From: Steven Rostedt <rostedt@goodmis.org>
To: Zheng Yejian <zhengyejian1@huawei.com>
Cc: <mhiramat@kernel.org>, <yujie.liu@intel.com>,
<bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] tracing: Optimize event type allocation with IDA
Date: Tue, 22 Nov 2022 22:32:58 -0500 [thread overview]
Message-ID: <20221122223258.10faaf4e@rorschach.local.home> (raw)
In-Reply-To: <20221123031806.735511-1-zhengyejian1@huawei.com>
On Wed, 23 Nov 2022 11:18:06 +0800
Zheng Yejian <zhengyejian1@huawei.com> wrote:
> But Yujie Liu <yujie.liu@intel.com> reported a problem that highly
> reproducible after applying this patch:
> Link: https://lore.kernel.org/lkml/54f23c9c-97ae-e326-5873-bfa5d2c81f52@intel.com/
>
> So please DO NOT apply this patch before I find what happened about it.
I know what the issue is.
The current way of assigning types is to always increment. And not to
reuse until it fills up. And even then, it looks for the next available
number.
I'm guessing the IDA will reuse a number as soon as it is freed. This
may also have uncovered a bug, as in reality, we must actually clear
the tracing buffers every time a number is reused.
What happens is that the type number is associated to a print format.
That is, the raw data is tagged with the type. This type maps to how to
parse the raw data. If you have a kprobe, it creates a new type number.
If you free it, and create another one. With the IDA, it is likely to
reassign the previously freed number to a new probe.
To explain this better, let's look at the following scenario:
echo 'p:foo val=$arg1:u64' > kprobe_events
echo 1 > events/kprobes/foo/enable
sleep 1
echo 0 > events/kprobes/foo/enable
echo 'p:bar val=+0($arg1):string' > kprobe_events
# foo kprobe is deleted and bar is created and
# with IDA, bar has the same number for type as foo
cat trace
When you read the trace, it will see a binary blob representing an
event and marked with a type. Although the event was foo, it will now
map it to bar. And it will read foo's $arg1:u64 as bar's
+0($arg1):string, and will crash.
-- Steve
next prev parent reply other threads:[~2022-11-23 3:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-10 2:03 [PATCH v2] tracing: Optimize event type allocation with IDA Zheng Yejian
2022-11-11 14:41 ` Masami Hiramatsu
2022-11-23 3:18 ` Zheng Yejian
2022-11-23 3:32 ` Steven Rostedt [this message]
2022-11-23 4:17 ` Steven Rostedt
2022-11-23 8:01 ` Zheng Yejian
2022-11-23 13:37 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221122223258.10faaf4e@rorschach.local.home \
--to=rostedt@goodmis.org \
--cc=bpf@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=yujie.liu@intel.com \
--cc=zhengyejian1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox