Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp890835lqb; Wed, 17 Apr 2024 13:59:53 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUoRibPPCLtDABQmUge3xdQRMXLRNhVQOFt40RJ2VOQeyUar7Qndt30v96NJDe/s4R262U7ZR/fMv7J9x/7Vk5wWiyu46dMgzovR9hZ9Q== X-Google-Smtp-Source: AGHT+IGXbD0o3gSDaIAXVpwg3XUIOqU79wLX67AVAfEv6dHeE0A6eqMk01EFkOAOaffVzKCIy2k3 X-Received: by 2002:a05:6830:4db:b0:6eb:5c07:50c2 with SMTP id s27-20020a05683004db00b006eb5c0750c2mr692016otd.35.1713387593557; Wed, 17 Apr 2024 13:59:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713387593; cv=pass; d=google.com; s=arc-20160816; b=BbiasC/tPzvTsRpcpeXGtZvF6i1Sk18Gbvon0tykttT31d/0mQeIFSR6re4Qw7wHKW 1+hxrCVDSRA6pOX0CSdxtuvva58e+hnxQU+0QlehusifRJUApDEjD8855uUK+4w8vMzX efA41pwG3tj8iV0pquCNYCS0x/DDVD3r0swB12yU+UTB2Oa4uJy9+1CsaUCeZDCiBb9w wxOFiPighCGpsI4Z6gxA87IXz5xYd0MBYYPpPQRkS50K0MPcR21IYzDsyo3Brc40aWR+ S/W3AXCHmABtgGP9VclP1v/QOzebY6xDltVCE30G/cXboB4mesxV28ulyAo7g/M8xmy9 jEKw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=fDNs2lAb/wEUN4/qWDIUMylYz42jTjj2J6RPWnpJ84w=; fh=nOZKWt+WtHz5zV+3vlJBv6sENd0XvDFpFv4uEJ9QlAA=; b=QlMM0GxD370YcfdA2ipiaY4+dB3tYSOlMXBaLCrA8Hx2NANGyQPimEKpZpipe5Iu/1 suYyilxayP6DMyzr0IEcr9z4mKPSMumME6Ng+b8jBCRgJrlpNoofVN6FxeXRW3r+306F pxq66WDYKiynf+vQViMZGCHwb5G4+yWpJTX/SqOwkv/+Qo2bpwHLW/wjciN4CjKhjHSN y+wB0eRblJdOB++1KJx085U79wzNo5vdbXUegmnVMaLrD3HNEa1n4FzpzYTybF9Go75N d6a+PhJ41zG07GLLgHeW4aR9L8ZcxugErlnkeYiiq/mQIk7LJ7wEJRgSmHAP0kMUK1H0 0E6w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=L8mlIz8Q; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-149229-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-149229-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id v14-20020a63480e000000b005dc49c4dfc7si45922pga.471.2024.04.17.13.59.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 13:59:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-149229-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=L8mlIz8Q; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-149229-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-149229-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B9E652868E8 for ; Wed, 17 Apr 2024 20:57:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B3F194C63D; Wed, 17 Apr 2024 20:57:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="L8mlIz8Q" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2B104AEED; Wed, 17 Apr 2024 20:57:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713387444; cv=none; b=M+YU3n/GIzBta1J3Pno/aEC4xebINVo64Vo1Y6JyGA449/weVvwe08VbABNKb+SeyALAn0E/1q3OK0s0CLpAgPX1XmqRgB2tI8xauBo7rgvG3zwF5nvNX2WOIuQ3evFA5gyXkkn1MiNBBimaLg2TCjfzR6771csdApd6W1mZc0U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713387444; c=relaxed/simple; bh=VcB6i6Ur1pta/CV6umrp4BehU8p1LKSfcdMlGVuoIPQ=; h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References: Mime-Version:Content-Type; b=lqhjn5YFJPXZhQ9isCkxutL/P90OMqidCW3kjH0bWwYTJukSCxn8eZWuoTb8EJ2LwA9qknYPBW0g5qlHUn5zZjiZ5vrv3DMSrYIzavYzoB3rLhhDdxaj5ZOP+WbUOwjj4dUVK54A6xkYOZ0IR9kbbqEbHGtHNvCS9PoAARy6nFw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=L8mlIz8Q; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D748BC2BD11; Wed, 17 Apr 2024 20:57:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713387444; bh=VcB6i6Ur1pta/CV6umrp4BehU8p1LKSfcdMlGVuoIPQ=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=L8mlIz8QZ3ZJlvpDn6fBWS/hJtaWoyLtjZxN+O6z1UCJEwm1a8AEJrXpzUvx+F6Qy ZcFZQij1AKdwegs36KrD+mYrec/OapmZc3OaAttBaGHkJlU/gKlVB+pJp8tucgzUAm HfwzRD4oKYECXxdz0MfjK16WWg/UaBTRby0ZwS90ix7RFLzboB2JsgqoZ+ATYUTOHO