Re: [PATCH RESEND 2/2] tracing: syscall_regfunc() should not skip kernel threads

[Oleg Nesterov <oleg@redhat.com>]

On 04/10, Steven Rostedt wrote:
>
> On Thu, 10 Apr 2014 20:14:17 +0200
> Oleg Nesterov <oleg@redhat.com> wrote:
> 
> 
> > And I forgot to mention, given that the kernel_thread() callback should
> > call do_exit() itself, then this part of cc3b13c11c567c69a63
> > 
> > 	one case when a kernel thread can reach the
> > 	usual syscall exit tracing path: when we create a kernel thread, the
> > 	child comes to ret_from_fork
> > 
> > is no longer relevant? A PF_KTHREAD child should never return from the
> > callback and thus it should never do "jmp syscall_exit" ?
> > 
> 
> Are you sure.

Not.

> On set up of the kthread, create_kthread() calls
> kernel_thread() with "kthread()" as its first parameter.
> 
> kernel_thread() then calls do_fork() passing the "kthread" function as
> the stack_start parameter, which if you follow where that goes, it gets
> to copy_thread() in process_[63][42].c which assigns sp (the function)
> to the bx register for the PF_KTHREAD case. But more importantly, it
> sets up the stack to have ip pointing to ret_from_kernel_thread (32 bit
> version).
> 
> The jmp syscall_exit when it goes to return to "userspace" will in
> actuality return to ret_from_kernel_thread (32 bit). Which this does:
> 
> 	call *PT_EBX(%esp)
> 
> which calls your handler. But then again, this calls syscall_exit when
> done, which probably will never be hit as kthread() calls do_exit()
> itself. Perhaps if something goes wrong, syscall_exit can handle any
> faults that can happen?
> 
> For 64 bit, the check for kernel thread is in ret_from_fork itself.
> which does the call *%rbx, but again, if it fails, it then calls
> int_ret_from_sys_call, which it may also handle faults.

See my previous email.

I _think_ that the kernel thread can only return from "call *%rbx" if
it is no longer a kernel thread, iow, do_execve() was called.

Oleg.