Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754755AbdL2BEJ (ORCPT ); Thu, 28 Dec 2017 20:04:09 -0500 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:43912 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753427AbdL2BEF (ORCPT ); Thu, 28 Dec 2017 20:04:05 -0500 Subject: Re: [RFC PATCH bpf-next v2 1/4] tracing/kprobe: bpf: Check error injectable event is on function entry To: Masami Hiramatsu References: <151427438796.32561.4235654585430455286.stgit@devbox> <151427441954.32561.8731119329264462024.stgit@devbox> <20171227015730.jjggymg4uqllteuy@ast-mbp> <20171227145628.53f68f391b2108d6df118ca7@kernel.org> <20171228113434.eb182c348fc69853fec934ee@kernel.org> <03e0ebb7-0b2a-4235-3408-c0d59a1ba4c2@fb.com> <20171227231644.168abc0f@vmware.local.home> <20171228172027.4a8f2f0cf0506499acd26738@kernel.org> CC: Steven Rostedt , Alexei Starovoitov , Josef Bacik , , , , , , , , , , Josef Bacik , Akinobu Mita From: Alexei Starovoitov Message-ID: Date: Thu, 28 Dec 2017 17:03:24 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20171228172027.4a8f2f0cf0506499acd26738@kernel.org> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [2620:10d:c090:180::7177] X-ClientProxiedBy: DM5PR20CA0022.namprd20.prod.outlook.com (2603:10b6:3:93::32) To DM3PR15MB0971.namprd15.prod.outlook.com (2603:10b6:0:10::25) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 88b79a0b-f0b6-4737-eae9-08d54e57f9c7 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060);SRVR:DM3PR15MB0971; X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0971;3:97C7rWz2deOnQoYMB9jULo4xh4wsXC9l3J7GPw/8ytDYGL1a5hp3npk2sk6X2nydIIOYGi7TZVYrwc1TW1q+wtjVXrrPf9zMpopU5TzzNVIJK/wujspK/5b0udX3Yx4rBBIjqKpejNsu5KcvKQ1QyhDdZQxvBSyvQqbzu5aEK1HdL5dHVwYXjoXv7QYJIVTiWpdBmQ18HdxOG4OrzqQ1pJPp+yZ6ZVo9POTBfgrnv4sG9u4g5HaCH5yYeaPaKA/Y;25:KC9A3+/l+GjhSkDUIDnDDw4HHO8AlZ84EN/JfvQ7cq8/938Vzu5nNR7jnrVJcWOVOk9AEE4Nthh3z8qG7qdyVT59c8ijdx04Tbs+WoBYEaGsaWgm68p4mE1ivHlYHyqaPX6oCWWGGax8DyURaZN82DViLqbKUsClswq3FW9Ru6+Yunf4LK8+J92IXIFSHvbpWGUfMDDREZgyG5dG8uGMl2KZX3lsfU7gFMciDDs6LLkLG9hCmrQ4lkhLmZHXziS0K31+VpOTYL5PbM/semhTUZmxbAVujiRBwHwwPobbTkxtbO4QzandEfh1YpdKAc4jXgLLSWNDOwT9s2WD7Mywqw==;31:KIHQZH9qOCiDgy+q03qqLkg0XclQwE+yr4RlXm1P/OTS2XgdPajIQb6AZDGUGgjtGfLAnChCQ+H0rUwrlIuMom63AgOp/YV2i69+DEAxy+bcu6ptbsOJZLiamAVJuTE8rjN9c7CdqoJLfuB85mwurobaY+hhUknPWUdnsXuiIjrC6/xHQZKTD9i9i+/ROpgKDZfu43/lB7jM15Bwk4OTrqtXnKBTqlF+WJ8ZzcsfdcQ= X-MS-TrafficTypeDiagnostic: DM3PR15MB0971: X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0971;20:hPguZQFKI0OD+lgIpQZZSD62AcbMudZQq0uMHe2ZJUxLJOSbdujvzx4RZdyonSUeQuBxdh846cgAMgE4fzeZflmOSey/kNdSOVq2RbC2FmNZYeQ3/jZEG6oQUFJQ0l71KrQiU8IN/Sn4cRyzZvMFcHCjkKw4jvEWwa7VUc89H/T/BmSRfU/o35zEpQ9HFlVXhWvvShm/PAXUVITwJnFZkgcsmy1Wb7/J51urrNXUtnWjQ6SS8dafatI8GONR27A7yDpsV+wtLyhs3VbUF1hDWgu8jrDprg1xMt9zfdxnkmS9Fyr6YcgAHZHUDbvH7HLmb/JM9V3KYiLE1nvRiZ8AaZrpsLuTJA2lygHYc63Hwb9FM6CpN9f4SZawphRgqqzfwL3oSWD/azDXeoXsELZ0lzyi0KDgfS08OZLVFfYojtEXh+1+ZSINRNyGJr3+i/iH+OTsfOJiwt96XOb9J/YTwArcRySBT6Q4xAOGWCYifS9OMkSVEBGvxr3xSUUuZfKn;4:fGHeosYC3S384Lg9BSw/4jHPfASPJ+T877sDWIhcUO1gfon7+Bw0DpDz48+qh78nhHtgG9mSrJ88MXTIRU+GtnNyFZsciF7zBiMsSMUyG2NDiSDD64QOJx3ayHP2AtTAz6d+gVXlKgekr8EuijSU1YIn+zkziE4n73Vp4CqscH/ofaHEcJ9j/5hNCKrpQeunMoejgtLzP6ZiZsmnd+tmD95wlFXiLyzh5DDebMCnWdRaHMJ3jLRooKIOunFiGdbaH/Id3tCcvmrZirOYY2jAATdUUBPPRUUgMLmTIbPn+CwrwSFKfc/4t/jlU3nEzO2N X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(67672495146484); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231023)(11241501184)(944501075)(93006095)(93001095)(6041268)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011);SRVR:DM3PR15MB0971;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:DM3PR15MB0971; X-Forefront-PRVS: 0536638EAC X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(39380400002)(366004)(396003)(39860400002)(376002)(346002)(24454002)(199004)(69234005)(189003)(64126003)(6116002)(65956001)(6486002)(1706002)(68736007)(8936002)(316002)(76176011)(65806001)(65826007)(52396003)(93886005)(5660300001)(97736004)(6916009)(2950100002)(50466002)(230700001)(52116002)(478600001)(39060400002)(25786009)(83506002)(47776003)(386003)(106356001)(23746002)(81166006)(6246003)(31696002)(4326008)(86362001)(6666003)(36756003)(105586002)(81156014)(305945005)(53546011)(58126008)(67846002)(7416002)(229853002)(8676002)(2906002)(54906003)(53936002)(31686004)(7736002)(217873001)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:DM3PR15MB0971;H:[IPv6:2620:10d:c081:1132::1039];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;DM3PR15MB0971;23:FWtkGYm7ZhiT3dL7UkqI7BMG9CKx38wJDrWOw?= =?Windows-1252?Q?z5JhYB4SUV8SyBCu9AbR/Rz0R2PhyCl8/K63D4BPEgjUib9tYcOnxTQ0?= =?Windows-1252?Q?ZgCsV+HICKYOxctaSvnX6FEhoD8hcTSIeTkxBMhh8oqtQlOpu+7ompJ7?= =?Windows-1252?Q?51ENqqgxS1FauqE5ymF1NfbyqgvNPn9sUdq6NgjG0Z7TVfaIb4PwEsSt?= =?Windows-1252?Q?ahOmj2+LXqebt1cFNXa3ktwleJsSRw9IFNcnSX9wR2xL5HqnxWcGvUeY?= =?Windows-1252?Q?6jght9c7nnp46qUrQZhl4sCi/3xXFqVEAypm/RD/wdvvhTd7i2pWC5X7?= =?Windows-1252?Q?g7FM63kuaRjWa5iHnPiHbRgAgWel1dIeNTj7bGkUTGHtvdQWAp6d8W7q?= =?Windows-1252?Q?vS4ibYoOiCIVPcxOCEvQH/0zIYjohpPgXP+Oramzh/UIjQyErRMEBYk+?= =?Windows-1252?Q?I0+RzSGEkF/ql8H6vTCSqQPD6xYsGChdYz4EEOjP052ZV35d44FiztWi?= =?Windows-1252?Q?SJqdyT9p7gGtMOpEiImMJ9atViTudao9DtzUeL3Kw92Xn7MgNkP1q6Ce?= =?Windows-1252?Q?AGd7q0vr04dzshXuRTkyY+YfSR7DZmAOb9XkT9HbbWiCLVC5uqXG80Q5?= =?Windows-1252?Q?uJ2dzdEbHvERNYquv8fI/L214Kt6LD0KR2Abx/lFZQPRnw8r6UGH11do?= =?Windows-1252?Q?FXFvW8TKfetfZqjQh35tQh73rgNxDgGYEcYUNrKC8U9A640CMgveuO1M?= =?Windows-1252?Q?pRACRrqGIKI1D9aC9WOBscj0a8ExA70ZXZ2P4Cv5bzZCsgIltvtVlEVP?= =?Windows-1252?Q?P+4PsUQOsGbeDGY+FoYrXSDsYEhvz+W/SEsB6SGOaULu6KHyhg0N4qDz?= =?Windows-1252?Q?vPserjTqGROSFetfb25n392fcg5JNxo12mNUansqmMqqJPjMcLJrTsDQ?= =?Windows-1252?Q?7pPdM1TWiGLApF3clV0fugWaUExcb96FPGofC8rMpisrEgaUKCkLaJ35?= =?Windows-1252?Q?cEzMQQF+nIUgiXHhVEIzyPu+kNz+Yc9Gs8a6g3JmnxlSPJQA5rmY/p+p?= =?Windows-1252?Q?9vFqKYByu8uXMlWwYFOxbCpMKoUAe3i35Asx9KkHT9+7QEAwwo9InkXH?= =?Windows-1252?Q?67c1zTu09d32PAWbqFftPP0NpOCkDzJ10SHLQgeP1ktk7scOT18uf0gg?= =?Windows-1252?Q?cLdSdQdPL84TJP5ldSoeWJoylCv9RaaKWCuiuwa7936zUsqMM2HbcXq2?= =?Windows-1252?Q?eqkFLJfDfLKmfHhQID2DsifrwuxJxquAN48JXt9hfcclAwDpTx6cavw+?= =?Windows-1252?Q?wzKsxwYT4HMOL0OH1MCsgCMLS9UzosfEI20Lrmf2XJT41J4inld1+HXe?= =?Windows-1252?Q?6c+lVxuLbHZ3CfMQCt8tmnxY6IAbX/ZDJ8P2Rh50GqmeemZPHnpiWwM7?= =?Windows-1252?Q?QdvyVSoS/Bu9WtcsMjLSP4ZYLXmFMT5cGzBV+QDxiFqpsngJuNJit3Xp?= =?Windows-1252?Q?Um76GrzdiYGEDA6DvTBRQwvkjxX?= X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0971;6:QBWexYOjNs7lm5fyd/fWYms04YPookEwFoggdCWwphpr3ML1fdbrV7vI8sONAFb5YdUTmiOSUUhWg/49iJPr4p+Qub+xgv7xc2Yf5T0seIczXVP/wbRoOLl/Qz+JeHMekj1F4XWIXrZ1DuwY/H94ZvAPcYMahomBVqK8SuQJEzTGD98t0g86AzZMnwBDzUqtsbc69zmatMp+4+28WkgnNThjLnCHROdmpNTil7bBccMyg6bzwddZDQN5iMLUiCU+ml0r7VKCVHHHiT3CIJKxdkt60lqDrCB87WsORE40kLOerM+udJAu37cg3jAcs5BcnVrrB2DovO8wJ04y9cxuzXU2EdXmQZ3yCK/SExQHESM=;5:wN0rmdV4TN1HL349NqsxaL1Tm/qvQWqpwHaTBofRLdyz84ThHTv7Xh8rpj8XEzd2+b5vv195IMD609HGgGvNNK90thROgIwA+0BHezf18BOVgWcjmRdTP0MPxkdbPYh9wzSZy+YXI6OP1HXAis5o9JM38rFhC9sv98jlCOWX7ys=;24:Xd/0mpjFfQmLeKEu4HgVR3XSAQYVE4dlM7c/cCRkzVjW3N9IlXCuAle7u8Wz8SHwgsreSUTXQhfBp+hAMLn/697/uO297GMc9Az+6QJVTDc=;7:7ddh5bQO8sFrlBzTgkxokm0fqDyLTfOjEoMYto9cuzTQnJReNpm5D74souiCx9ofX3IGmOyxdcLF/cpfPI/yahdWj/ipKLRSjiOsvZLBBm7+XxnHor9kP0m94jhuo0OJ9y20vwomumo29d+XYHZf457GD+ebJKI1m486L2BYvGxFlNf66SgUVnMi5G/stSdtVr/ffnBVsFnfG5t54QklVvJ+2xOQXY10jTtBcXv30+/G/wCHZr+GIbxQVzdnBZ2x SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB0971;20:y+omDMjrsIDJS3GPHtVYbF33FGCUlwHRxsOx6tKyvhyjkiQ5Pl3ptHScWSK7LDvSPsBB3HsO99PqYjj5Usu290qHJHnmUpSg+usfHkBFeof0V3AtW3ToigNOS97M7XbFToKOfilRFsgXFOvJU+lHKYiBXwYd/4yon2I3OnUCt3w= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Dec 2017 01:03:28.7230 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 88b79a0b-f0b6-4737-eae9-08d54e57f9c7 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR15MB0971 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-12-29_01:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2928 Lines: 66 On 12/28/17 12:20 AM, Masami Hiramatsu wrote: > On Wed, 27 Dec 2017 20:32:07 -0800 > Alexei Starovoitov wrote: > >> On 12/27/17 8:16 PM, Steven Rostedt wrote: >>> On Wed, 27 Dec 2017 19:45:42 -0800 >>> Alexei Starovoitov wrote: >>> >>>> I don't think that's the case. My reading of current >>>> trace_kprobe_ftrace() -> arch_check_ftrace_location() >>>> is that it will not be true for old mcount case. >>> >>> In the old mcount case, you can't use ftrace to return without calling >>> the function. That is, no modification of the return ip, unless you >>> created a trampoline that could handle arbitrary stack frames, and >>> remove them from the stack before returning back to the function. >> >> correct. I was saying that trace_kprobe_ftrace() won't let us do >> bpf_override_return with old mcount. > > No, trace_kprobe_ftrace() just checks the given address will be > managed by ftrace. you can see arch_check_ftrace_location() in kernel/kprobes.c. > > FYI, CONFIG_KPROBES_ON_FTRACE depends on DYNAMIC_FTRACE_WITH_REGS, and > DYNAMIC_FTRACE_WITH_REGS doesn't depend on CC_USING_FENTRY. > This means if you compile kernel with old gcc and enable DYNAMIC_FTRACE, > kprobes uses ftrace on mcount address which is NOT the entry point > of target function. ok. fair enough. I think we can gate the feature to !mcount only. > On the other hand, changing IP feature has been implemented originaly > by kprobes with int3 (sw breakpoint). This means you can use kprobes > at correct address (the entry address of the function) you can hijack > the function, as jprobe did. > >>>> As far as the rest of your arguments it very much puzzles me that >>>> you claim that this patch suppose to work based on historical >>>> reasoning whereas you did NOT test it. >>> >>> I believe that Masami is saying that the modification of the IP from >>> kprobes has been very well tested. But I'm guessing that you still want >>> a test case for using kprobes in this particular instance. It's not the >>> implementation of modifying the IP that you are worried about, but the >>> implementation of BPF using it in this case. Right? >> >> exactly. No doubt that old code works. >> But it doesn't mean that bpf_override_return() will continue to >> work in kprobes that are not ftrace based. >> I suspect Josef's existing test case will cover this situation. >> Probably only special .config is needed to disable ftrace, so >> "kprobe on entry but not ftrace" check will kick in. > > Right. If you need to test it, you can run Josef's test case without > CONFIG_DYNAMIC_FTRACE. It should be obvious that the person who submits the patch must run the tests. >> But I didn't get an impression that this situation was tested. >> Instead I see only logical reasoning that it's _supposed_ to work. >> That's not enough. > > OK, so would you just ask me to run samples/bpf ? Please run Josef's test in the !ftrace setup.