Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp11382530rwr; Sat, 13 May 2023 02:25:23 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7TyxZL8871pGkBi98PVWQrNmoCx6VyRdHZ0YWD2bW58nNZUeLrrKfuxslG7sHP+0PAJCsN X-Received: by 2002:a17:902:e882:b0:1aa:f3c4:74e5 with SMTP id w2-20020a170902e88200b001aaf3c474e5mr34127517plg.0.1683969923226; Sat, 13 May 2023 02:25:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683969923; cv=none; d=google.com; s=arc-20160816; b=F1dobZ5tMtaRVlgweUgU5XViz+dzolBeF9gGFicsULcITIhsOhLXl0fLep+u7WfSHS hiuk+RY6Vfa3v50+RNfT46vK664pt084jkoqjrnBpJ/j+6azM2liqmRk7Ma2+rJ4fwlz 7mfXJ+N54XXpAMGnaFaIOzjG3SWQJmLqVjj28TLjFwNHI5xc3IMoT312kWY3cKsTcvG7 sR4pe3gQCR2uaSEz2f8iR1QrCe7t6hvOgnLf8Puxk3T5I7hQkOPJzxDCK82K17QVJ4Xq a6ApvRqpcU0hBycbrnG7IbEeKAWXn+bL5/dTuFJAjJdRg+E88eqUF0AQYHPkGECN8SzT LVbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=V/ffD06cwDqqYw9ZZG01Fo5tfB2NmW+1D8qbzBkTPeA=; b=aHjigL5oylFMIBabrTYzbyjVrME0bT/4yWxtxOymYG0aph1vh0b9Ua3HFv5VpEvP7/ BZdFeLZbpfM/DLaQ/PQlJmbkjGSfm7oL1LogneDAMIY0cEYXMowCc41LePt5eLjTXpEY K1QunFnLib8zdMObZd9EB+73cLmKvIBQtCi2coeOWgJK+XrwTcVaMoBJ+dMYz8sqq4JO Tw13F6fcJSbDZSOY7j5E438Re0ioictDcpM0FZh93FKWWropKr8OVYTMN7a5+RxsbdA2 6lE0wqosR3uCLLp0noBU6twSQUebfdHe+iVVYHhScSHDlhXa+tDaKCcmVVCUNX30YkB2 uNmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=LmwSMi02; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i1-20020a170902c94100b001ac47a1578asi12096314pla.232.2023.05.13.02.25.09; Sat, 13 May 2023 02:25:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=LmwSMi02; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233374AbjEMJTt (ORCPT + 99 others); Sat, 13 May 2023 05:19:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237453AbjEMJTq (ORCPT ); Sat, 13 May 2023 05:19:46 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5C4A35AD; Sat, 13 May 2023 02:19:45 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-50b37f3e664so19049701a12.1; Sat, 13 May 2023 02:19:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683969584; x=1686561584; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=V/ffD06cwDqqYw9ZZG01Fo5tfB2NmW+1D8qbzBkTPeA=; b=LmwSMi02wUb7imyTUGCdjBF3bcsZMsz0W7Y+n+AgTjFQ2omGRi0diD5jOswF3DmkgR O5yJygYBDy4gGsW18EBQEtG64HsubWz+WnQlkK4jzdtMSbGcH5qTyf0BUB9ZhwhJxGth Y2XQRrK3Th+PRjNhtggJLt8UNEn60p9KNqG3YjPUewtgcfKnXl4Z7n2YA6V23b+P3LZ4 vEaxEmAscJsu41kUQWtUbI17SKsWL9LSK07xuhO9yWrmJkTyUL164RsPcU0o8+PGQMK6 6T2GjcPICWuHoaJXMgHSiS6q94qCUv9hRTEfxE/iDLPjL/LvGhqySUCc2XWvUgHb2qBs C/ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683969584; x=1686561584; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=V/ffD06cwDqqYw9ZZG01Fo5tfB2NmW+1D8qbzBkTPeA=; b=YcfQr0ZSjpeEQjr3qCAUKK87VqI+gP2StL7TCNyVEtKp6i+3CnWj8YSITZbfIE3jn/ Yi+bX1TjCXlkl3kymEXjXcCuYjcwa5OM10ACgnSS0CL+j3nIPqwdsRRmrnOmsyXOc5Sp