Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2484515pxb; Sat, 30 Jan 2021 04:13:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJyFr2XEQAP6jfPcUVvTeXVDpsCXmuowBfZhIrSI/d2VSsA0iOrDXREw8Bg7SmIR4BKrPil8 X-Received: by 2002:a05:6402:d:: with SMTP id d13mr928723edu.274.1612008827765; Sat, 30 Jan 2021 04:13:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612008827; cv=none; d=google.com; s=arc-20160816; b=Xppu/9tOJKD12FrWupVrOwqMsb/r6rLEO0I4Q5lLKw9tNwjx8Q9UEZ7V8WihSCh8pe Ntnu+MnddxatwH0eK78iw5H2jeak34q8jS8esC5RAXLspjclmE2EtuZyLTKL1GJcVmGC 4VuFALCcpCcz6AtYCqmR1l/PTmNRrMXBBIipAy6pa+OENMwioeJ3rQu9fQIbsdFiRAuw OUFMpVe5F5cNhsu7TwmjYM2986UiLyR/+tMb2HMQaFUF8pCDHLAXSHDaG2HWK0fluTe0 PWN+wEmD9JUmJU11LGPDeD8VrnsIvijQnpB9EOJPKSK62UFWPoJTB1WMuc+ySEAtlATE MdGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=V9M6J3344aO/UZSDZrhEmlKo0fC+votuERKLFN/8/Ck=; b=JekNxZZsrxfFGYgKTqmK8Y0Z/DY8/52MwjiBEdU0f0fNzZcxexbu/wU5ktT6hjKfYA liEvDgyjnhy2TdOK9o1bCab9TuzCvoeL3zov0jSIVtPItGtcYb4KPTcacW/0D6BNZrPv UyCDq9I4uIEspLe7Qruoozk+0wIbqnp63Rmfbn+yHoRaSeZTx0MC4/Vw0l4v/WuIc8g7 2/wWl3zQXZ7G9UpT8vfdhKS4mjCiNFfQliT0H5dJkF2GmPQZvD9qno1tapdtCZKh8eSS aE32BKtO9/FCGIyuvjdW/C5tJ6zE90XITJ2XiXu+qwQGKxNxzVbzwJ5UV2VGYoIVASLz SODw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eWZuYfUn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n19si6695298ejc.352.2021.01.30.04.13.11; Sat, 30 Jan 2021 04:13:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eWZuYfUn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229990AbhA3MLJ (ORCPT + 99 others); Sat, 30 Jan 2021 07:11:09 -0500 Received: from mail.kernel.org ([198.145.29.99]:60136 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229854AbhA3MLJ (ORCPT ); Sat, 30 Jan 2021 07:11:09 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7952664DDC; Sat, 30 Jan 2021 12:10:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1612008628; bh=p3IJGlMdtX9I1kgadKwx0x2GqQLSItjvV7ppyHSL2/E=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=eWZuYfUnlm3B3qwR+nwqP+w0gYbO9+bUsDyh+xYlwkQ97lly0HU2gEsq2+ALvgDyu bk7uKVZoUzv7USeAxTzux0oY2trIxfTQhUzhuJLL1+sZMsxKs+n+JYfgK4TXfl/fb1 V8uwJuxxyhGcWJRySXg1HY1ZfgJpPsFqWMdiDqaHQNajll48gWKIjVh51LAjb/5r2P 9SV5iBOLXzUgR6EIN7KIFD0iNrJCXYNFnWDCmdANjRtP8XGd44JGGZdDKPlsnOr1qg P5tMF7Px9hk0uhvZy7tOkDOdYqZ+uqgQY6KG5NkonkLrWDtXRC6ZsdHkulGNhSi95S JdAhhaBRFPJpQ== Date: Sat, 30 Jan 2021 21:10:22 +0900 From: Masami Hiramatsu To: Alexei Starovoitov Cc: Peter Zijlstra , Steven Rostedt , Nikolay Borisov , LKML , Alexei Starovoitov , bpf , Josh Poimboeuf Subject: Re: kprobes broken since 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()") Message-Id: <20210130211022.d64c4caaf6667ec70a871420@kernel.org> In-Reply-To: <20210130030840.hodq2ixpkdoue5jd@ast-mbp.dhcp.thefacebook.com> References: <20210129013452.njuh3fomws62m4rc@ast-mbp.dhcp.thefacebook.com> <20210129224011.81bcdb3eba1227c414e69e1f@kernel.org> <20210129105952.74dc8464@gandalf.local.home> <20210129162438.GC8912@worktop.programming.kicks-ass.net> <20210129175943.GH8912@worktop.programming.kicks-ass.net> <20210130110249.61fdad8f0cfe51a121c72302@kernel.org> <20210130030840.hodq2ixpkdoue5jd@ast-mbp.dhcp.thefacebook.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 29 Jan 2021 19:08:40 -0800 Alexei Starovoitov wrote: > On Sat, Jan 30, 2021 at 11:02:49AM +0900, Masami Hiramatsu wrote: > > On Fri, 29 Jan 2021 18:59:43 +0100 > > Peter Zijlstra wrote: > > > > > On Fri, Jan 29, 2021 at 09:45:48AM -0800, Alexei Starovoitov wrote: > > > > Same things apply to bpf side. We can statically prove safety for > > > > ftrace and kprobe attaching whereas to deal with NMI situation we > > > > have to use run-time checks for recursion prevention, etc. > > > > > > I have no idea what you're saying. You can attach to functions that are > > > called with random locks held, you can create kprobes in some very > > > sensitive places. > > > > > > What can you staticlly prove about that? > > > > For the bpf and the kprobe tracer, if a probe hits in the NMI context, > > it can call the handler with another handler processing events. > > > > kprobes is carefully avoiding the deadlock by checking recursion > > with per-cpu variable. But if the handler is shared with the other events > > like tracepoints, it needs to its own recursion cheker too. > > > > So, Alexei, maybe you need something like this instead of in_nmi() check. > > > > DEFINE_PER_CPU(bool, under_running_bpf); > > > > common_handler() > > { > > if (__this_cpu_read(under_running_bpf)) > > return; > > __this_cpu_write(under_running_bpf, true); > > /* execute bpf prog */ > > __this_cpu_write(under_running_bpf, false); > > } > > > > Does this work for you? > > This exactly check is already in trace_call_bpf. > Right after if (in_nmi()). > See bpf_prog_active. It serves different purpose though. > Simply removing if (in_nmi()) from trace_call_bpf is a bit scary. > I need to analyze all code paths first. OK, if bpf already avoids its recursion, other considerable case is that some resources are shared among bpf_prog and other parts. Since asynchronous NMI can occur anywhere, such resource usage can conflict with bpf_prog. Kprobes had similar issue, so I set a dummy kprobes to current_kprobes for protecting such critical sections. See kprobe_busy_begin()/end() and where those are used. Thank you, -- Masami Hiramatsu