* [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL @ 2016-08-02 6:44 Pratyush Anand 2016-08-02 15:45 ` Masami Hiramatsu 2016-08-02 20:30 ` Oleg Nesterov 0 siblings, 2 replies; 7+ messages in thread From: Pratyush Anand @ 2016-08-02 6:44 UTC (permalink / raw) To: linux-kernel Cc: oleg, srikar, Pratyush Anand, Alexander Shishkin, Arnaldo Carvalho de Melo, Ingo Molnar, Peter Zijlstra uprobe_pre_sstep_notifier and uprobe_post_sstep_notifier are called from debug exception handler, so blacklist them for kprobing. Signed-off-by: Pratyush Anand <panand@redhat.com> --- kernel/events/uprobes.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index b7a525ab2083..206e594cb65e 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -37,6 +37,7 @@ #include <linux/percpu-rwsem.h> #include <linux/task_work.h> #include <linux/shmem_fs.h> +#include <linux/kprobes.h> #include <linux/uprobes.h> @@ -1997,6 +1998,7 @@ int uprobe_pre_sstep_notifier(struct pt_regs *regs) set_thread_flag(TIF_UPROBE); return 1; } +NOKPROBE_SYMBOL(uprobe_pre_sstep_notifier); /* * uprobe_post_sstep_notifier gets called in interrupt context as part of notifier @@ -2014,6 +2016,7 @@ int uprobe_post_sstep_notifier(struct pt_regs *regs) set_thread_flag(TIF_UPROBE); return 1; } +NOKPROBE_SYMBOL(uprobe_post_sstep_notifier); static struct notifier_block uprobe_exception_nb = { .notifier_call = arch_uprobe_exception_notify, -- 2.5.5 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL 2016-08-02 6:44 [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL Pratyush Anand @ 2016-08-02 15:45 ` Masami Hiramatsu 2016-08-03 4:24 ` Pratyush Anand 2016-08-02 20:30 ` Oleg Nesterov 1 sibling, 1 reply; 7+ messages in thread From: Masami Hiramatsu @ 2016-08-02 15:45 UTC (permalink / raw) To: Pratyush Anand Cc: linux-kernel, oleg, srikar, Alexander Shishkin, Arnaldo Carvalho de Melo, Ingo Molnar, Peter Zijlstra On Tue, 2 Aug 2016 12:14:06 +0530 Pratyush Anand <panand@redhat.com> wrote: > uprobe_pre_sstep_notifier and uprobe_post_sstep_notifier are called from > debug exception handler, so blacklist them for kprobing. Actually, these exception notifers are kicked only if the debug exception is not related to kprobes (at least on x86). In that case, we don't have to take care about that. Or, would you hit any problem on it? IOW, where do we have to prohibit kprobes are, the code path from where right after the breakpoint (debug) exception is occurred, to where right before the kprobe is handled. After that, it should be safe. Thank you, > > Signed-off-by: Pratyush Anand <panand@redhat.com> > --- > kernel/events/uprobes.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c > index b7a525ab2083..206e594cb65e 100644 > --- a/kernel/events/uprobes.c > +++ b/kernel/events/uprobes.c > @@ -37,6 +37,7 @@ > #include <linux/percpu-rwsem.h> > #include <linux/task_work.h> > #include <linux/shmem_fs.h> > +#include <linux/kprobes.h> > > #include <linux/uprobes.h> > > @@ -1997,6 +1998,7 @@ int uprobe_pre_sstep_notifier(struct pt_regs *regs) > set_thread_flag(TIF_UPROBE); > return 1; > } > +NOKPROBE_SYMBOL(uprobe_pre_sstep_notifier); > > /* > * uprobe_post_sstep_notifier gets called in interrupt context as part of notifier > @@ -2014,6 +2016,7 @@ int uprobe_post_sstep_notifier(struct pt_regs *regs) > set_thread_flag(TIF_UPROBE); > return 1; > } > +NOKPROBE_SYMBOL(uprobe_post_sstep_notifier); > > static struct notifier_block uprobe_exception_nb = { > .notifier_call = arch_uprobe_exception_notify, > -- > 2.5.5 > -- Masami Hiramatsu <mhiramat@kernel.