HFn0gWSjZwsnjmNPYtVTgXkuUM1T+JqrGrNn58yl712HlAH1T7+lvz9o7qbI4q4J2Zxq LAIlohwF102OiNc2JgAdyEPNKGwcJ9gwR96/5NZhtk2LFudsviOweRMivbhSlayWbvWi HhJtacAQ4BkjBn667oatC5w9ILfVMOhpsCZneQ8UYeUt8ikkEs0DXjJI/WtmvCrXFjjg y76w== X-Gm-Message-State: AC+VfDwe5votAg5Jxx44AY4JQZ5wf+Vcehbu/8SwSS9S26tKJmql4nXg UFQxeAqlSsyr1qz8R5COsxLjRgA6FpMDAgDcTLWOCA+vWSssqQ== X-Received: by 2002:a05:6402:605:b0:50d:91c8:9e10 with SMTP id n5-20020a056402060500b0050d91c89e10mr20037487edv.10.1683969584084; Sat, 13 May 2023 02:19:44 -0700 (PDT) MIME-Version: 1.0 References: <20230510122045.2259-1-zegao@tencent.com> <6308b8e0-8a54-e574-a312-0a97cfbf810c@meta.com> <20230513001757.75ae0d1b@rorschach.local.home> In-Reply-To: <20230513001757.75ae0d1b@rorschach.local.home> From: Ze Gao Date: Sat, 13 May 2023 17:19:32 +0800 Message-ID: Subject: Re: [PATCH] bpf: reject blacklisted symbols in kprobe_multi to avoid recursive trap To: Steven Rostedt Cc: Yonghong Song , Jiri Olsa , Song Liu , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Masami Hiramatsu , Ze Gao , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Exactly, and rethook_trampoline_handler suffers the same problem. And I've posted two patches for kprobe and rethook by using the notrace verison of preempt_ {disable, enable} to fix fprobe+rethook. [1] https://lore.kernel.org/all/20230513081656.375846-1-zegao@tencent.com/T= /#u [2] https://lore.kernel.org/all/20230513090548.376522-1-zegao@tencent.com/T= /#u Even worse, bpf callback introduces more such use cases, which is typically organized as follows to guard the lifetime of bpf related resources ( per-cpu access or trampoli= ne). migrate_disable() rcu_read_lock() ... bpf_prog_run() ... rcu_read_unlock() migrate_enable(). But this may need to introduce fprobe_blacklist and bpf_kprobe_blacklist to solve such bugs at all, just like what Jiri and Yonghong suggested. Since bpf kprobe works on a different (higher and constrained) level than fprobe and ftrace and we cannot blindly mark functions (migrate_disable, __rcu_read_lock, etc.) used in tracer callbacks from external subsystems in case of semantic breakage. And I will try to implement these ideas later. Thanks, Ze On Sat, May 13, 2023 at 12:18=E2=80=AFPM Steven Rostedt wrote: > > On Fri, 12 May 2023 07:29:02 -0700 > Yonghong Song wrote: > > > A fprobe_blacklist might make sense indeed as fprobe and kprobe are > > quite different... Thanks for working on this. > > Hmm, I think I see the problem: > > fprobe_kprobe_handler() { > kprobe_busy_begin() { > preempt_disable() { > preempt_count_add() { <-- trace > fprobe_kprobe_handler() { > [ wash, rinse, repeat, CRASH!!! ] > > Either the kprobe_busy_begin() needs to use preempt_disable_notrace() > versions, or fprobe_kprobe_handle() needs a > ftrace_test_recursion_trylock() call. > > -- Steve