[Sorry if you get that mail twice. Made a silly email typo in the
first version.]
Hi,
ARM kprobes are using an illegal instruction to trigger the kprobe
code. the trap handler looks like that:
asmlinkage void __exception do_undefinstr(struct pt_regs *regs)
{
unsigned int instr;
pc = (void __user *)instruction_pointer(regs);
instr = *(u32 *) pc;
/*
* It is possible to have recursive kprobes, so we can't call
* the kprobe trap handler with the undef_lock held.
*/
if (instr == KPROBE_BREAKPOINT_INSTRUCTION && !user_mode(regs)) {
kprobe_trap_handler(regs, instr);
return;
}
[...]
}
And in arch/arm/kernel/kprobes.c we have:
void __kprobes arch_disarm_kprobe(struct kprobe *p)
{
*p->addr = p->opcode;
flush_insns(p->addr, 1);
}
In an SMP system, I don't see what prevents a core to take the
undefined instruction exception while the other core is unregistering the
corresponding kprobe. With the right timing, at the time the exception
handler reads the patched instruction, it can have been 'unpatched' by
arch_disarm_kprobe, and thus fail the KPROBE_BREAKPOINT_INSTRUCTION
test. Shouldn't arch_disarm_kprobe use stop_machine or something like
that?
Fred.