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL 2016-08-02 15:45 ` Masami Hiramatsu @ 2016-08-03 4:24 ` Pratyush Anand 2016-08-03 10:35 ` Pratyush Anand 0 siblings, 1 reply; 7+ messages in thread From: Pratyush Anand @ 2016-08-03 4:24 UTC (permalink / raw) To: Masami Hiramatsu Cc: linux-kernel, oleg, srikar, Alexander Shishkin, Arnaldo Carvalho de Melo, Ingo Molnar, Peter Zijlstra Hi Masami, On 03/08/2016:12:45:24 AM, Masami Hiramatsu wrote: > On Tue, 2 Aug 2016 12:14:06 +0530 > Pratyush Anand <panand@redhat.com> wrote: > > > uprobe_pre_sstep_notifier and uprobe_post_sstep_notifier are called from > > debug exception handler, so blacklist them for kprobing. > > Actually, these exception notifers are kicked only if the debug exception > is not related to kprobes (at least on x86). In that case, we don't have > to take care about that. Or, would you hit any problem on it? Well, I have faced issue on ARM64. So, if I have a kprobe instrumented at these functions and then if I hit a uprobe then kernel goes into an infinite loop of "Unexpected kernel single-step exception at EL1". On x86 I have not tested, but I see that all functions except arch_uprobe_exception_notify() in the call stack of uprobe_pre/post_sstep_notifier() are blacklisted for kprobe. So, I am unable to understand that why arch_uprobe_exception_notify() and uprobe_pre/post_sstep_notifier() are not blacklisted. > > IOW, where do we have to prohibit kprobes are, the code path from where > right after the breakpoint (debug) exception is occurred, to where right > before the kprobe is handled. After that, it should be safe. Hummmm...My understanding was that if a function a() is not good to be kprobed then we can not kprobe any function called by a() as well. Thanks for the clarification. So, if I go with your definition then, something is still wrong on ARM64 which is causing issue when I kprobe uprobe_pre/post_sstep_notifier(). ~Pratyush > > Thank you, > > > > > > Signed-off-by: Pratyush Anand <panand@redhat.com> > > --- > > kernel/events/uprobes.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c > > index b7a525ab2083..206e594cb65e 100644 > > --- a/kernel/events/uprobes.c > > +++ b/kernel/events/uprobes.c > > @@ -37,6 +37,7 @@ > > #include <linux/percpu-rwsem.h> > > #include <linux/task_work.h> > > #include <linux/shmem_fs.h> > > +#include <linux/kprobes.h> > > > > #include <linux/uprobes.h> > > > > @@ -1997,6 +1998,7 @@ int uprobe_pre_sstep_notifier(struct pt_regs *regs) > > set_thread_flag(TIF_UPROBE); > > return 1; > > } > > +NOKPROBE_SYMBOL(uprobe_pre_sstep_notifier); > > > > /* > > * uprobe_post_sstep_notifier gets called in interrupt context as part of notifier > > @@ -2014,6 +2016,7 @@ int uprobe_post_sstep_notifier(struct pt_regs *regs) > > set_thread_flag(TIF_UPROBE); > > return 1; > > } > > +NOKPROBE_SYMBOL(uprobe_post_sstep_notifier); > > > > static struct notifier_block uprobe_exception_nb = { > > .notifier_call = arch_uprobe_exception_notify, > > -- > > 2.5.5 > > > > > -- > Masami Hiramatsu <mhiramat@kernel.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL 2016-08-03 4:24 ` Pratyush Anand @ 2016-08-03 10:35 ` Pratyush Anand 2016-08-03 14:31 ` Masami Hiramatsu 0 siblings, 1 reply; 7+ messages in thread From: Pratyush Anand @ 2016-08-03 10:35 UTC (permalink / raw) To: Masami Hiramatsu Cc: open list, Oleg Nesterov, srikar, Alexander Shishkin, Arnaldo Carvalho de Melo, Ingo Molnar, Peter Zijlstra, Pratyush Anand On Wed, Aug 3, 2016 at 9:54 AM, Pratyush Anand <panand@redhat.com> wrote: > Hi Masami, > > On 03/08/2016:12:45:24 AM, Masami Hiramatsu wrote: >> On Tue, 2 Aug 2016 12:14:06 +0530 >> Pratyush Anand <panand@redhat.com> wrote: >> >> > uprobe_pre_sstep_notifier and uprobe_post_sstep_notifier are called from >> > debug exception handler, so blacklist them for kprobing. >> >> Actually, these exception notifers are kicked only if the debug exception >> is not related to kprobes (at least on x86). In that case, we don't have >> to take care about that. Or, would you hit any problem on it? > > Well, I have faced issue on ARM64. So, if I have a kprobe instrumented at these > functions and then if I hit a uprobe then kernel goes into an infinite loop of > "Unexpected kernel single-step exception at EL1". > > On x86 I have not tested, but I see that all functions except > arch_uprobe_exception_notify() in the call stack of > uprobe_pre/post_sstep_notifier() are blacklisted for kprobe. So, I am unable to > understand that why arch_uprobe_exception_notify() and > uprobe_pre/post_sstep_notifier() are not blacklisted. > >> >> IOW, where do we have to prohibit kprobes are, the code path from where >> right after the breakpoint (debug) exception is occurred, to where right >> before the kprobe is handled. After that, it should be safe. > > Hummmm...My understanding was that if a function a() is not good to be kprobed > then we can not kprobe any function called by a() as well. Thanks for the > clarification. So, if I go with your definition then, something is still wrong on > ARM64 which is causing issue when I kprobe uprobe_pre/post_sstep_notifier(). I found that one modification in ARM64 kprobe code allows me to kprobe uprobe_pre/post_sstep_notifier(). So, taking back this patch. Will discuss ARM64 modification on arm mailing list. Thanks Masami for your input. ~Pratyush ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL 2016-08-03 10:35 ` Pratyush Anand @ 2016-08-03 14:31 ` Masami Hiramatsu 0 siblings, 0 replies; 7+ messages in thread From: Masami Hiramatsu @ 2016-08-03 14:31 UTC (permalink / raw) To: Pratyush Anand Cc: open list, Oleg Nesterov, srikar, Alexander Shishkin, Arnaldo Carvalho de Melo, Ingo Molnar, Peter Zijlstra On Wed, 3 Aug 2016 16:05:34 +0530 Pratyush Anand <panand@redhat.com> wrote: > On Wed, Aug 3, 2016 at 9:54 AM, Pratyush Anand <panand@redhat.com> wrote: > > Hi Masami, > > > > On 03/08/2016:12:45:24 AM, Masami Hiramatsu wrote: > >> On Tue, 2 Aug 2016 12:14:06 +0530 > >> Pratyush Anand <panand@redhat.com> wrote: > >> > >> > uprobe_pre_sstep_notifier and uprobe_post_sstep_notifier are called from > >> > debug exception handler, so blacklist them for kprobing. > >> > >> Actually, these exception notifers are kicked only if the debug exception > >> is not related to kprobes (at least on x86). In that case, we don't have > >> to take care about that. Or, would you hit any problem on it? > > > > Well, I have faced issue on ARM64. So, if I have a kprobe instrumented at these > > functions and then if I hit a uprobe then kernel goes into an infinite loop of > > "Unexpected kernel single-step exception at EL1". > > > > On x86 I have not tested, but I see that all functions except > > arch_uprobe_exception_notify() in the call stack of > > uprobe_pre/post_sstep_notifier() are blacklisted for kprobe. So, I am unable to > > understand that why arch_uprobe_exception_notify() and > > uprobe_pre/post_sstep_notifier() are not blacklisted. > > > >> > >> IOW, where do we have to prohibit kprobes are, the code path from where > >> right after the breakpoint (debug) exception is occurred, to where right > >> before the kprobe is handled. After that, it should be safe. > > > > Hummmm...My understanding was that if a function a() is not good to be kprobed > > then we can not kprobe any function called by a() as well. Thanks for the > > clarification. So, if I go with your definition then, something is still wrong on > > ARM64 which is causing issue when I kprobe uprobe_pre/post_sstep_notifier(). > > I found that one modification in ARM64 kprobe code allows me to kprobe > uprobe_pre/post_sstep_notifier(). So, taking back this patch. Will > discuss ARM64 modification on arm mailing list. OK, so that will be ARM64 specific issue. We'd better to trace it. Thank you for your effort!! > > Thanks Masami for your input. > > ~Pratyush -- Masami Hiramatsu <mhiramat@kernel.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL 2016-08-02 6:44 [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL Pratyush Anand 2016-08-02 15:45 ` Masami Hiramatsu @ 2016-08-02 20:30 ` Oleg Nesterov 2016-08-03 4:12 ` Pratyush Anand 1 sibling, 1 reply; 7+ messages in thread From: Oleg Nesterov @ 2016-08-02 20:30 UTC (permalink / raw) To: Pratyush Anand, Ananth Mavinakayanahalli, Masami Hiramatsu Cc: linux-kernel, srikar, Alexander Shishkin, Arnaldo Carvalho de Melo, Ingo Molnar, Peter Zijlstra On 08/02, Pratyush Anand wrote: > > uprobe_pre_sstep_notifier and uprobe_post_sstep_notifier are called from > debug exception handler, so blacklist them for kprobing. Let me add kprobes maintainers, I am a bit confused... > @@ -1997,6 +1998,7 @@ int uprobe_pre_sstep_notifier(struct pt_regs *regs) > set_thread_flag(TIF_UPROBE); > return 1; > } > +NOKPROBE_SYMBOL(uprobe_pre_sstep_notifier); > > /* > * uprobe_post_sstep_notifier gets called in interrupt context as part of notifier > @@ -2014,6 +2016,7 @@ int uprobe_post_sstep_notifier(struct pt_regs *regs) > set_thread_flag(TIF_UPROBE); > return 1; > } > +NOKPROBE_SYMBOL(uprobe_post_sstep_notifier); but if we need to blacklist uprobe_pre/post_sstep_notifier then we also need to blacklist their caller, arch_uprobe_exception_notify() ? and every .notifier_call used in register_die_notifier() ? Oleg. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL 2016-08-02 20:30 ` Oleg Nesterov @ 2016-08-03 4:12 ` Pratyush Anand 0 siblings, 0 replies; 7+ messages in thread From: Pratyush Anand @ 2016-08-03 4:12 UTC (permalink / raw) To: Oleg Nesterov Cc: Ananth Mavinakayanahalli, Masami Hiramatsu, linux-kernel, srikar, Alexander Shishkin, Arnaldo Carvalho de Melo, Ingo Molnar, Peter Zijlstra Hi Oleg, On 02/08/2016:10:30:35 PM, Oleg Nesterov wrote: > On 08/02, Pratyush Anand wrote: > > > > uprobe_pre_sstep_notifier and uprobe_post_sstep_notifier are called from > > debug exception handler, so blacklist them for kprobing. > > Let me add kprobes maintainers, I am a bit confused... > > > @@ -1997,6 +1998,7 @@ int uprobe_pre_sstep_notifier(struct pt_regs *regs) > > set_thread_flag(TIF_UPROBE); > > return 1; > > } > > +NOKPROBE_SYMBOL(uprobe_pre_sstep_notifier); > > > > /* > > * uprobe_post_sstep_notifier gets called in interrupt context as part of notifier > > @@ -2014,6 +2016,7 @@ int uprobe_post_sstep_notifier(struct pt_regs *regs) > > set_thread_flag(TIF_UPROBE); > > return 1; > > } > > +NOKPROBE_SYMBOL(uprobe_post_sstep_notifier); > > but if we need to blacklist uprobe_pre/post_sstep_notifier then we > also need to blacklist their caller, arch_uprobe_exception_notify() ? I think yes, in ARM64 I have done that. However, arm64 does not use notifier method, so arch_uprobe_exception_notify() is just a dummy function for it. > > and every .notifier_call used in register_die_notifier() ? I tried to look into x86 notify path related to uprobe_pre/post_sstep_notifier(). I see that calling sequence is like do_int3()-> notify_die() -> atomic_notifier_call_chain() -> __atomic_notifier_call_chain() -> notifier_call_chain() -> arch_uprobe_exception_notify(). In this sequence, every function is blacklisted for kprobe except arch_uprobe_exception_notify(). So, I am unable to understand, if notifier_call_chain() is not safe for kprobe then how can it be safe for a function it calls. ~Pratyush ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-08-03 14:41 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-08-02 6:44 [PATCH] uprobe: Add uprobe_pre/post_sstep_notifier to NOKPROBE_SYMBOL Pratyush Anand 2016-08-02 15:45 ` Masami Hiramatsu 2016-08-03 4:24 ` Pratyush Anand 2016-08-03 10:35 ` Pratyush Anand 2016-08-03 14:31 ` Masami Hiramatsu 2016-08-02 20:30 ` Oleg Nesterov 2016-08-03 4:12 ` Pratyush Anand
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox