[PATCH -tip ] [BUGFIX] kprobes: Skip kretprobe hit in NMI context to avoid deadlock

[PATCH -tip ] [BUGFIX] kprobes: Skip kretprobe hit in NMI context to avoid deadlock

[Masami Hiramatsu]

Skip kretprobe hit in NMI context, because if an NMI happens
inside the critical section protected by kretprobe_table.lock
and another(or same) kretprobe hit, pre_kretprobe_handler
tries to lock kretprobe_table.lock again.
Normal interrupts have no problem because they are disabled
with the lock.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Cc: "David S. Miller" <davem@davemloft.net>
---
 kernel/kprobes.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 734e9a7..a537029 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1778,6 +1778,12 @@ static int pre_handler_kretprobe(struct kprobe *p, struct pt_regs *regs)
 	unsigned long hash, flags = 0;
 	struct kretprobe_instance *ri;
 
+	/* To avoid deadlock, prohibit return probing in NMI context */
+	if (in_nmi()) {
+		rp->nmissed++;
+		return 0;
+	}
+
 	/*TODO: consider to only swap the RA after the last pre_handler fired */
 	hash = hash_ptr(current, KPROBE_HASH_BITS);
 	raw_spin_lock_irqsave(&rp->lock, flags);

Re: [PATCH -tip ] [BUGFIX] kprobes: Skip kretprobe hit in NMI context to avoid deadlock

[Ananth N Mavinakayanahalli]

On Fri, Aug 01, 2014 at 08:42:54AM +0000, Masami Hiramatsu wrote:
> Skip kretprobe hit in NMI context, because if an NMI happens
> inside the critical section protected by kretprobe_table.lock
> and another(or same) kretprobe hit, pre_kretprobe_handler
> tries to lock kretprobe_table.lock again.
> Normal interrupts have no problem because they are disabled
> with the lock.
> 
> Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>

Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>

Re: [PATCH -tip ] [BUGFIX] kprobes: Skip kretprobe hit in NMI context to avoid deadlock

[Ingo Molnar]

* Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> wrote:

> Skip kretprobe hit in NMI context, because if an NMI happens
> inside the critical section protected by kretprobe_table.lock
> and another(or same) kretprobe hit, pre_kretprobe_handler
> tries to lock kretprobe_table.lock again.
> Normal interrupts have no problem because they are disabled
> with the lock.
> 
> Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> ---
>  kernel/kprobes.c |    6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 734e9a7..a537029 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -1778,6 +1778,12 @@ static int pre_handler_kretprobe(struct kprobe *p, struct pt_regs *regs)
>  	unsigned long hash, flags = 0;
>  	struct kretprobe_instance *ri;
>  
> +	/* To avoid deadlock, prohibit return probing in NMI context */
> +	if (in_nmi()) {

Should be unlikely()?

> +		rp->nmissed++;
> +		return 0;

In another place in this function we do:

        } else {
                rp->nmissed++;
                raw_spin_unlock_irqrestore(&rp->lock, flags);
        }

Is it safe to modify rp-> without locking?

> +	}
> +
>  	/*TODO: consider to only swap the RA after the last pre_handler fired */

Nit: That comment is oddly formatted.

Thanks,

	Ingo

Re: [PATCH -tip ] [BUGFIX] kprobes: Skip kretprobe hit in NMI context to avoid deadlock

[Masami Hiramatsu]

(2014/08/01 20:00), Ingo Molnar wrote:
> 
> * Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> wrote:
> 
>> Skip kretprobe hit in NMI context, because if an NMI happens
>> inside the critical section protected by kretprobe_table.lock
>> and another(or same) kretprobe hit, pre_kretprobe_handler
>> tries to lock kretprobe_table.lock again.
>> Normal interrupts have no problem because they are disabled
>> with the lock.
>>
>> Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
>> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
>> Cc: "David S. Miller" <davem@davemloft.net>
>> ---
>>  kernel/kprobes.c |    6 ++++++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
>> index 734e9a7..a537029 100644
>> --- a/kernel/kprobes.c
>> +++ b/kernel/kprobes.c
>> @@ -1778,6 +1778,12 @@ static int pre_handler_kretprobe(struct kprobe *p, struct pt_regs *regs)
>>  	unsigned long hash, flags = 0;
>>  	struct kretprobe_instance *ri;
>>  
>> +	/* To avoid deadlock, prohibit return probing in NMI context */
>> +	if (in_nmi()) {
> 
> Should be unlikely()?

Ah, Indeed.

> 
>> +		rp->nmissed++;
>> +		return 0;
> 
> In another place in this function we do:
> 
>         } else {
>                 rp->nmissed++;
>                 raw_spin_unlock_irqrestore(&rp->lock, flags);
>         }
> 
> Is it safe to modify rp-> without locking?

Yes, rp->nmissed is just for noticing the fault to users,
not for controlling.:) If we need more accurate value, we'd
better make it atomic_t.

Thank you,

> 
>> +	}
>> +
>>  	/*TODO: consider to only swap the RA after the last pre_handler fired */
> 
> Nit: That comment is oddly formatted.
> 
> Thanks,
> 
> 	Ingo
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com