From: Will Deacon <will.deacon@arm.com>
To: Pratyush Anand <panand@redhat.com>
Cc: Steve Capper <steve.capper@linaro.org>,
Catalin Marinas <Catalin.Marinas@arm.com>,
Oleg Nesterov <oleg@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
David Long <dave.long@linaro.org>,
William Cohen <wcohen@redhat.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Subject: Re: Query: ARM64: Behavior of el1_dbg exception while executing el0_dbg
Date: Mon, 19 Jan 2015 10:11:42 +0000 [thread overview]
Message-ID: <20150119101142.GB32131@arm.com> (raw)
In-Reply-To: <54BC9FC0.2080207@redhat.com>
On Mon, Jan 19, 2015 at 06:10:08AM +0000, Pratyush Anand wrote:
> On Friday 16 January 2015 09:52 PM, Will Deacon wrote:
> > Perhaps you're not removing the BRK instruction properly, and so you try to
> > single-step a trapping instruction and end up stepping into the exception?
>
> No, probably that is not the scenario. One thing I agree, that even if
> AARCH64 specs says that SW BRK exception can not be masked, current
> kernel code is not ready to handle re-entrant software debug exception.
> So, I will keep those part of uprobe code as non-kprobable, and then its
> not so important to get into it for code development perspective.
>
> However, it would be good to understand that what went wrong and caused
> to receive an el1_inval. I still fail to pin point the reason of current
> issue and its not single stepping a trapping instruction (BRK). Sorry,
> but please have a relook at the sequence of events:
I think my general point still stands (the issue is likely in step 5),
but ok.
> 1. 1st instruction of uprobe_breakpoint_handler is:
> ffffffc00059a628: a9bf7bfd stp x29, x30, [sp,#-16]!
> which is replaced by BRK64_OPCODE_KPROBES = 0xD4200080, when Kprobe is
> instrumented.
>
> 2. User instruction at address 0x4005d0 is replaced by
> BRK64_OPCODE_UPROBES = 0xD4200100, when uprobe is instrumented.
>
> 3. When application executes instruction at 0x4005d0,we receive el0_dbg.
>
> 4. In el0_dbg handler we execute kernel code at address
> ffffffc00059a628, so el1_dbg is raised. (I agree here that el0_dbg has
> not been closed properly, which current entry.S code expects, so we will
> need to fix it if we consensus to support re-entrant software debug
> exception, how ever the issue which I see seems unrelated, so...)
Up to here, we seem to be doing fine.
> 5. Now in el1_dbg, we handle kprobe_breakpoint_handler, where we write
> saved instruction (ie a9bf7bfd stp x29, x30, [sp,#-16]!) to
> the kmalloc allocated address fffffdfffc000004. kprobe code does
> flush_icache_range on this location. regs->pc is set to
> fffffdfffc000004, so elr_el1 is programmed with fffffdfffc000004 during
> kernel_exit. I have cross checked elr_el1 value just before eret is
> executed in kernel_exit, and it is correct.
This is the step I'm concerned about. Can you verify that:
- Replacing the instruction with a nop does/doesn't change behaviour?
- 0xfffffdfffc000004 is mapped at the point of exception return?
- Using __flush_icache_all instead of flush_icache_range makes no
difference?
> So, here we are trying to single step a STP instruction and not BRK
> instruction.
>
> 6. Here I am expecting a single step exception, but I receive a el1_inv
> with ESR_EL1(0x86000007) ie EC as "ESR_EL1_EC_IABT_EL1" and IFSC as
> "Translation fault, third level". WHY????
That likely means that 0xfffffdfffc000004 isn't mapped. Looking at the
kprobes code, shouldn't it be using the modules area so that it can
guarantee an executable mapping? If so, that should be below PAGE_OFFSET
which isn't true in your case afaict.
Will
prev parent reply other threads:[~2015-01-19 10:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <54AE830E.1090000@redhat.com>
[not found] ` <20150108162312.GO11583@arm.com>
[not found] ` <54AEBE45.9080203@redhat.com>
[not found] ` <20150109154635.GG11258@arm.com>
2015-01-09 17:13 ` Query: ARM64: Behavior of el1_dbg exception while executing el0_dbg Pratyush Anand
2015-01-12 17:30 ` Will Deacon
2015-01-12 19:25 ` William Cohen
2015-01-13 6:46 ` Pratyush Anand
2015-01-13 15:52 ` Catalin Marinas
2015-01-13 17:53 ` Pratyush Anand
2015-01-15 16:47 ` Pratyush Anand
2015-01-16 12:00 ` Pratyush Anand
2015-01-16 14:55 ` Pratyush Anand
2015-01-16 16:22 ` Will Deacon
2015-01-19 6:10 ` Pratyush Anand
2015-01-19 10:11 ` Will Deacon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150119101142.GB32131@arm.com \
--to=will.deacon@arm.com \
--cc=Catalin.Marinas@arm.com \
--cc=dave.long@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=panand@redhat.com \
--cc=steve.capper@linaro.org \
--cc=wcohen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).