From: wangnan0@huawei.com (Wang Nan)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v12 7/7] ARM: kprobes: enable OPTPROBES for ARM 32
Date: Mon, 8 Dec 2014 14:34:39 +0800 [thread overview]
Message-ID: <5485467F.6060005@huawei.com> (raw)
In-Reply-To: <1417791592.2232.5.camel@linaro.org>
On 2014/12/5 22:59, Jon Medhurst (Tixy) wrote:
> On Fri, 2014-12-05 at 10:10 +0000, Jon Medhurst (Tixy) wrote:
> [...]
>> I'm worried because this whole optimised kprobes has some rather
>> complicated interactions, e.g. can the background thread that changes
>> breakpoints to jumps (or back again?) could occur at the same time
>> another CPU is processing a kprobe that's been hit, or is in the process
>> of removing a probe.
>
> I think that is a plausible theory. We can have this situation...
>
> 1. CPU A executes a probe's 'breakpoint' instruction and the undefined
> instruction exception handler is triggered.
>
> 2. CPU B is executing the kprobes optimisation thread and replaces the
> 'breakpoint' with a branch instruction.
>
> 3. CPU A reads the invalid instruction from memory and because this is
> now the branch instruction it doesn't match
> KPROBE_ARM_BREAKPOINT_INSTRUCTION which kprobes registered to handle.
> This means the undefined instruction exception is treated as just that,
> execution of an undefined instruction.
>
I confirmed your theory by printing the buggy instruction:
...
[ 474.824206] subls r9, r9, r14, lsr r7 @ 9049973e
[ 476.954206] subge r10, r11, r14, asr r7 @ a04ba75e
[ 479.014206] sublt r11, r11, r14, asr r7 @ b04bb75e
[ 479.194212] undefined instruction: pc=bf001bbc, instruction=ea01187f
[ 479.290190] Internal error: Oops - undefined instruction: 0 [#1] SMP ARM
[ 479.370533] Modules linked in: test_kprobes(+)
[ 479.423990] CPU: 10 PID: 1410 Comm: insmod Not tainted 3.10.53-HULK2+ #31
[ 479.505377] task: c42b72c0 ti: ed4f8000 task.ti: ed4f8000
[ 479.570189] PC is at kprobe_arm_test_cases+0x122c/0xfeed [test_kprobes]
...
ea01187f is a branch instruction.
Please help me to review my v14 patch series:
http://lists.infradead.org/pipermail/linux-arm-kernel/2014-December/309236.html
In which I fix it by wrapping __arch_optimize_kprobes() using stop_machine().
> The above scenario is the exact reason why arch_disarm_kprobe is
> implemented to always use stop_machine to modify the code and we need to
> ensure the same happens with arch_optimize_kprobes.
>
WARNING: multiple messages have this Message-ID (diff)
From: Wang Nan <wangnan0@huawei.com>
To: "Jon Medhurst (Tixy)" <tixy@linaro.org>
Cc: <masami.hiramatsu.pt@hitachi.com>, <linux@arm.linux.org.uk>,
<lizefan@huawei.com>, <linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v12 7/7] ARM: kprobes: enable OPTPROBES for ARM 32
Date: Mon, 8 Dec 2014 14:34:39 +0800 [thread overview]
Message-ID: <5485467F.6060005@huawei.com> (raw)
In-Reply-To: <1417791592.2232.5.camel@linaro.org>
On 2014/12/5 22:59, Jon Medhurst (Tixy) wrote:
> On Fri, 2014-12-05 at 10:10 +0000, Jon Medhurst (Tixy) wrote:
> [...]
>> I'm worried because this whole optimised kprobes has some rather
>> complicated interactions, e.g. can the background thread that changes
>> breakpoints to jumps (or back again?) could occur at the same time
>> another CPU is processing a kprobe that's been hit, or is in the process
>> of removing a probe.
>
> I think that is a plausible theory. We can have this situation...
>
> 1. CPU A executes a probe's 'breakpoint' instruction and the undefined
> instruction exception handler is triggered.
>
> 2. CPU B is executing the kprobes optimisation thread and replaces the
> 'breakpoint' with a branch instruction.
>
> 3. CPU A reads the invalid instruction from memory and because this is
> now the branch instruction it doesn't match
> KPROBE_ARM_BREAKPOINT_INSTRUCTION which kprobes registered to handle.
