Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1137286pxb; Thu, 28 Jan 2021 08:50:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJx0AaeX/JmJBzKlNqQjdHWU64GkL/v61yA544h4LYh/rN/k0kmn0aKBH7eSOANqY3HsniZK X-Received: by 2002:a05:6402:26d3:: with SMTP id x19mr515576edd.0.1611852628873; Thu, 28 Jan 2021 08:50:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611852628; cv=none; d=google.com; s=arc-20160816; b=jH0dgSMtRPHFpg2TuFVy184yCSNqiOei9LIrhGnqiEfE+VqT7trll3VgJ5OL8rM4v3 yYQnNodNDJNC8esGFQxPgw2zwtyNk7O6egowQfJK/Grk7viS4Awngik2LO3EP3B8jB+J /p799Ti9O1eVIIw5efWhPZrcPQGEG3W7ZD8PQ2DsR9bhaYwxkr3SZty8i8rKJayPhYW6 rRApUIq7Q55Jdnw/LHhNqV7lMnW4s2cq+W7tVmZ4e0C88h9qmM/5/kYYFI13CV5TJqul QeE+YzAK5fJI4yAXhxYEf6xD02r5L98L46PLHACQrDNVkD77YcsfpADHeO7HNwEwCVDt K/8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:autocrypt :references:cc:to:from:subject:dkim-signature; bh=0XxMGxtIjAuo7zn7mo60R0A0DEYJ4h5ASS9zc02cvdk=; b=cLULUJABhe7Whqi0vRAQvlBooDiatAZbKCwUqMQPglYX9Y4xqNCOSEHrdkuXvNMded YVFNzs4Ga1ckfldie+daChezCuAiIrcCKoqKNmKqPyKarNan07XmqaCEDa3P/Xt8ydne 863qNSReoStX+4BIsjYqX66zhxsKp0RAtQuX3volirmXWZBDxtYPv7m0rQfB07tW8VzI FeHUsAtBtDNLyxwKSWoCz1RtmQESA5AsYh/zBpdcVSh4Uxrz13X4QmhzOKf22WoDbfI0 siEhS10viSFBvgvUpLAeBrjNesXMWjl8WqJg2aKMDcKTCxIUKYpNe9GmrlAuuCb7KMiQ 3LyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=DbGG9Y9W; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z17si3232426edr.573.2021.01.28.08.50.04; Thu, 28 Jan 2021 08:50:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=DbGG9Y9W; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232076AbhA1Qs6 (ORCPT + 99 others); Thu, 28 Jan 2021 11:48:58 -0500 Received: from mx2.suse.de ([195.135.220.15]:43400 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232636AbhA1Qqu (ORCPT ); Thu, 28 Jan 2021 11:46:50 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1611852357; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=0XxMGxtIjAuo7zn7mo60R0A0DEYJ4h5ASS9zc02cvdk=; b=DbGG9Y9WXLyseWT1CsNLluusXrrpg4rRqCDWUhKFdpFnjmzSkvLoMP1XzrmE7wrTvdJ4fA H4YQS7KyAwA6ye4KCi97gnBXDc9azVbnDEet4eZbWTneEUrxL2e97P+pMr+zC8T8gXSp4P f0Z1vwayFULvSyOfDpHsY5QWcNAKW8Y= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 3FA24AD2B; Thu, 28 Jan 2021 16:45:57 +0000 (UTC) Subject: Re: kprobes broken since 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()") From: Nikolay Borisov To: Masami Hiramatsu , Masami Hiramatsu Cc: Peter Zijlstra , LKML , Alexei Starovoitov , bpf@vger.kernel.org, Josh Poimboeuf , Steven Rostedt References: <25cd2608-03c2-94b8-7760-9de9935fde64@suse.com> <20210128001353.66e7171b395473ef992d6991@kernel.org> <20210128002452.a79714c236b69ab9acfa986c@kernel.org> <20210128103415.d90be51ec607bb6123b2843c@kernel.org> <20210128123842.c9e33949e62f504b84bfadf5@gmail.com> Autocrypt: addr=nborisov@suse.com; prefer-encrypt=mutual; keydata= mQINBFiKBz4BEADNHZmqwhuN6EAzXj9SpPpH/nSSP8YgfwoOqwrP+JR4pIqRK0AWWeWCSwmZ T7g+RbfPFlmQp+EwFWOtABXlKC54zgSf+uulGwx5JAUFVUIRBmnHOYi/lUiE0yhpnb1KCA7f u/W+DkwGerXqhhe9TvQoGwgCKNfzFPZoM+gZrm+kWv03QLUCr210n4cwaCPJ0Nr9Z3c582xc bCUVbsjt7BN0CFa2BByulrx5xD9sDAYIqfLCcZetAqsTRGxM7LD0kh5WlKzOeAXj5r8DOrU2 GdZS33uKZI/kZJZVytSmZpswDsKhnGzRN1BANGP8sC+WD4eRXajOmNh2HL4P+meO1TlM3GLl EQd2shHFY0qjEo7wxKZI1RyZZ5AgJnSmehrPCyuIyVY210CbMaIKHUIsTqRgY5GaNME24w7h TyyVCy2qAM8fLJ4Vw5bycM/u5xfWm7gyTb9V1TkZ3o1MTrEsrcqFiRrBY94Rs0oQkZvunqia c+NprYSaOG1Cta14o94eMH271Kka/reEwSZkC7T+o9hZ4zi2CcLcY0DXj0qdId7vUKSJjEep c++s8ncFekh1MPhkOgNj8pk17OAESanmDwksmzh1j12lgA5lTFPrJeRNu6/isC2zyZhTwMWs k3LkcTa8ZXxh0RfWAqgx/ogKPk4ZxOXQEZetkEyTFghbRH2BIwARAQABtCNOaWtvbGF5IEJv cmlzb3YgPG5ib3Jpc292QHN1c2UuY29tPokCOAQTAQIAIgUCWIo48QIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQcb6CRuU/KFc0eg/9GLD3wTQz9iZHMFbjiqTCitD7B6dTLV1C ddZVlC8Hm/TophPts1bWZORAmYIihHHI1EIF19+bfIr46pvfTu0yFrJDLOADMDH+Ufzsfy2v HSqqWV/nOSWGXzh8bgg/ncLwrIdEwBQBN9SDS6aqsglagvwFD91UCg/TshLlRxD5BOnuzfzI Leyx2c6YmH7Oa1R4MX9Jo79SaKwdHt2yRN3SochVtxCyafDlZsE/efp21pMiaK1HoCOZTBp5 VzrIP85GATh18pN7YR9CuPxxN0V6IzT7IlhS4Jgj0NXh6vi1DlmKspr+FOevu4RVXqqcNTSS E2rycB2v6cttH21UUdu/0FtMBKh+rv8+yD49FxMYnTi1jwVzr208vDdRU2v7Ij/TxYt/v4O8 V+jNRKy5Fevca/1xroQBICXsNoFLr10X5IjmhAhqIH8Atpz/89ItS3+HWuE4BHB6RRLM0gy8 T7rN6ja+KegOGikp/VTwBlszhvfLhyoyjXI44Tf3oLSFM+8+qG3B7MNBHOt60CQlMkq0fGXd mm4xENl/SSeHsiomdveeq7cNGpHi6i6ntZK33XJLwvyf00PD7tip/GUj0Dic/ZUsoPSTF/mG EpuQiUZs8X2xjK/AS/l3wa4Kz2tlcOKSKpIpna7V1+CMNkNzaCOlbv7QwprAerKYywPCoOSC 7P25Ag0EWIoHPgEQAMiUqvRBZNvPvki34O/dcTodvLSyOmK/MMBDrzN8Cnk302XfnGlW/YAQ csMWISKKSpStc6tmD+2Y0z9WjyRqFr3EGfH1RXSv9Z1vmfPzU42jsdZn667UxrRcVQXUgoKg QYx055Q2FdUeaZSaivoIBD9WtJq/66UPXRRr4H/+Y5FaUZx+gWNGmBT6a0S/GQnHb9g3nonD jmDKGw+YO4P6aEMxyy3k9PstaoiyBXnzQASzdOi39BgWQuZfIQjN0aW+Dm8kOAfT5i/yk59h VV6v3NLHBjHVw9kHli3jwvsizIX9X2W8tb1SefaVxqvqO1132AO8V9CbE1DcVT8fzICvGi42 FoV/k0QOGwq+LmLf0t04Q0csEl+h69ZcqeBSQcIMm/Ir+NorfCr6HjrB6lW7giBkQl6hhomn l1mtDP6MTdbyYzEiBFcwQD4terc7S/8ELRRybWQHQp7sxQM/Lnuhs77MgY/e6c5AVWnMKd/z MKm4ru7A8+8gdHeydrRQSWDaVbfy3Hup0Ia76J9FaolnjB8YLUOJPdhI2vbvNCQ2ipxw3Y3c KhVIpGYqwdvFIiz0Fej7wnJICIrpJs/+XLQHyqcmERn3s/iWwBpeogrx2Lf8AGezqnv9woq7 OSoWlwXDJiUdaqPEB/HmGfqoRRN20jx+OOvuaBMPAPb+aKJyle8zABEBAAGJAh8EGAECAAkF AliKBz4CGwwACgkQcb6CRuU/KFdacg/+M3V3Ti9JYZEiIyVhqs+yHb6NMI1R0kkAmzsGQ1jU zSQUz9AVMR6T7v2fIETTT/f5Oout0+Hi9cY8uLpk8CWno9V9eR/B7Ifs2pAA8lh2nW43FFwp