Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752670AbdL0WrE (ORCPT ); Wed, 27 Dec 2017 17:47:04 -0500 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:39304 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751963AbdL0WrB (ORCPT ); Wed, 27 Dec 2017 17:47:01 -0500 Subject: Re: [RFC PATCH bpf-next v2 1/4] tracing/kprobe: bpf: Check error injectable event is on function entry To: Masami Hiramatsu , Alexei Starovoitov References: <151427438796.32561.4235654585430455286.stgit@devbox> <151427441954.32561.8731119329264462024.stgit@devbox> <20171227015730.jjggymg4uqllteuy@ast-mbp> <20171227145628.53f68f391b2108d6df118ca7@kernel.org> CC: Josef Bacik , , , , , , , , , , , Josef Bacik , Akinobu Mita From: Alexei Starovoitov Message-ID: Date: Wed, 27 Dec 2017 14:46:24 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20171227145628.53f68f391b2108d6df118ca7@kernel.org> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [2620:10d:c090:180::27b8] X-ClientProxiedBy: DM5PR21CA0019.namprd21.prod.outlook.com (2603:10b6:3:ac::29) To DM3PR15MB0970.namprd15.prod.outlook.com (2603:10b6:0:10::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8fc12815-4c3e-4340-2478-08d54d7bab29 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060);SRVR:DM3PR15MB0970; X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0970;3:WlwK8nBiYcvxd0Mp2jT1I8AKKiP0Y7d2BZWbgOlv+/uK3NiHBWTdaVoZT2zThhIbyG+yC10udc+kzet7HTQbwdD1b0CoUUy/7gSygmh9eCjwQsl3KhKb4c4puFdI6xn1TyQcHpehNVipnfL3Lpxh7xj2117PVbDszhwZ2iQyAPNtT3ctt8+urfWXp/uAfSZ8uxH3hYi9aq1Eo3rj4NKBtLODKgE/wPbh1YuujKNvEcPy1cvMe0tCL58yWqpzeSNG;25:afOzNDLl8+Iwh39sjMPvDl0a6vtM1uplOppWEhucUmuby/p4rzPf+bzStP0VXi9+/a9NZ5kF72pfZmmCZFNCEZW8fW6IZLcH9E2tB4PUUpFcd+9SYWO6dZh4JZIQhoFdir0Vwyy9quIBzBWCKGx280j2gggPfBAIczDjlp9PXV6GGBteppeYvdLfdSZOsWYPjOYJxfMgqwiDSzFIgt7FkphQWfGppm74aJmC1rX4nrBzJer5BeP0HpucosWSfE4zOVyshWq8VnLShaGSrfYxb9XJ8WKfH2OEhKHHGR2kDQr2SbLHODCo6/FhVr895rE4+Qb5id01wEgKkclP4FL2Tqaif6D2QUwS2BP1vNTvgqE=;31:28BzmbioMszbNf/zSPJQzyQVTi4aS6RB1yPmfSPttr1TNEz4b2EmlkLMZmlIswdSEbTmvLvteVPDFt6hjuHhDpCtP3yVWiGBUBcP6kr0mtO+yBW4UEW+7HzHM4GZiaGXNC6ogcdMiwIi0raLeF5qIo71z7irdJHjnnmewNRrKIEONHYZlBv2QP+9ZtezdOsEGH7UymS/WZLKiuj794NZCHldFTO+xwBDI24pn65zhkI= X-MS-TrafficTypeDiagnostic: DM3PR15MB0970: X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0970;20:PaPLiey5pChaJ2H6c15jZz3i2wD6FMrEVnKItToTrXnNy9EVNbLAz3T+3eqYptJZd90ElQa4jJWwo97GT/xb9al9/0HzkZhGsMc/G0azvkIxBIOwZXQgsVZy/nLWuAJCcTyrJ1XFLggYZTmlcRE5yICXPPVHnzzV0Ay4YmL3Np3OLVNqRA1bIN7zKyV4OtvOjBG2KtbelZCTJcx3Vbf89fZ5WA9UIBhRMjvYolU8vfquw49xKOcCP4X4WXyhKAWo1D20Yxxs8Gx4DgU0PxremPcdPTG5zmoGKGjOnHWXXPwYA6er7ClLTYCpH78EBnhuENgftjgksTyeTJSs/QMpzhtMr2DuvRBetrTYnLsOi5CdlSAPYkAoudcAgjnJ8KZDQhUC0r7Q3ohkHzaQCI0ni3Nv5Duhk9LQcbYedwK5CZ6SCkKgDfOSjFeuAKqqxknRgTWHGdZCCCMryADzAgHNUF+uW+/h7YI4RmglejLN7LEbQJvOpJ3VrUxhnwSGeeD2;4:3I6fFgRIfdDubT9VqDMkT/uy+z1n4R1u+/YtLyLki4mzlCmKEajnD6kb8orgIUusfHWK5yb/vS5/8Mg7cvz7v56JLkHTr4Rk7642lObK4lLJCXfIDQisuGZMX3rxK0usYWThG+OiQBU3ejTPPMjscD1eFvIEmdHrvkyjFHZOd2tVFXqChpM2WqoHjeswdO2q1h4N7QoCmLBryC0Djh+SecBK15VoljGdhlWDF0u82IPH8hZqjdRIYCT6BhXmpFSqzVLvVJFoyBWO6saSq/iIGA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231023)(11241501184)(944501075)(3002001)(10201501046)(6041268)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(6072148)(201708071742011);SRVR:DM3PR15MB0970;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:DM3PR15MB0970; X-Forefront-PRVS: 0534947130 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(366004)(396003)(376002)(346002)(39860400002)(39380400002)(24454002)(199004)(189003)(6486002)(67846002)(52116002)(50466002)(2906002)(52396003)(64126003)(105586002)(76176011)(106356001)(386003)(305945005)(7736002)(59450400001)(53546011)(83506002)(6116002)(6666003)(5660300001)(8676002)(65826007)(36756003)(4326008)(53936002)(1706002)(478600001)(93886005)(230700001)(68736007)(65806001)(81166006)(65956001)(8936002)(2950100002)(47776003)(97736004)(25786009)(81156014)(31686004)(7416002)(5890100001)(39060400002)(86362001)(110136005)(316002)(58126008)(229853002)(23746002)(31696002)(6246003)(54906003)(42262002)(217873001);DIR:OUT;SFP:1102;SCL:1;SRVR:DM3PR15MB0970;H:[IPv6:2620:10d:c081:1132::1039];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;DM3PR15MB0970;23:Diz//JOmFi44h/SzQc+RJ/K26gLVlHgr/c1nJ?= =?Windows-1252?Q?WlvKt2FOe/+oPY89IM+E958lHuy7HmQ3bIwkBgVd6+MmXjODF62k2OZ1?= =?Windows-1252?Q?e8Zog+o/2GF9gVkEe27Px0MbULBYqITqx0/ihTFCMSseW/OgzcWJw2Dt?= =?Windows-1252?Q?o6pZKDFwo+Z2CNKD9IDSXcJfld4nFE4aiuFeMfVHKONJYtrrDKsPR39h?= =?Windows-1252?Q?/P6tgVQhNb5wyu/gf/NoX7J1/Wo0RjvnFIUS2bc53L38A0YadDzf++75?= =?Windows-1252?Q?KVoLHvB340yKdXFWrcHPo2lxpkevgkPIRdsbWdT0O9dFSnoTfCTfVSBs?= =?Windows-1252?Q?OoQFNDxfzx5p1oetFImj9gxKs08Kn5h+AiymuwXpyM5rkAIQVkoW1oaX?= =?Windows-1252?Q?cheMZ2ML0g4C3URDjPMIQ+Dc+34BaI4sAEE7tER6RwgB/NZK4M4Zbpbq?= =?Windows-1252?Q?qEumz2fQjYjbe41+IN9KxHisR2cDGo9tMAVxsBjpmT/TiMZVDo0OO+Mi?= =?Windows-1252?Q?X5bzDBKDzUB1jVlpveKngBoZfeC9mExstVM3LP+HGxcXIBtooqFxHmJb?= =?Windows-1252?Q?i9UQEXNf4G1iX+cfpX8Aenw8WVZouQzyq9amr/ZuN2dx6wOAy5XpVsdo?= =?Windows-1252?Q?YzugJGH93nub5TrmfNW94f8ANw5RaA0loz8A/VleLGHnChek79CQ7G6W?= =?Windows-1252?Q?haWsEx6RheQIVrb102TisGSrjkiABI7iwrscaEpNpVhQ83CNUaBzNqjf?= =?Windows-1252?Q?98vLb87Llb6l6ybhXVC4jMJmP4qTgVHHMy+NDgge65sD9acWbKAmJOc2?= =?Windows-1252?Q?WtGFSfHbkua+vs7+C43Qd4xfnQNrtYONgWHEwDcsJh3UU3mH2UiQFQh6?= =?Windows-1252?Q?qjzOZEsbMYCN3PWjbPw/eSx/M1Zd75LMBsxgHj4dvV9Q2CfV4au/6sHe?= =?Windows-1252?Q?jdVnzjqQGigT6uWT+3yqWGhepKBFiHRYVUnewnTr4kG7eQpH8tBkKHuB?= =?Windows-1252?Q?OFgvjmTbTXlkrZvoWIg9QrDksL0yi5zceZ0XB3GhDZFIwNqH5RKYgZmy?= =?Windows-1252?Q?Qx5Fhcu9ieuija57lo1hl2XwNinIesqnpoDaDmAZNv6S5L3/0kH7ljaQ?= =?Windows-1252?Q?hpGPIaJVG6x8JFG/Fs99M6dS+dWrdUPvlkxsp+5noHJpAZ8zJMrv/cI5?= =?Windows-1252?Q?ArvE6cGkWtZUUsde8incP+gmzDHUZXuCAEdvjL5zF0fzpCwG1GNS/m1k?= =?Windows-1252?Q?Eq966NIChzAe2bBVW9X1mjwtl0JAafwVqQh93nCpF5FAewK06hPii0ga?= =?Windows-1252?Q?0AEgDOGNkxRk0hvwB56T+oy8iIoxNP4HfkUdwdA/SOZZcS7vZ08xnzh1?= =?Windows-1252?Q?+Vr5MHCOfxYgzxqYea3ThkRd/NYGW0orFT7NNUxSlwHyzxQ2S3aOXbC5?= =?Windows-1252?Q?alS6ilePRDDLL2lg88lLrCnZyMw5UoNT1jFEbrQEZ2M/PVUp8qebtwY1?= =?Windows-1252?Q?1RF0+NTQHORCSuRnrMWqZQw/7u5I+15c7Y6t+tX+ewamlG3RbjJGbwte?= =?Windows-1252?Q?k1ndsKXRuNZ9cc=3D?= X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0970;6:ZsLlxN1UXa1bhx9Fnkk90qPEghNzR6bTCUSvSGgkOkqG2yRzKHDQfS5YpZNLAopLWNjY8tefP8mqLiom8q/PFokHcxROEpa5RGJic7RiECyQ0oc3s+OJWu2RRZGUyWzDcwd/5/tPxShDv1DyCi7C9yeP4zLvjo4N/SB74hMaA8mryNRm+qGCA/KiomWsDDqxDTBSXNEXrykYsIVB6bCsckgx9/83yvtdPt49cGxWyJhjwhHN1SMSBfBk1GEiP7pUS/uhfc89xnmiaGCiRiWsVkb3X80vXgiWu/GDue4TStAszgCKC/40ukPGmFu7CLZjBL5xwwWs4C50KutzBNxqIY7PercyRwoUn2+/GhxFBOg=;5:7g2T2Gey+Ay58l4hywVd+fgawQ6/pE/dW+mubAW7LVn7H9UY5+tyhGFnj2fK5EtS5jqD01pzosAP63fq7IrMI7W+JRBFP01bUC+JmrnsUNvGpejsJDdfyYBT1s+VrDbdEqefYI8SImweAj1bG7+JCIWSab7VJDQsEvOxZlD0RAQ=;24:Kc89UStnR+O0cFFFRjrYjtFts8V3RbLqb0zDwZzJpb+/nrgjd/UAZSqs6S/T8i2Ee8GcZUpTj3nd2lrf3shj+iowQye59VUq7wI5fBle/Po=;7:IoXjJmtZALWxMWzCsVYL5eBvs5L66EJE1MfeE+RLC5KpWFUKZ1Y0N5lQiBBm2FgbpmGoj6O9io9iCI7q6CC4emsSBtDgu4nme1/RRl14R6/swtWxqLSmkj7r16x0u0as6GmrG+t15zW6VEl47yuNYCYHWKwqqPcoZ1LnRaTQw/PBvAZzO7ZqGTuuRI16koCBYM9qS45Q8qYTo123S2wLgRk0btpdIG0vZ3+bf3zLXL8sEw/aqYmiImTSopTw5Tzb SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0970;20:RKT1o1rd0QJ7+PpjXA7QvUJ5XdLCUGoJHb3ykUZhjw10PYBfhg6oUNIVC3e9/dRHkAd1RQinQc+vr7dXmBUgdk4Zq5oLH41nBulLFcOzp0LcNoiACe4bVNYNGv6zyPE2G9lGwLcC6AxKLAN5RWcNnNC6fDy5VaElqlTlynOm2Tg= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Dec 2017 22:46:27.5084 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8fc12815-4c3e-4340-2478-08d54d7bab29 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR15MB0970 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-12-27_16:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4019 Lines: 97 On 12/26/17 9:56 PM, Masami Hiramatsu wrote: > On Tue, 26 Dec 2017 17:57:32 -0800 > Alexei Starovoitov wrote: > >> On Tue, Dec 26, 2017 at 04:46:59PM +0900, Masami Hiramatsu wrote: >>> Check whether error injectable event is on function entry or not. >>> Currently it checks the event is ftrace-based kprobes or not, >>> but that is wrong. It should check if the event is on the entry >>> of target function. Since error injection will override a function >>> to just return with modified return value, that operation must >>> be done before the target function starts making stackframe. >>> >>> As a side effect, bpf error injection is no need to depend on >>> function-tracer. It can work with sw-breakpoint based kprobe >>> events too. >>> >>> Signed-off-by: Masami Hiramatsu >>> --- >>> kernel/trace/Kconfig | 2 -- >>> kernel/trace/bpf_trace.c | 6 +++--- >>> kernel/trace/trace_kprobe.c | 8 +++++--- >>> kernel/trace/trace_probe.h | 12 ++++++------ >>> 4 files changed, 14 insertions(+), 14 deletions(-) >>> >>> diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig >>> index ae3a2d519e50..6400e1bf97c5 100644 >>> --- a/kernel/trace/Kconfig >>> +++ b/kernel/trace/Kconfig >>> @@ -533,9 +533,7 @@ config FUNCTION_PROFILER >>> config BPF_KPROBE_OVERRIDE >>> bool "Enable BPF programs to override a kprobed function" >>> depends on BPF_EVENTS >>> - depends on KPROBES_ON_FTRACE >>> depends on HAVE_KPROBE_OVERRIDE >>> - depends on DYNAMIC_FTRACE_WITH_REGS >>> default n >>> help >>> Allows BPF to override the execution of a probed function and >>> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c >>> index f6d2327ecb59..d663660f8392 100644 >>> --- a/kernel/trace/bpf_trace.c >>> +++ b/kernel/trace/bpf_trace.c >>> @@ -800,11 +800,11 @@ int perf_event_attach_bpf_prog(struct perf_event *event, >>> int ret = -EEXIST; >>> >>> /* >>> - * Kprobe override only works for ftrace based kprobes, and only if they >>> - * are on the opt-in list. >>> + * Kprobe override only works if they are on the function entry, >>> + * and only if they are on the opt-in list. >>> */ >>> if (prog->kprobe_override && >>> - (!trace_kprobe_ftrace(event->tp_event) || >>> + (!trace_kprobe_on_func_entry(event->tp_event) || >>> !trace_kprobe_error_injectable(event->tp_event))) >>> return -EINVAL; >>> >>> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c >>> index 91f4b57dab82..265e3e27e8dc 100644 >>> --- a/kernel/trace/trace_kprobe.c >>> +++ b/kernel/trace/trace_kprobe.c >>> @@ -88,13 +88,15 @@ static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk) >>> return nhit; >>> } >>> >>> -int trace_kprobe_ftrace(struct trace_event_call *call) >>> +bool trace_kprobe_on_func_entry(struct trace_event_call *call) >>> { >>> struct trace_kprobe *tk = (struct trace_kprobe *)call->data; >>> - return kprobe_ftrace(&tk->rp.kp); >>> + >>> + return kprobe_on_func_entry(tk->rp.kp.addr, tk->rp.kp.symbol_name, >>> + tk->rp.kp.offset); >> >> That would be nice, but did you test this? > > Yes, because the jprobe, which was only official user of modifying execution > path using kprobe, did same way to check. (and kretprobe also does it) > >> My understanding that kprobe will restore all regs and >> here we need to override return ip _and_ value. > > yes, no problem. kprobe restore all regs from pt_regs, including regs->ip. > >> Could you add a patch with the test the way Josef did >> or describe the steps to test this new mode? > > Would you mean below patch? If so, it should work without any change. > > [PATCH v10 4/5] samples/bpf: add a test for bpf_override_return yeah. I expect bpf_override_return test to work as-is. I'm asking for the test for new functionality added by this patch. In particular kprobe on func entry without ftrace. How did you test it? and how I can repeat the test? I'm still not sure that it works correctly.