Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753270AbdL1Dq2 (ORCPT ); Wed, 27 Dec 2017 22:46:28 -0500 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:45404 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752983AbdL1DqY (ORCPT ); Wed, 27 Dec 2017 22:46:24 -0500 Subject: Re: [RFC PATCH bpf-next v2 1/4] tracing/kprobe: bpf: Check error injectable event is on function entry To: Masami Hiramatsu References: <151427438796.32561.4235654585430455286.stgit@devbox> <151427441954.32561.8731119329264462024.stgit@devbox> <20171227015730.jjggymg4uqllteuy@ast-mbp> <20171227145628.53f68f391b2108d6df118ca7@kernel.org> <20171228113434.eb182c348fc69853fec934ee@kernel.org> CC: Alexei Starovoitov , Josef Bacik , , , , , , , , , , , Josef Bacik , Akinobu Mita From: Alexei Starovoitov Message-ID: <03e0ebb7-0b2a-4235-3408-c0d59a1ba4c2@fb.com> Date: Wed, 27 Dec 2017 19:45:42 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20171228113434.eb182c348fc69853fec934ee@kernel.org> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [2620:10d:c090:180::a7a] X-ClientProxiedBy: MWHPR14CA0030.namprd14.prod.outlook.com (2603:10b6:300:12b::16) To BL2PR15MB0961.namprd15.prod.outlook.com (2603:10b6:201:15::23) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2646fd66-3e53-4a28-f335-08d54da57be1 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060);SRVR:BL2PR15MB0961; X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0961;3:TdL7cAwSk86cu6YJdjuOOyCcmoEOC0ZJai6H7earscOpsLLjRIqwoD3Za0QNRMF5mgFMXCDLlZBEo6Debt7XJ0cRFm/Se/B/sIh1H+6tpnzu0EFcPuH6CPbaGRjIvMhrnQvoTTW486l/PCHFeeNrX3Z/533TEtCOYSCIrECm119y9cgL0oHKOjDJG2fQ07uGW8+VZP4ITQffJ+Gc+TavoN99kDW9zytpAfITGAS67lZF37EzP3ULKnj8i/k+6TxL;25:ty4VAMKm3/kynvMBiK42mYviUYvCr3c8BkiaihbT98k+PPQoi4nlk05Gy2HHhzxoY3uSZB4YzLLkviaZsSHSzST6zJ4JkMTu2/my4voWPwhwiquNU4SAYKN11aWorwOVF0i7fQHNR2EQYC/3UipJemWErnm/TT8m4KBxVIgJWJUDeey82X6EJft+pZOgEXQo9X8E16fafQVhK0WhHKVnLcVv46tBfVBjqdqCU0624UcWaFEa4bOue2oylqk7ufa66RvZ0ZcqizNP1nK33Q2QT3k4HOe4oP3hB8tFZaLkEGeE0h7fq0HyOuNNOMakR085Vwf9IGML4FFiMiHObiAEJg==;31:mwtVQOQOlFRhq2xJ+sHpIHJYEjVifKe0zyoE61SSGLdHNRvL1qWbYzFQ7K4qYexK4EBG3CE7H1RYPaEdMp5vogSWQg7TCszXAvVpJInPvWhit7Lxe406HVqpHMPwIheQKKvqYlCk8GA+4fu4EMJvTR8OC9FpzibUpIoLg4F2CDQrO/vpDiZnL4i03DPbbw22l/IEVW5Aig3i5WOlUfY1L47E35m6LlZ+XRb48vhwB8Q= X-MS-TrafficTypeDiagnostic: BL2PR15MB0961: X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0961;20:FSp3lzmOnNKmNajQZ6s0U6iFO+NP4xDW6MS54epbAnngsMvlB13Nuve407wwmnbXjzMXpIYjmyinlvghLQG+ajyQ/NAP6VKITzTUffYUl2hkoODzi9Y9TnQrUj3OP7pFmR0IJj/7N4rMgbeZyIkVp5Pg3No5zZg+XTRZj3R12UvLjbUaN/OGVFcrgNY5pimGHTLNiBMFU5ykFNGDUWLgyFCzUOd/0ay8IRgrK61YAJ+1AhpJ6xrN07RupLLnK87slOTDeBfjzWdVGN2Wk8HqbfhQzkNfYL1lQCgjNxo0x5OvaBhDbAsoyX5r1b40iC4qkmI9Q7YxoV0Y7S0T292rQmYAjWfneJKu8GToBa6tN/zbVQ/2S4AQfZUbQulOU/fiwGGtg8hFuwtual7yWDyQbQI1Nwx1hnyIv4wzBTJBDh3Wk4mbAj5wU60ocKZkdQaVg2uaIyoVwXu46H57Ri2BVb5xWK5O7f8VOMyebL+a9D3LtF1ppdZRPnlS4cZy8gNN;4:D6QxFTwA3/f833gR8ULWvT56iGO0dcDbi4h1MMH88AnqOLlfd3BdkhAzcYPHIFjrC4ng9wO+qknKESb/IZbzmIHIIlluqqYHI2dxfVx9MqgKMRu9ExHNQ6BkB54taQRKgOw5VKiMLM5pTXTa+0h5b5aULgwk7RTy+6PHSIAzUtG4ds2ZgZ2+OiGB3heii40yclh4mDAs7ufD/IdZC86W0EWw7BmZdcS9VH5o/AEeyTLm+Yy0M172pc/BdkvY+7C9tUr8ZhqN1PVuYZ/ueNONojgAf41T8TwmVRutex4MyyD1TrTUKoz8tT88kKx0eExM X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(67672495146484); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(8121501046)(5005006)(3231023)(11241501184)(944501075)(93006095)(93001095)(10201501046)(3002001)(6041268)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(6072148)(201708071742011);SRVR:BL2PR15MB0961;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:BL2PR15MB0961; X-Forefront-PRVS: 05352A48BE X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(366004)(396003)(39860400002)(376002)(39380400002)(346002)(24454002)(52314003)(189003)(199004)(2906002)(6666003)(36756003)(58126008)(54906003)(93886005)(25786009)(31696002)(59450400001)(386003)(86362001)(106356001)(53546011)(6916009)(2950100002)(83506002)(6246003)(39060400002)(8936002)(230700001)(50466002)(97736004)(4326008)(65806001)(5660300001)(65956001)(47776003)(68736007)(8676002)(81156014)(81166006)(64126003)(5890100001)(7416002)(478600001)(6486002)(105586002)(6116002)(316002)(65826007)(31686004)(67846002)(53936002)(305945005)(7736002)(23746002)(52396003)(1706002)(229853002)(52116002)(76176011)(217873001)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:BL2PR15MB0961;H:[IPv6:2620:10d:c081:1132::1039];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;BL2PR15MB0961;23:BqC6Co+DY1DJoWJtmFznsHCublbVAm7uVCLFG?= =?Windows-1252?Q?BKFGiVXsSEGOEyG1RNTJr74YL6nUQ3a3Q6tnIs8nAHnCs61ftmdA/s0P?= =?Windows-1252?Q?sO+AWj1ZcIIz1QFDP/eZ2WgJqIxFsImyJgUk2JglWT//l9jvJWcZ3KpE?= =?Windows-1252?Q?F0nZujhZaAcrdin3UL2W04bjT4OrEGKlPS6BlkhOJS6104ZI3Uklof5W?= =?Windows-1252?Q?IKsMEeTjB6McmmXsCawQdIsO791KjCl+9ttrPTduqyw7fbDL6lEFhNd3?= =?Windows-1252?Q?FafWzIZYGAYBSPNldhrawgzhG0awS5m+gUwQLe00ZWfoIw3GTp06itRE?= =?Windows-1252?Q?JNAEvGYXz5B9owlTUdpBYDgSY3NROCeq9a9ahXsFk/xFdPE9qteWgBeB?= =?Windows-1252?Q?3lmvc+McYGGIclZffdT4EaJf7StOaZRGBLDWL39PLUxU6RlM4ZotfqmY?= =?Windows-1252?Q?Eo32/44hPyVopGCepjwa7JR/937xeFdFrrQ1+ksEzuredEMu5QMqA12o?= =?Windows-1252?Q?UTVIzUkSz1cQ+ZBsvP16OpS/JXj/mNEMfyHNXuV4xjYWanc+fqIU82qh?= =?Windows-1252?Q?43Et4enVqwRLsU4vbXWn4RkTvlO187Z711j+TfKo6iT/pOwZ5Qpx8xsK?= =?Windows-1252?Q?/feRCAOkn6SZuntzIBpfdBbp0vOjsDRV+NXff8H7mCt6N1VmjOSJPRJd?= =?Windows-1252?Q?+/SMA+6ddtK8+AQesHqjuVSYLanfhHx925i7HPTxlFskw3tLUgpWM+g3?= =?Windows-1252?Q?1za0xEwg4jt5QUPrsaJNlMZ4G/6OxrZYXZLZth7MFBIrYlFOK0cAOcmP?= =?Windows-1252?Q?ZLrcxsINt67aRHgAPjXAT8zmGp05Bu9VIMVDpNJHmwsflmhkhDfVdJpO?= =?Windows-1252?Q?Z1MJmuR+SFBrr+GWi1y/arYIH1QG6C+jda2hHYtmt1hEi0/kVMSjuwYw?= =?Windows-1252?Q?wV1L4n4yHJ5haA8SSa07q8+CtufoEupxG0MUDFRV+3O4bgXo47C+mR8H?= =?Windows-1252?Q?roWrwIE9Nwd7ynHYey+NWK6oxSsm2HGRQbFOqdAeHgw7R7ZlCtECTWQC?= =?Windows-1252?Q?/P4hRccYCr5jlwNbeOnwXtPFGgk04Qwv7qdhIf0AYQswDJ5IoHyTMJw0?= =?Windows-1252?Q?umhbyr/tj5FfYDbzUzuFyGmKfnm+VPhD/2c8fZ/teq3fBZuMyXdoXflh?= =?Windows-1252?Q?E+icB+9CHHsCL+KrMkE4+2XKfp7DcuOjGHsebJ2zQn9lk5R1dv+g1cCU?= =?Windows-1252?Q?2x0mnycNnRVziaWE+tcxnvKqVDF6NX/HvUDfIKTHJpIiJemXZkOezJkD?= =?Windows-1252?Q?BcTDWbjgG4B4e+nmrV/UGqqZOV2k0y3G6FeN16CBiQOobhREI0QXSASa?= =?Windows-1252?Q?PLiwRs3xIVAbLvjKJrrAioiQueXfnuIivIPWR0QI/dazJrPCWBQtbdHE?= =?Windows-1252?Q?InCfhPPNP93O6WegRoBORm2S6nSiXDL5q5ylBhL44xY9kU4UCqHEi+4T?= =?Windows-1252?Q?Y/cmQA7v20x1eY/aazTLzSA0WlzzhBOFThljxgY3SLnnJ1RlX+HV76aU?= =?Windows-1252?Q?b9HIrZ2hivdfa6EMUpclEYCAnZXOwxpTyoq?= X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0961;6:TZNu5Ft+ohrAAT4T48EUI5kGlBH7B3fc8ldHzhbiDJJUwCfUhBky9MHlw1PjVnvXGLwrZy4nebTCDpAFcatyJtqHfxnQXP45KFJ05A8PsZGFGdG7c7gZ8KbWCLU0urrj/gvrDhl9OGz2gsFk572t+Ml+EGX4V7julMzoqYJ2Msh9iMShL+tr3xMzmJPj3NysFgFyrhUAom4KF3WnBM6GyeIsoZbfArCQRqJpz3k5NMLjmEPkvz2dGAqtwrOybvgqK9/QUHzHCmPqEsCy5b+RojLq6/xfVd3dXAZ5EvN3fVupDvROALsreD9zcGB/W1b3HLLS3EzuyEYCIfjKgOEpdq21Ky+82pPHJ3HWuBopS0A=;5:u2y9ykVxhfsdHRg3LMumfnt2yRKzQaH9fVdj1H9PYyXIfi9VdctwxCx6jHP3sRzsM1Iofck/GW1Axr264zxz1vOFYxIkI1TBmDPGtbsXlhpISHAVuisWP9wKBQl4xdCoW1j4pwiydOcgnKpD1k/I3iXZdGZJtZ2WhHbeXaEPAxs=;24:GJoMUcrRmAcysIvJgsbrRtK1X2wFw55nKueFtwChobAiifS1TJI4htr3ePzRjo0tQGPlLOwLP3jC6nlj1uR71KUODflNj17iojfc7st5w5A=;7:YdY5P9nK+awEbsZ+heSbJt4ahTI26LTkaOmYiNcdB2T7q3TFfpcEPPrW6EkS7dmEhBHBnfoEqu08Fv7AdKtVsOe9i8I2FnJyDLrxkoombDFnhhOXNCCbts/6NMFl+e/SgeFDqbx/INtdFOWH26FYIr5z65AMEmS0gstR3ncNvyrANk5F2vuKfxyq4TF12j3aNUqhrtWRaWeG8Uc7isLnImdfDNkRv9Fg7VbxNxS2/pK0LPm2hwVGf7JtW/0sCrP8 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0961;20:NLz1iAflL7U92lB05l/Xo/pBQugcIKRjQ20LqcHG/vuqVt2840j/MAHzhUwExV+2eHO+xVy/epZceGsqePlGqE0XHpjDPXJHYYSYvYqSK1L1sIfHci4BJHPReFVktiBHxzerwuYD+JNMo0JOIHBuPO74/l4HHHZC4E/YKikgI34= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Dec 2017 03:45:46.5046 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2646fd66-3e53-4a28-f335-08d54da57be1 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR15MB0961 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-12-28_02:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5767 Lines: 131 On 12/27/17 6:34 PM, Masami Hiramatsu wrote: > On Wed, 27 Dec 2017 14:46:24 -0800 > Alexei Starovoitov wrote: > >> On 12/26/17 9:56 PM, Masami Hiramatsu wrote: >>> On Tue, 26 Dec 2017 17:57:32 -0800 >>> Alexei Starovoitov wrote: >>> >>>> On Tue, Dec 26, 2017 at 04:46:59PM +0900, Masami Hiramatsu wrote: >>>>> Check whether error injectable event is on function entry or not. >>>>> Currently it checks the event is ftrace-based kprobes or not, >>>>> but that is wrong. It should check if the event is on the entry >>>>> of target function. Since error injection will override a function >>>>> to just return with modified return value, that operation must >>>>> be done before the target function starts making stackframe. >>>>> >>>>> As a side effect, bpf error injection is no need to depend on >>>>> function-tracer. It can work with sw-breakpoint based kprobe >>>>> events too. >>>>> >>>>> Signed-off-by: Masami Hiramatsu >>>>> --- >>>>> kernel/trace/Kconfig | 2 -- >>>>> kernel/trace/bpf_trace.c | 6 +++--- >>>>> kernel/trace/trace_kprobe.c | 8 +++++--- >>>>> kernel/trace/trace_probe.h | 12 ++++++------ >>>>> 4 files changed, 14 insertions(+), 14 deletions(-) >>>>> >>>>> diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig >>>>> index ae3a2d519e50..6400e1bf97c5 100644 >>>>> --- a/kernel/trace/Kconfig >>>>> +++ b/kernel/trace/Kconfig >>>>> @@ -533,9 +533,7 @@ config FUNCTION_PROFILER >>>>> config BPF_KPROBE_OVERRIDE >>>>> bool "Enable BPF programs to override a kprobed function" >>>>> depends on BPF_EVENTS >>>>> - depends on KPROBES_ON_FTRACE >>>>> depends on HAVE_KPROBE_OVERRIDE >>>>> - depends on DYNAMIC_FTRACE_WITH_REGS >>>>> default n >>>>> help >>>>> Allows BPF to override the execution of a probed function and >>>>> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c >>>>> index f6d2327ecb59..d663660f8392 100644 >>>>> --- a/kernel/trace/bpf_trace.c >>>>> +++ b/kernel/trace/bpf_trace.c >>>>> @@ -800,11 +800,11 @@ int perf_event_attach_bpf_prog(struct perf_event *event, >>>>> int ret = -EEXIST; >>>>> >>>>> /* >>>>> - * Kprobe override only works for ftrace based kprobes, and only if they >>>>> - * are on the opt-in list. >>>>> + * Kprobe override only works if they are on the function entry, >>>>> + * and only if they are on the opt-in list. >>>>> */ >>>>> if (prog->kprobe_override && >>>>> - (!trace_kprobe_ftrace(event->tp_event) || >>>>> + (!trace_kprobe_on_func_entry(event->tp_event) || >>>>> !trace_kprobe_error_injectable(event->tp_event))) >>>>> return -EINVAL; >>>>> >>>>> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c >>>>> index 91f4b57dab82..265e3e27e8dc 100644 >>>>> --- a/kernel/trace/trace_kprobe.c >>>>> +++ b/kernel/trace/trace_kprobe.c >>>>> @@ -88,13 +88,15 @@ static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk) >>>>> return nhit; >>>>> } >>>>> >>>>> -int trace_kprobe_ftrace(struct trace_event_call *call) >>>>> +bool trace_kprobe_on_func_entry(struct trace_event_call *call) >>>>> { >>>>> struct trace_kprobe *tk = (struct trace_kprobe *)call->data; >>>>> - return kprobe_ftrace(&tk->rp.kp); >>>>> + >>>>> + return kprobe_on_func_entry(tk->rp.kp.addr, tk->rp.kp.symbol_name, >>>>> + tk->rp.kp.offset); >>>> >>>> That would be nice, but did you test this? >>> >>> Yes, because the jprobe, which was only official user of modifying execution >>> path using kprobe, did same way to check. (and kretprobe also does it) >>> >>>> My understanding that kprobe will restore all regs and >>>> here we need to override return ip _and_ value. >>> >>> yes, no problem. kprobe restore all regs from pt_regs, including regs->ip. >>> >>>> Could you add a patch with the test the way Josef did >>>> or describe the steps to test this new mode? >>> >>> Would you mean below patch? If so, it should work without any change. >>> >>> [PATCH v10 4/5] samples/bpf: add a test for bpf_override_return >> >> yeah. I expect bpf_override_return test to work as-is. >> I'm asking for the test for new functionality added by this patch. >> In particular kprobe on func entry without ftrace. >> How did you test it? > > This function is used in kretprobe and jprobe. Jprobe was the user of > "modifying instruction pointer to another function" in kprobes. > If it doesn't work, jprobe also doesn't work, this means you can not > modify IP by kprobes anymore. > Anyway, until linux-4.13, that was well tested by kprobe smoke test. > >> and how I can repeat the test? >> I'm still not sure that it works correctly. > > That works correctly because it checks given address is on the entry > point (the 1st instruction) of a function, using kallsyms. > > The reason why I made another flag for ftrace was, there are 2 modes > for ftrace dynamic instrumentation, fentry and mcount. > With new fentry mode, ftrace will be put on the first instruction > of the function, so it will work as you expected. > With traditional gcc mcount, ftrace will be called after making call > frame for _mcount(). This means if you modify ip, it will not work > or cause a trouble because _mcount call frame is still on the stack. > > So, current ftrace-based checker doesn't work, it depends on the case. > Of course, in most case, kernel will be build in new gcc which > supports fentry, but there is no guarantee. I don't think that's the case. My reading of current trace_kprobe_ftrace() -> arch_check_ftrace_location() is that it will not be true for old mcount case. As far as the rest of your arguments it very much puzzles me that you claim that this patch suppose to work based on historical reasoning whereas you did NOT test it.