Re: [BUG] kprobes crashing because of preempt count

From: Masami Hiramatsu
Date: Thu Jun 30 2011 - 21:12:13 EST

Next message: Tabi Timur-B04825: "Re: [PATCH 7/7] [v6] drivers/virt: introduce Freescale hypervisormanagement driver"
Previous message: Joe Perches: "[PATCH 1/2] netpoll: Remove unused EXPORT_SYMBOLs of netpoll_poll and netpoll_poll_dev"
In reply to: Masami Hiramatsu: "Re: [RFC][PATCH] kprobes: Add separate preempt_disabling for kprobes"
Next in thread: Steven Rostedt: "Re: [BUG] kprobes crashing because of preempt count"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(2011/06/30 22:23), Steven Rostedt wrote:
> Hi Masami,
>
> While testing some changes in -rt against kprobes, I hit a crash that
> exists in mainline. If we stick a probe in a location that reads
> preempt_count, we corrupt the kernel itself.
>
> Reason is that the kprobe single step handler disables preemption, sets
> up the single step, returns to the code to execute that single step,
> takes the trap, enables preemption, and continues.
>
> The issue, is because we disabled preemption in the trap, returned, then
> enabled it again in another trap, we just changed what the code sees
> that does that single step.
>
> If we add a kprobe on a inc_preempt_count() call:
>
> [ preempt_count = 0 ]
>
> ld preempt_count, %eax <<--- trap
>
> <trap>
> preempt_disable();
> [ preempt_count = 1]
> setup_singlestep();
> <trap return>
>
> [ preempt_count = 1 ]
>
> ld preempt_count, %eax
>
> [ %eax = 1 ]
>
> <trap>
> post_kprobe_handler()
> preempt_enable_no_resched();
> [ preempt_count = 0 ]
> <trap return>
>
> [ %eax = 1 ]
>
> add %eax,1
>
> [ %eax = 2 ]
>
> st %eax, preempt_count
>
> [ preempt_count = 2 ]
>
>
> We just caused preempt count to increment twice when it should have only
> incremented once, and this screws everything else up.

Ah! right!

> Do we really need to have preemption disabled throughout this? Is it
> because we don't want to migrate or call schedule? Not sure what the
> best way to fix this is. Perhaps we add a kprobe_preempt_disable() that
> is checked as well?

I think the best way to do that is just removing preemption disabling
code, because
- breakpoint exception itself disables interrupt (at least on x86)
- While single stepping, interrupts also be disabled.
(BTW, theoretically, boosted and optimized kprobes shouldn't have
this problem, because those doesn't execute single-stepping)

So, I think there is no reason of disabling preemption.

Thank you,

--
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@xxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tabi Timur-B04825: "Re: [PATCH 7/7] [v6] drivers/virt: introduce Freescale hypervisormanagement driver"
Previous message: Joe Perches: "[PATCH 1/2] netpoll: Remove unused EXPORT_SYMBOLs of netpoll_poll and netpoll_poll_dev"
In reply to: Masami Hiramatsu: "Re: [RFC][PATCH] kprobes: Add separate preempt_disabling for kprobes"
Next in thread: Steven Rostedt: "Re: [BUG] kprobes crashing because of preempt count"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]