From: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
To: Jiri Kosina <jkosina@suse.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org, live-patching@vger.kernel.org,
linux-next@vger.kernel.org, Steven Rostedt <rostedt@goodmis.org>
Subject: Re: [PATCH] ftrace: don't allow IPMODIFY without proper compiler support (was Re: Re: livepatching tree for linux-next)
Date: Wed, 14 Jan 2015 11:34:33 +0900 [thread overview]
Message-ID: <54B5D5B9.4060409@hitachi.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1501132345080.4162@pobox.suse.cz>
(2015/01/14 7:47), Jiri Kosina wrote:
> On Mon, 12 Jan 2015, Masami Hiramatsu wrote:
>
>>> In any case, Masami, I really think you would like to do something
>>> like that for IPMODIFY as well ... or are you deliberately defering
>>> the responsibility to handle the possible mcount fallout to the
>>> ftrace_ops owner?
>>
>> Ah, good point. I just tried to use ftrace and WARN if not possible
>> to use it. I'll see it tomorrow. Anyway, I'd prefer to have this
>> kind of checking functionality in ftrace.
>
> Okay, so how about something like this, for example ... ?
Thanks! Could you read my comments?
> From: Jiri Kosina <jkosina@suse.cz>
> Subject: [PATCH] ftrace: don't allow IPMODIFY without proper compiler support
>
> Using IPMODIFY needs to be allowed only with compilers which are
> guaranteed to generate function prologues compatible with function
> redirection through changing instruction pointer in saved regs.
>
> For example changing regs->ip on x86_64 in cases when gcc is using mcount
> (and not fentry) is not allowed, because at the time mcount call is
> issued, the original function's prologue has already been executed, which
> leads to all kinds of inconsistent havoc.
>
> There is currently no way to express dependency on gcc features in
> Kconfig, (CC_USING_FENTRY is defined only during build, so it's not
> possible for Kconfig symbol to depend on it) so this needs to be checked
> in runtime.
>
> Mark x86_64 with fentry supported for now. Other archs can be added
> gradually.
>
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> ---
> arch/x86/include/asm/ftrace.h | 2 ++
> include/linux/ftrace.h | 4 ++++
> kernel/trace/ftrace.c | 5 +++++
> 3 files changed, 11 insertions(+)
>
> diff --git a/arch/x86/include/asm/ftrace.h b/arch/x86/include/asm/ftrace.h
> index f45acad..29fa417 100644
> --- a/arch/x86/include/asm/ftrace.h
> +++ b/arch/x86/include/asm/ftrace.h
> @@ -4,8 +4,10 @@
> #ifdef CONFIG_FUNCTION_TRACER
> #ifdef CC_USING_FENTRY
> # define MCOUNT_ADDR ((long)(__fentry__))
> +# define arch_ftrace_ipmodify_compiler_support(void) ({ 1; })
> #else
> # define MCOUNT_ADDR ((long)(mcount))
> +#define arch_ftrace_ipmodify_compiler_support(void) ({ 0; })
Hmm, can we just define ARCH_FTRACE_SUPPORT_IPMODIFY here?
> #endif
> #define MCOUNT_INSN_SIZE 5 /* sizeof mcount call */
>
> diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h
> index 1da6029..655ba99 100644
> --- a/include/linux/ftrace.h
> +++ b/include/linux/ftrace.h
> @@ -244,6 +244,10 @@ static inline int ftrace_function_local_disabled(struct ftrace_ops *ops)
> extern void ftrace_stub(unsigned long a0, unsigned long a1,
> struct ftrace_ops *op, struct pt_regs *regs);
>
> +#ifndef arch_ftrace_ipmodify_compiler_support
> +/* let's not make any implicit assumptions about profiling call placement */
> +# define arch_ftrace_ipmodify_compiler_support() { 0; }
> +#endif
> #else /* !CONFIG_FUNCTION_TRACER */
> /*
> * (un)register_ftrace_function must be a macro since the ops parameter
> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
> index 929a733..11370fd 100644
> --- a/kernel/trace/ftrace.c
> +++ b/kernel/trace/ftrace.c
> @@ -1809,6 +1809,11 @@ static int __ftrace_hash_update_ipmodify(struct ftrace_ops *ops,
> if (!(ops->flags & FTRACE_OPS_FL_IPMODIFY))
> return 0;
>
> + if (!arch_ftrace_ipmodify_compiler_support()) {
> + WARN(1, "Your compiler doesn't support features necessary for IPMODIFY");
> + return 0;
> + }
Actually, if ftrace doesn't support IPMODIFY, I would like to just drop
the entire code for CONFIG_KPROBES_ON_FTRACE(this is a hidden config),
instead of checking at runtime.
So, there are 2 ifdefs of code in kernel/kprobes.c for
CONFIG_KPROBES_ON_FTRACE, those should also check
ARCH_FTRACE_SUPPORT_IPMODIFY too.
Thank you,
> +
> /*
> * Since the IPMODIFY is a very address sensitive action, we do not
> * allow ftrace_ops to set all functions to new hash.
>
--
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com
next prev parent reply other threads:[~2015-01-14 2:34 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-22 19:52 livepatching tree for linux-next Jiri Kosina
2014-12-23 9:46 ` Christoph Hellwig
2014-12-23 15:10 ` Josh Poimboeuf
2014-12-26 4:56 ` Stephen Rothwell
2015-01-07 22:43 ` Andrew Morton
2015-01-07 23:01 ` Jiri Kosina
2015-01-07 23:30 ` Andrew Morton
2015-01-07 23:49 ` Jiri Kosina
2015-01-07 23:57 ` Andrew Morton
2015-01-08 0:11 ` Jiri Kosina
2015-01-08 0:33 ` Andrew Morton
2015-01-08 2:22 ` Jingoo Han
2015-01-12 12:45 ` Masami Hiramatsu
2015-01-13 22:47 ` [PATCH] ftrace: don't allow IPMODIFY without proper compiler support (was Re: Re: livepatching tree for linux-next) Jiri Kosina
2015-01-14 2:12 ` Steven Rostedt
2015-01-14 8:47 ` [PATCH 1/2 v2] ftrace: don't allow IPMODIFY without proper compiler support Jiri Kosina
2015-01-14 8:48 ` [PATCH 2/2] kprobes: compile out IPMODIFY support if ftrace doesn't support it Jiri Kosina
2015-01-15 3:04 ` Masami Hiramatsu
2015-01-15 3:34 ` [PATCH 1/2 v2] ftrace: don't allow IPMODIFY without proper compiler support Masami Hiramatsu
2015-01-15 9:34 ` Jiri Kosina
2015-01-15 9:50 ` [PATCH 1/2 v3] " Jiri Kosina
2015-01-15 9:50 ` [PATCH 2/2 v3] kprobes: compile out IPMODIFY support if ftrace doesn't support it Jiri Kosina
2015-01-16 16:35 ` [PATCH 1/2 v3] ftrace: don't allow IPMODIFY without proper compiler support Steven Rostedt
2015-01-16 16:41 ` Jiri Kosina
2015-01-16 16:53 ` Steven Rostedt
2015-01-14 2:34 ` Masami Hiramatsu [this message]
2015-01-14 8:34 ` [PATCH] ftrace: don't allow IPMODIFY without proper compiler support (was Re: Re: livepatching tree for linux-next) Jiri Kosina
2015-01-09 10:03 ` livepatching tree for linux-next Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B5D5B9.4060409@hitachi.com \
--to=masami.hiramatsu.pt@hitachi.com \
--cc=akpm@linux-foundation.org \
--cc=hch@infradead.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox