Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp666848pxx; Thu, 29 Oct 2020 11:26:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyFKwB6VEwFRNz6V4rkR2A6vsgRRbCEka2OjszymzhRulEpH4n/+nitLN4hici5GJ44Nrj1 X-Received: by 2002:a17:906:edb0:: with SMTP id sa16mr5301882ejb.327.1603995984482; Thu, 29 Oct 2020 11:26:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603995984; cv=none; d=google.com; s=arc-20160816; b=cHzUM73gV6kGv8yn9fQJJVRjakJBaQuygtStlXcooj3Ss/TnvO0WtdlREaEfMUCWkY 5i4pZv9TW/Gw2foe3707z4foyTcW+28ZFn1T48gdQX9zEhakwnZ4m0pl51nPyllkn5cw oCY9P9sudfBBZyeAIEra7K/+SRPCqdPMPD3VLf7g+98pM3tF7iqDAJhBjLx/xsOXNui/ lttDSmd4WHIzvO0JbzPUW8Vz+bky9+Zs+gxgMWsF1CrL4TmaWSBw445v2Ca/qzPy2BS1 9dA7EJKs1/4Z0aU8Vzm1tSRJCKgMHvIESGBZczOHTR9prtWDPvzsF0dd2umuzMl4eFmq 0U6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=/8rQa0x2Rl+Ckq0pzSZOArvuYC0e6wvuLUlPYfLmVP0=; b=pWYz6SRVHicnyAcM/gweV0dY6kmwzfQaLt+x9ogUCuAkdWyTRf+M04LM/ixDeGzlUE sj5IwM7osQEfXyKUD21j+nSsHM1giOgXy9S8u00OQB8yd5g4HIOe6nnw2uO/v8cT1ron GHTJFehwIfYAjesNGZcHeAMC9U/xR+pKfz+bwqwtpTT6AA+TxNi5OaofJWSQ40nqYBG+ T5IW+aVzDk62/2LG6YmCTGbjWgmHkZeGJp4dT9R0E+w0oJ71fX8pDoqR8/8mDzQJdZO7 qi7yuno+FlDzfVz+yTrRva4hggM0RDui92J6TkA4gyfMiegVTzaEyOYn98vYCHAS/Z9Q XWKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l23si2973149ejb.743.2020.10.29.11.26.02; Thu, 29 Oct 2020 11:26:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725903AbgJ2SYM (ORCPT + 99 others); Thu, 29 Oct 2020 14:24:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:32844 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725747AbgJ2SYL (ORCPT ); Thu, 29 Oct 2020 14:24:11 -0400 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 37F7820825; Thu, 29 Oct 2020 18:24:09 +0000 (UTC) Date: Thu, 29 Oct 2020 14:24:06 -0400 From: Steven Rostedt To: Petr Mladek Cc: Miroslav Benes , linux-kernel@vger.kernel.org, Masami Hiramatsu , Andrew Morton , Josh Poimboeuf , Jiri Kosina , Joe Lawrence , live-patching@vger.kernel.org Subject: Re: [PATCH 6/9] livepatch/ftrace: Add recursion protection to the ftrace callback Message-ID: <20201029142406.3c46855a@gandalf.local.home> In-Reply-To: <20201029145709.GD16774@alley> References: <20201028115244.995788961@goodmis.org> <20201028115613.291169246@goodmis.org> <20201029145709.GD16774@alley> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 29 Oct 2020 15:57:09 +0100 Petr Mladek wrote: > On Thu 2020-10-29 14:51:06, Miroslav Benes wrote: > > On Wed, 28 Oct 2020, Steven Rostedt wrote: > > > > > From: "Steven Rostedt (VMware)" > > > > > > If a ftrace callback does not supply its own recursion protection and > > > does not set the RECURSION_SAFE flag in its ftrace_ops, then ftrace will > > > make a helper trampoline to do so before calling the callback instead of > > > just calling the callback directly. > > > > > > The default for ftrace_ops is going to assume recursion protection unless > > > otherwise specified. > > It might be my lack skills to read English. But the above sentence > sounds ambiguous to me. It is not clear to me who provides the > recursion protection by default. Could you please make it more > explicit, for example by: > > "The default for ftrace_ops is going to change. It will expect that > handlers provide their own recursion protection." It was originally written as something else, as my first series (that I didn't post) added the recursion flag, and then I needed one big nasty patch to remove them. Then I realized it would be fine to just keep the double recursion testing and remove the flag when it was no longer used. I then went back and wrote up that sentence, and yeah, it wasn't the best explanation. Your sentence is better, I'll update it. > > > > Hm, I've always thought that we did not need any kind of recursion > > protection for our callback. It is marked as notrace and it does not call > > anything traceable. In fact, it does not call anything. I even have a note > > in my todo list to mark the callback as RECURSION_SAFE :) > > Well, it calls WARN_ON_ONCE() ;-) > > > At the same time, it probably does not hurt and the patch is still better > > than what we have now without RECURSION_SAFE if I understand the patch set > > correctly. > > And better be on the safe side. And the WARN_ON_ONCE() use to cause a problem, until I fixed it: dfbf2897d0049 ("bug: set warn variable before calling WARN()") > > > > > Cc: Josh Poimboeuf > > > Cc: Jiri Kosina > > > Cc: Miroslav Benes > > > Cc: Petr Mladek > > > Cc: Joe Lawrence > > > Cc: live-patching@vger.kernel.org > > > Signed-off-by: Steven Rostedt (VMware) > > > --- > > > kernel/livepatch/patch.c | 5 +++++ > > > 1 file changed, 5 insertions(+) > > > > > > diff --git a/kernel/livepatch/patch.c b/kernel/livepatch/patch.c > > > index b552cf2d85f8..6c0164d24bbd 100644 > > > --- a/kernel/livepatch/patch.c > > > +++ b/kernel/livepatch/patch.c > > > @@ -45,9 +45,13 @@ static void notrace klp_ftrace_handler(unsigned long ip, > > > struct klp_ops *ops; > > > struct klp_func *func; > > > int patch_state; > > > + int bit; > > > > > > ops = container_of(fops, struct klp_ops, fops); > > > > > > + bit = ftrace_test_recursion_trylock(); > > > + if (bit < 0) > > > + return; > > > > This means that the original function will be called in case of recursion. > > That's probably fair, but I'm wondering if we should at least WARN about > > it. > > Yeah, the early return might break the consistency model and > unexpected things might happen. We should be aware of it. > Please use: > > if (WARN_ON_ONCE(bit < 0)) > return; > > WARN_ON_ONCE() might be part of the recursion. But it should happen > only once. IMHO, it is worth the risk. > > Otherwise it looks good. Perhaps we can add that as a separate patch, because this patch doesn't add any real functionality change. It only moves the recursion testing from the helper function (which ftrace wraps all callbacks that do not have the RECURSION flags set, including this one) down to your callback. In keeping with one patch to do one thing principle, the added of WARN_ON_ONCE() should be a separate patch, as that will change the functionality. If that WARN_ON_ONCE() breaks things, I'd like it to be bisected to another patch other than this one. -- Steve