f7jHZUgbMUWzeg1noZlT1ZstQYgX1k9TvzWlJxUUpXTXkqB4PaXLdCgFZecfa1oM2/ qp+RY1rrNH/Jt5FPODNp47uaJQHAQBlbqWWEmCalCpkulcW6uw6ELXiYvoK4tNmJkw YZv16qFvUDCog== Date: Thu, 18 Apr 2024 05:57:20 +0900 From: Masami Hiramatsu (Google) To: "Masami Hiramatsu (Google)" Cc: LKML , Linux trace kernel , Steven Rostedt , Andrii Nakryiko , Francis Laniel Subject: Re: [PATCH for-next v2] tracing/kprobes: Add symbol counting check when module loads Message-Id: <20240418055720.6226987c7e5cb1e2d8984942@kernel.org> In-Reply-To: <171338679446.616570.14456856697191949345.stgit@devnote2> References: <171338679446.616570.14456856697191949345.stgit@devnote2> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sorry, this is actually v3. (miss-configured...) Thanks, On Thu, 18 Apr 2024 05:46:34 +0900 "Masami Hiramatsu (Google)" wrote: > From: Masami Hiramatsu (Google) > > Currently, kprobe event checks whether the target symbol name is unique > or not, so that it does not put a probe on an unexpected place. But this > skips the check if the target is on a module because the module may not > be loaded. > > To fix this issue, this patch checks the number of probe target symbols > in a target module when the module is loaded. If the probe is not on the > unique name symbols in the module, it will be rejected at that point. > > Note that the symbol which has a unique name in the target module, > it will be accepted even if there are same-name symbols in the > kernel or other modules, > > Signed-off-by: Masami Hiramatsu (Google) > --- > Changes in v3: > - Update the patch description. > Updated from last October post, which was dropped by test failure: > https://lore.kernel.org/linux-trace-kernel/169854904604.132316.12500381416261460174.stgit@devnote2/ > Changes in v2: > - Fix to skip checking uniqueness if the target module is not loaded. > - Fix register_module_trace_kprobe() to pass correct symbol name. > - Fix to call __register_trace_kprobe() from module callback. > --- > kernel/trace/trace_kprobe.c | 125 ++++++++++++++++++++++++++++--------------- > 1 file changed, 81 insertions(+), 44 deletions(-) > > diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c > index c68d4e830fbe..0113afe2662d 100644 > --- a/kernel/trace/trace_kprobe.c > +++ b/kernel/trace/trace_kprobe.c > @@ -670,6 +670,21 @@ static int register_trace_kprobe(struct trace_kprobe *tk) > return ret; > } > > +static int validate_module_probe_symbol(const char *modname, const char *symbol); > + > +static int register_module_trace_kprobe(struct module *mod, struct trace_kprobe *tk) > +{ > + const char *p; > + int ret = 0; > + > + p = strchr(trace_kprobe_symbol(tk), ':'); > + if (p) > + ret = validate_module_probe_symbol(module_name(mod), p + 1); > + if (!ret) > + ret = __register_trace_kprobe(tk); > + return ret; > +} > + > /* Module notifier call back, checking event on the module */ > static int trace_kprobe_module_callback(struct notifier_block *nb, > unsigned long val, void *data) > @@ -688,7 +703,7 @@ static int trace_kprobe_module_callback(struct notifier_block *nb, > if (trace_kprobe_within_module(tk, mod)) { > /* Don't need to check busy - this should have gone. */ > __unregister_trace_kprobe(tk); > - ret = __register_trace_kprobe(tk); > + ret = register_module_trace_kprobe(mod, tk); > if (ret) > pr_warn("Failed to re-register probe %s on %s: %d\n", > trace_probe_name(&tk->tp), > @@ -729,17 +744,68 @@ static int count_mod_symbols(void *data, const char *name, unsigned long unused) > return 