> This means the undefined instruction exception is treated as just that,
> execution of an undefined instruction.
>
I confirmed your theory by printing the buggy instruction:
...
[ 474.824206] subls r9, r9, r14, lsr r7 @ 9049973e
[ 476.954206] subge r10, r11, r14, asr r7 @ a04ba75e
[ 479.014206] sublt r11, r11, r14, asr r7 @ b04bb75e
[ 479.194212] undefined instruction: pc=bf001bbc, instruction=ea01187f
[ 479.290190] Internal error: Oops - undefined instruction: 0 [#1] SMP ARM
[ 479.370533] Modules linked in: test_kprobes(+)
[ 479.423990] CPU: 10 PID: 1410 Comm: insmod Not tainted 3.10.53-HULK2+ #31
[ 479.505377] task: c42b72c0 ti: ed4f8000 task.ti: ed4f8000
[ 479.570189] PC is at kprobe_arm_test_cases+0x122c/0xfeed [test_kprobes]
...
ea01187f is a branch instruction.
Please help me to review my v14 patch series:
http://lists.infradead.org/pipermail/linux-arm-kernel/2014-December/309236.html
In which I fix it by wrapping __arch_optimize_kprobes() using stop_machine().
> The above scenario is the exact reason why arch_disarm_kprobe is
> implemented to always use stop_machine to modify the code and we need to
> ensure the same happens with arch_optimize_kprobes.
>
next prev parent reply other threads:[~2014-12-08 6:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-04 5:32 [PATCH v12 0/7] ARM: kprobes: OPTPROBES and other improvements Wang Nan
2014-12-04 5:32 ` Wang Nan
2014-12-04 5:34 ` [PATCH v12 1/7] ARM: probes: move all probe code to dedicate directory Wang Nan
2014-12-04 5:34 ` Wang Nan
2014-12-04 5:35 ` [PATCH v12 2/7] ARM: kprobes: introduces checker Wang Nan
2014-12-04 5:35 ` Wang Nan
2014-12-04 5:35 ` [PATCH v12 3/7] ARM: kprobes: collects stack consumption for store instructions Wang Nan
2014-12-04 5:35 ` Wang Nan
2014-12-04 5:35 ` [PATCH v12 4/7] ARM: kprobes: disallow probing stack consuming instructions Wang Nan
2014-12-04 5:35 ` Wang Nan
2014-12-04 5:35 ` [PATCH v12 5/7] ARM: kprobes: Add test cases for " Wang Nan
2014-12-04 5:35 ` Wang Nan
2014-12-04 16:22 ` Jon Medhurst (Tixy)
2014-12-04 16:22 ` Jon Medhurst (Tixy)
2014-12-04 5:35 ` [PATCH v12 6/7] kprobes: Pass the original kprobe for preparing optimized kprobe Wang Nan
2014-12-04 5:35 ` Wang Nan
2014-12-04 16:28 ` Jon Medhurst (Tixy)
2014-12-04 16:28 ` Jon Medhurst (Tixy)
2014-12-04 5:36 ` [PATCH v12 7/7] ARM: kprobes: enable OPTPROBES for ARM 32 Wang Nan
2014-12-04 5:36 ` Wang Nan
2014-12-04 16:21 ` Jon Medhurst (Tixy)
2014-12-04 16:21 ` Jon Medhurst (Tixy)
2014-12-05 3:38 ` Wang Nan
2014-12-05 3:38 ` Wang Nan
2014-12-05 10:10 ` Jon Medhurst (Tixy)
2014-12-05 10:10 ` Jon Medhurst (Tixy)
2014-12-05 10:32 ` Wang Nan
2014-12-05 10:32 ` Wang Nan
2014-12-05 10:48 ` Jon Medhurst (Tixy)
2014-12-05 10:48 ` Jon Medhurst (Tixy)
2014-12-05 14:59 ` Jon Medhurst (Tixy)
2014-12-05 14:59 ` Jon Medhurst (Tixy)
2014-12-08 6:34 ` Wang Nan [this message]
2014-12-08 6:34 ` Wang Nan
2014-12-05 19:57 ` Peter Maydell
2014-12-05 19:57 ` Peter Maydell
2014-12-04 18:29 ` Russell King - ARM Linux
2014-12-04 18:29 ` Russell King - ARM Linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5485467F.6060005@huawei.com \
--to=wangnan0@huawei.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.