Re: [RFC,PATCH] kprobes - optimized kprobes might crash before settingkernel stack

From: Masami Hiramatsu
Date: Tue Feb 15 2011 - 10:56:10 EST

Next message: Axel Lin: "[PATCH RESEND] backlight: jornada720_bl/jornada720_lcd: makeneedlessly global symbols static"
Previous message: Tejun Heo: "Re: [dm-devel] [PATCH][RFC] dm: Do not open log and cow deviceread-write for read-only mappings"
In reply to: Jiri Olsa: "Re: [RFC,PATCH] kprobes - optimized kprobes might crash beforesetting kernel stack"
Next in thread: Jiri Olsa: "Re: [RFC,PATCH] kprobes - optimized kprobes might crash beforesetting kernel stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(2011/02/15 21:30), Jiri Olsa wrote:
> On Tue, Feb 15, 2011 at 06:41:58PM +0900, Masami Hiramatsu wrote:
>> (2011/02/15 0:12), Jiri Olsa wrote:
>>> hi,
>>>
>>> you can crash the kernel using kprobe tracer via:
>>>
>>> echo "p system_call_after_swapgs" > ./kprobe_events
>>> echo 1 > ./events/kprobes/enable
>>
>> Ah, thank you very much!
>>
>>> The reason is that at the system_call_after_swapgs label,
>>> the kernel stack is not set up. If optimized kprobes are
>>> enabled, the user space stack is being used in this case
>>> (see optimized kprobe template) and this might result in a crash.
>>
>> Verified here, and also it didn't occur when turning optimization
>> off by sysctl. So this is a bug of kprobe jump optimization, not
>> kprobes itself.
>>
>>> Looks like there are several places like this over the entry_$(BIT)
>>> code. First I thought it'd be ok to localize those places, but
>>> I haven't found any reasonable/maintainable way to disable only those
>>> places.
>>
>> Hmm, agreed.
>>
>>> So I switched off the whole entry code from optimizing, but this
>>> also switch many safe places (attached patch - tested on x86_64).
>>
>> I'm OK for this solution. I think possible another solution is using
>> interrupt stack in optprobe template too. Anyway in short term, this
>> solution will be good.
>
> ok, I'll test on 32 bits and resend to Ingo

Thanks!
And also, with deeply thinking about this problem, it seems that
your idea could be the best way to fix, because kprobes can not
know where the kernel stack is ready without those text section.

>>> Also not sure this crash falls in to the area of that once such
>>> probe is used, user should know consequences..
>>
>> User can see that those probe is not optimized via sysfs.
>
> I cannot find this, where can I see this info?

Ah, actually, that is under debugfs, which is usually mounted on
/sys/kernel/debug. You can read "/sys/kernel/debug/kprobes/list"
for getting a list of currently registered probes.

Thank you,
--
Masami HIRAMATSU
2nd Dept. Linux Technology Center
Hitachi, Ltd., Systems Development Laboratory
E-mail: masami.hiramatsu.pt@xxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Axel Lin: "[PATCH RESEND] backlight: jornada720_bl/jornada720_lcd: makeneedlessly global symbols static"
Previous message: Tejun Heo: "Re: [dm-devel] [PATCH][RFC] dm: Do not open log and cow deviceread-write for read-only mappings"
In reply to: Jiri Olsa: "Re: [RFC,PATCH] kprobes - optimized kprobes might crash beforesetting kernel stack"
Next in thread: Jiri Olsa: "Re: [RFC,PATCH] kprobes - optimized kprobes might crash beforesetting kernel stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]