0; > } > > -static unsigned int number_of_same_symbols(char *func_name) > +static unsigned int number_of_same_symbols(const char *mod, const char *func_name) > { > struct sym_count_ctx ctx = { .count = 0, .name = func_name }; > > - kallsyms_on_each_match_symbol(count_symbols, func_name, &ctx.count); > + if (!mod) > + kallsyms_on_each_match_symbol(count_symbols, func_name, &ctx.count); > > - module_kallsyms_on_each_symbol(NULL, count_mod_symbols, &ctx); > + module_kallsyms_on_each_symbol(mod, count_mod_symbols, &ctx); > > return ctx.count; > } > > +static int validate_module_probe_symbol(const char *modname, const char *symbol) > +{ > + unsigned int count = number_of_same_symbols(modname, symbol); > + > + if (count > 1) { > + /* > + * Users should use ADDR to remove the ambiguity of > + * using KSYM only. > + */ > + return -EADDRNOTAVAIL; > + } else if (count == 0) { > + /* > + * We can return ENOENT earlier than when register the > + * kprobe. > + */ > + return -ENOENT; > + } > + return 0; > +} > + > +static int validate_probe_symbol(char *symbol) > +{ > + struct module *mod = NULL; > + char *modname = NULL, *p; > + int ret = 0; > + > + p = strchr(symbol, ':'); > + if (p) { > + modname = symbol; > + symbol = p + 1; > + *p = '\0'; > + /* Return 0 (defer) if the module does not exist yet. */ > + rcu_read_lock_sched(); > + mod = find_module(modname); > + if (mod && !try_module_get(mod)) > + mod = NULL; > + rcu_read_unlock_sched(); > + if (!mod) > + goto out; > + } > + > + ret = validate_module_probe_symbol(modname, symbol); > +out: > + if (p) > + *p = ':'; > + if (mod) > + module_put(mod); > + return ret; > +} > + > static int trace_kprobe_entry_handler(struct kretprobe_instance *ri, > struct pt_regs *regs); > > @@ -863,6 +929,14 @@ static int __trace_kprobe_create(int argc, const char *argv[]) > trace_probe_log_err(0, BAD_PROBE_ADDR); > goto parse_error; > } > + ret = validate_probe_symbol(symbol); > + if (ret) { > + if (ret == -EADDRNOTAVAIL) > + trace_probe_log_err(0, NON_UNIQ_SYMBOL); > + else > + trace_probe_log_err(0, BAD_PROBE_ADDR); > + goto parse_error; > + } > if (is_return) > ctx.flags |= TPARG_FL_RETURN; > ret = kprobe_on_func_entry(NULL, symbol, offset); > @@ -875,31 +949,6 @@ static int __trace_kprobe_create(int argc, const char *argv[]) > } > } > > - if (symbol && !strchr(symbol, ':')) { > - unsigned int count; > - > - count = number_of_same_symbols(symbol); > - if (count > 1) { > - /* > - * Users should use ADDR to remove the ambiguity of > - * using KSYM only. > - */ > - trace_probe_log_err(0, NON_UNIQ_SYMBOL); > - ret = -EADDRNOTAVAIL; > - > - goto error; > - } else if (count == 0) { > - /* > - * We can return ENOENT earlier than when register the > - * kprobe. > - */ > - trace_probe_log_err(0, BAD_PROBE_ADDR); > - ret = -ENOENT; > - > - goto error; > - } > - } > - > trace_probe_log_set_index(0); > if (event) { > ret = traceprobe_parse_event_name(&event, &group, gbuf, > @@ -1817,21 +1866,9 @@ create_local_trace_kprobe(char *func, void *addr, unsigned long offs, > char *event; > > if (func) { > - unsigned int count; > - > - count = number_of_same_symbols(func); > - if (count > 1) > - /* > - * Users should use addr to remove the ambiguity of > - * using func only. > - */ > - return ERR_PTR(-EADDRNOTAVAIL); > - else if (count == 0) > - /* > - * We can return ENOENT earlier than when register the > - * kprobe. > - */ > - return ERR_PTR(-ENOENT); > + ret = validate_probe_symbol(func); > + if (ret) > + return ERR_PTR(ret); > } > > /* > -- Masami Hiramatsu (Google)