From: Oleg Nesterov <oleg@redhat.com>
To: Denys Vlasenko <dvlasenk@redhat.com>
Cc: linux-kernel@vger.kernel.org, Jim Keniston <jkenisto@us.ibm.com>,
Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
Srikar Dronamraju <srikar@linux.vnet.ibm.com>,
Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH] uprobes: use BX register for rip-relative fixups, not AX
Date: Mon, 28 Apr 2014 21:23:04 +0200 [thread overview]
Message-ID: <20140428192304.GA9412@redhat.com> (raw)
In-Reply-To: <535EA6C3.3030903@redhat.com>
On 04/28, Denys Vlasenko wrote:
>
> On 04/28/2014 07:34 PM, Oleg Nesterov wrote:
> >
> > It seems that you are right. But it would be really great if you also
> > provide the test-case which proves the fix ;)
>
> Working on a testcase for this. So far covered div (test1)
> and cmpxchg (test2).
>
> Reproduced failure on a fairly old 3.10.11 kernel:
Just in case, confirm. Reproduced on v3.14 + all recent uprobes changes.
Thanks.
> # gcc -Os -Wall test_riprel.c -o test_riprel
> # ./test_riprel
> test1: pass
> test2: pass
> # perf probe -x ./test_riprel probe1
> # perf record -e probe_test:probe1 ./test_riprel
> test1: FAIL
> test2: pass
> # perf probe -x ./test_riprel probe2
> # perf record -e probe_test:probe2 ./test_riprel
> test1: pass
> test2: FAIL
>
> Source:
>
> test_riprel.c
> ==================
> #include <stdio.h>
>
> static const char *const fail_pass[] = { "FAIL", "pass" };
>
> long two = 2;
> long test1()
> {
> long ax=0, dx=0;
> asm volatile("\n"
> " xor %%edx,%%edx\n"
> " lea 2(%%edx),%%eax\n"
> // We divide 2 by 2. Result (in eax) should be 1:
> " probe1: .globl probe1\n"
> " divl two(%%rip)\n"
> // If we have a bug (eax mangled on entry) the result will be 2,
> // because eax gets restored by probe machinery.
> : "=a" (ax), "=d" (dx) /*out*/
> : "0" (ax), "1" (dx) /*in*/
> : "memory" /*clobber*/
> );
> dprintf(2, "%s: %s\n", __func__, fail_pass[ax == 1]);
> return ax;
> }
>
> long val2 = 0;
> long test2()
> {
> long old_val2 = val2;
> long ax=0, dx=0;
> asm volatile("\n"
> " mov val2,%%eax\n" // eax := val2
> " lea 1(%%eax),%%edx\n" // edx := eax+1
> // eax is equal to val2. cmpxchg should store edx to val2:
> " probe2: .globl probe2\n"
> " cmpxchg %%edx,val2(%%rip)\n"
> // If we have a bug (eax mangled on entry), val2 will stay unchanged
> : "=a" (ax), "=d" (dx) /*out*/
> : "0" (ax), "1" (dx) /*in*/
> : "memory" /*clobber*/
> );
> dprintf(2, "%s: %s\n", __func__, fail_pass[val2 == old_val2 + 1]);
> return ax == dx;
> }
>
> int main()
> {
> test1();
> test2();
> return 0;
> }
>
next prev parent reply other threads:[~2014-04-28 19:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1398704774-25173-1-git-send-email-dvlasenk@redhat.com>
[not found] ` <1398704774-25173-2-git-send-email-dvlasenk@redhat.com>
2014-04-28 17:34 ` [PATCH] uprobes: use BX register for rip-relative fixups, not AX Oleg Nesterov
2014-04-28 19:06 ` Denys Vlasenko
2014-04-28 19:23 ` Oleg Nesterov [this message]
2014-04-29 10:16 ` Denys Vlasenko
2014-04-28 17:44 ` Denys Vlasenko
2014-05-01 0:29 ` Jim Keniston
2014-04-29 19:09 ` [PATCH v3] uprobes: simplify rip-relative handling Oleg Nesterov
2014-05-01 0:17 ` Jim Keniston
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140428192304.GA9412@redhat.com \
--to=oleg@redhat.com \
--cc=dvlasenk@redhat.com \
--cc=jkenisto@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=masami.hiramatsu.pt@hitachi.com \
--cc=mingo@kernel.org \
--cc=srikar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).