All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jiri Olsa <olsajiri@gmail.com>
To: Jiri Olsa <olsajiri@gmail.com>
Cc: Hou Tao <houtao@huaweicloud.com>,
	mhiramat@kernel.org, xingwei lee <xrivendell7@gmail.com>,
	ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
	martin.lau@linux.dev, song@kernel.org, yonghong.song@linux.dev,
	john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
	haoluo@google.com, rostedt@goodmis.org,
	mathieu.desnoyers@efficios.com, bpf@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: Re: WARNING: kmalloc bug in bpf_uprobe_multi_link_attach
Date: Mon, 11 Dec 2023 15:34:35 +0100	[thread overview]
Message-ID: <ZXcd-_lVhoiWBh-4@krava> (raw)
In-Reply-To: <ZXcIN-odFOCWX8Ox@krava>

On Mon, Dec 11, 2023 at 02:01:43PM +0100, Jiri Olsa wrote:
> On Mon, Dec 11, 2023 at 07:29:40PM +0800, Hou Tao wrote:
> 
> SNIP
> 
> > 
> > It seems a big attr->link_create.uprobe_multi.cnt is passed to
> > bpf_uprobe_multi_link_attach(). Could you please try the first patch in
> > the following patch set ?
> > 
> > https://lore.kernel.org/bpf/20231211112843.4147157-1-houtao@huaweicloud.com/T/#t
> > > [   68.389633][ T8223]  ? __might_fault+0x13f/0x1a0
> > > [   68.390129][ T8223]  ? bpf_kprobe_multi_link_attach+0x10/0x10
> > 
> > SNIP
> > >   res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000140ul, /*size=*/0x90ul);
> > >   if (res != -1) r[0] = res;
> > >   memcpy((void*)0x20000000, "./file0\000", 8);
> > >   syscall(__NR_creat, /*file=*/0x20000000ul, /*mode=*/0ul);
> > >   *(uint32_t*)0x20000340 = r[0];
> > >   *(uint32_t*)0x20000344 = 0;
> > >   *(uint32_t*)0x20000348 = 0x30;
> > >   *(uint32_t*)0x2000034c = 0;
> > >   *(uint64_t*)0x20000350 = 0x20000080;
> > >   memcpy((void*)0x20000080, "./file0\000", 8);
> > 
> > 0x20000350 is the address of attr->link_create.uprobe_multi.path.
> > >   *(uint64_t*)0x20000358 = 0x200000c0;
> > >   *(uint64_t*)0x200000c0 = 0;
> > >   *(uint64_t*)0x20000360 = 0;
> > >   *(uint64_t*)0x20000368 = 0;
> > >   *(uint32_t*)0x20000370 = 0xffffff1f;
> > 
> > The value of attr->link_create.uprobe_multi.cnt is 0xffffff1f, so 
> > 0xffffff1f * sizeof(bpf_uprobe) will be greater than INT_MAX, and
> > triggers the warning in mm/util.c:
> > 
> >         /* Don't even allow crazy sizes */
> >         if (unlikely(size > INT_MAX)) {
> >                 WARN_ON_ONCE(!(flags & __GFP_NOWARN));
> >                 return NULL;
> >         }
> > 
> > Adding __GFP_NOWARN when doing kvcalloc() can fix the warning.
> 
> hi,
> looks like that's the case.. thanks for fixing that
> 
> btw while checking on that I found kprobe_multi bench attach test
> takes forever on latest bpf-next/master
> 
> 	test_kprobe_multi_bench_attach:PASS:bpf_program__attach_kprobe_multi_opts 0 nsec
> 	test_kprobe_multi_bench_attach: found 56140 functions
> 	test_kprobe_multi_bench_attach: attached in  89.174s
> 	test_kprobe_multi_bench_attach: detached in  13.245s
> 	#113/1   kprobe_multi_bench_attach/kernel:OK
> 
> Masami,
> any idea of any change on fprobe/ftrace side recently? I'm going to check ;-)

nah sry, I had IBT enabled.. forgot the reason, but it's slow ;-)

jirka

  reply	other threads:[~2023-12-11 14:34 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-11  8:12 WARNING: kmalloc bug in bpf_uprobe_multi_link_attach xingwei lee
2023-12-11 11:29 ` Hou Tao
2023-12-11 13:01   ` Jiri Olsa
2023-12-11 14:34     ` Jiri Olsa [this message]
     [not found] <CABOYnLz2e+_0P88RgoDy6epWz9xrM2zhfMQdVrcjNiPqrFcBeQ@mail.gmail.com>
2023-12-11 11:22 ` Masami Hiramatsu
  -- strict thread matches above, loose matches on Subject: below --
2024-05-14  7:27 Ubisectech Sirius
2024-05-15 21:30 ` Alexei Starovoitov
2024-05-15 21:47   ` Jiri Olsa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZXcd-_lVhoiWBh-4@krava \
    --to=olsajiri@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=haoluo@google.com \
    --cc=houtao@huaweicloud.com \
    --cc=john.fastabend@gmail.com \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mhiramat@kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=sdf@google.com \
    --cc=song@kernel.org \
    --cc=xrivendell7@gmail.com \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.