>>
>> Actually, this will cause a problem with function graph tracer.
>> The f-g-tracer push the return address into the special stack and replaces
>> it with fixup function (This is similar (not same) mechanism of kretprobe.)
>> And then the traced function returns, it returns to the fixup function and
>> it pops the return address up and back to the real caller.
>>
>> So, if the f-g-tracer traces jprobe user handler, the pop operation
>> will be skipped because the the handler never returns.
>
>
> I'm not sure I've well understood how is performed the call to the jprobe
> handler.
> But if I understand well we have:
>
> func() {
> int3() {
> jprobe_handler() {
> (-)
> set ip after iret to user_handler()
> }
> }
> user_handler() {
> jprobe_return() {
> (+)
> int3() {
> set ip after iret to func+...()
> }
> |
> |
> |
> <--------------
> (execute the rest of func())
> }
>
> If we replace (-) with pause_graph_tracing() and (+) with
> unpause_graph_tracing(), this should do the trick...I hope.
I'm not so sure about pause_graph_tracing(), however, it seems that
int3() and jprobe_handler() already pushed on the stack of the
func graph tracer at (-). If it's true, where are those entries
popped up?
Thank you,
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America), Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
next prev parent reply other threads:[~2009-11-02 15:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-29 20:51 [PATCH 0/3][RFC] tracing/kprobes: prevent jprobes from crashing function graph tracer Steven Rostedt
2009-10-29 20:51 ` [PATCH 1/3][RFC] [PATCH 1/3] tracing: Clean up ftrace.h header and add ftrace_set_notrace() declaration Steven Rostedt
2009-10-29 20:51 ` [PATCH 2/3][RFC] [PATCH 2/3] tracing: Add calls to permanently disable functions from tracing Steven Rostedt
2009-10-29 20:51 ` [PATCH 3/3][RFC] [PATCH 3/3] tracing/kprobes: Disable tracing registered jprobe callback functions Steven Rostedt
2009-10-29 22:02 ` [PATCH 0/3][RFC] tracing/kprobes: prevent jprobes from crashing function graph tracer Masami Hiramatsu
2009-10-29 22:17 ` Steven Rostedt
2009-10-29 22:26 ` Stephen Hemminger
2009-10-29 23:22 ` Masami Hiramatsu
2009-10-30 0:06 ` Steven Rostedt
2009-10-30 0:49 ` Masami Hiramatsu
2009-11-02 0:37 ` Frederic Weisbecker
2009-11-02 15:02 ` Masami Hiramatsu [this message]
2009-11-02 20:22 ` Frederic Weisbecker
2009-11-02 20:30 ` Masami Hiramatsu
2009-10-31 20:06 ` Frank Ch. Eigler
2009-11-01 14:48 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AEEF47F.7090101@redhat.com \
--to=mhiramat@redhat.com \
--cc=acme@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=laijs@cn.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=shemminger@linux-foundation.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.