IDiSuDbH6oTLmiGCB206IvSuaQCp1fed8U6yuqGFcnf0ZpJm/sILG2ECdFK9RYnMIaeqlNQm iZicBY2lmlYFBEaMXHoy+K7nbOuizPWdUKoKHq+tmZ3iA+qL5s6Qlm4trH28/fPpFuOmgP8P K+7LpYLNSl1oQUr+WlqilPAuLcCo5Vdl7M7VFLMq4xxY/dY99aZx0ZJQYFx0w/6UkbDdFLzN upT7NIN68lZRucImffiWyN7CjH23X3Tni8bS9ubo7OON68NbPz1YIaYaHmnVQCjDyDXkQoKC R82Vf9mf5slj0Vlpf+/Wpsv/TH8X32ajva37oEQTkWNMsDxyw3aPSps6MaMafcN7k60y2Wk/ TCiLsRHFfMHFY6/lq/c0ZdOsGjgpIK0G0z6et9YU6MaPuKwNY4kBdjPNBwHreucrQVUdqRRm RcxmGC6ohvpqVGfhT48ZPZKZEWM+tZky0mO7bhZYxMXyVjBn4EoNTsXy1et9Y1dU3HVJ8fod 5UqrNrzIQFbdeM0/JqSLrtlTcXKJ7cYFa9ZM2AP7UIN9n1UWxq+OPY9YMOewVfYtL8M= Message-ID: Date: Thu, 28 Jan 2021 18:45:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 28.01.21 г. 18:12 ч., Nikolay Borisov wrote: > > > On 28.01.21 г. 5:38 ч., Masami Hiramatsu wrote: >> Hi, > > > >> >> Alexei, could you tell me what is the concerning situation for bpf? > > Another data point masami is that this affects bpf kprobes which are > entered via int3, alternatively if the kprobe is entered via > kprobe_ftrace_handler it works as expected. I haven't been able to > determine why a particular bpf probe won't use ftrace's infrastructure > if it's put at the beginning of the function. An alternative call chain > is : > > => __ftrace_trace_stack > => trace_call_bpf > => kprobe_perf_func > => kprobe_ftrace_handler > => 0xffffffffc095d0c8 > => btrfs_validate_metadata_buffer > => end_bio_extent_readpage > => end_workqueue_fn > => btrfs_work_helper > => process_one_work > => worker_thread > => kthread > => ret_from_fork > >> I have a working theory why I'm seeing this. My kernel (broken) was compiled with retpolines off and with the gcc that comes with ubuntu (both 9 and 10: gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0 gcc-10 (Ubuntu 10.2.0-5ubuntu1~20.04) 10.2.0 ) this results in CFI being enabled so functions look like: 0xffffffff81493890 <+0>: endbr64 0xffffffff81493894 <+4>: callq 0xffffffff8104d820 <__fentry__> i.e fentry's thunk is not the first instruction on the function hence it's not going through the optimized ftrace handler. Instead it's using int3 which is broken as ascertained. After testing with my testcase I confirm that with cfi off and __fentry__ being the first entry bpf starts working. And indeed, even with CFI turned on if I use a probe like : bpftrace -e 'kprobe:btrfs_sync_file+4 {printf("kprobe: %s\n", kstack());}' &>bpf-output & it would be placed on the __fentry__ (and not endbr64) hence it works. So perhaps a workaround outside of bpf could essentially detect this scenario and adjust the probe to be on the __fentry__ and not preceding instruction if it's detected to be endbr64 ?