[PATCH] kprobes: bugfix: force unoptimize when disable kprobes.

[PATCH] kprobes: bugfix: force unoptimize when disable kprobes.

[Wang Nan]

Original code failed to disarm the probed instruction after

echo 0 > /sys/kernel/debug/kprobes/enabled

if OPTPROBE is enabled.

This is caused by a piece of logically inconsistent code:

	unoptimize_kprobe(p, false);
	if (!kprobe_queued(p)) {
		...
	}

unoptimize_kprobe() with 'force' == false queues p onto
unoptimizing_list, so following kprobe_queued() check always fail unless
another core schedules optimizer and does the unoptimization very soon.
This logic causes arch_disarm_kprobe() failed to get execute, lefts a
breakpoint at the probed address, instead of restoring it.

This patch uses force unoptimize instead.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 kernel/kprobes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index b185464..9fbe0c3 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -869,7 +869,7 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
 {
 	struct kprobe *_p;
 
-	unoptimize_kprobe(p, false);	/* Try to unoptimize */
+	unoptimize_kprobe(p, true);	/* Try to unoptimize */
 
 	if (!kprobe_queued(p)) {
 		arch_disarm_kprobe(p);
-- 
1.8.4

[PATCH] kprobes: bugfix: force unoptimize when disable kprobes.

[Wang Nan]

Original code failed to disarm the probed instruction after

echo 0 > /sys/kernel/debug/kprobes/enabled

if OPTPROBE is enabled.

This is caused by a piece of logically inconsistent code:

	unoptimize_kprobe(p, false);
	if (!kprobe_queued(p)) {
		...
	}

unoptimize_kprobe() with 'force' == false queues p onto
unoptimizing_list, so following kprobe_queued() check always fail unless
another core schedules optimizer and does the unoptimization very soon.
This logic causes arch_disarm_kprobe() failed to get execute, lefts a
breakpoint at the probed address, instead of restoring it.

This patch uses force unoptimize instead.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 kernel/kprobes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index b185464..9fbe0c3 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -869,7 +869,7 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
 {
 	struct kprobe *_p;
 
-	unoptimize_kprobe(p, false);	/* Try to unoptimize */
+	unoptimize_kprobe(p, true);	/* Try to unoptimize */
 
 	if (!kprobe_queued(p)) {
 		arch_disarm_kprobe(p);
-- 
1.8.4

Re: [PATCH] kprobes: bugfix: force unoptimize when disable kprobes.

[Masami Hiramatsu]

(2015/01/05 21:32), Wang Nan wrote:
> Original code failed to disarm the probed instruction after
> 
> echo 0 > /sys/kernel/debug/kprobes/enabled
> 
> if OPTPROBE is enabled.
> 
> This is caused by a piece of logically inconsistent code:
> 
> 	unoptimize_kprobe(p, false);
> 	if (!kprobe_queued(p)) {
> 		...
> 	}
> 
> unoptimize_kprobe() with 'force' == false queues p onto
> unoptimizing_list, so following kprobe_queued() check always fail unless
> another core schedules optimizer and does the unoptimization very soon.
> This logic causes arch_disarm_kprobe() failed to get execute, lefts a
> breakpoint at the probed address, instead of restoring it.

No, the root cause of this failure comes from the lack of checking
kprobes_all_disarmed in unoptimized_kprobe(). It should check the flag
and return soon if it is set.

So, I Nak this patch.

> 
> This patch uses force unoptimize instead.
> 
> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> ---
>  kernel/kprobes.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index b185464..9fbe0c3 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -869,7 +869,7 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
>  {
>  	struct kprobe *_p;
>  
> -	unoptimize_kprobe(p, false);	/* Try to unoptimize */
> +	unoptimize_kprobe(p, true);	/* Try to unoptimize */
>  
>  	if (!kprobe_queued(p)) {
>  		arch_disarm_kprobe(p);
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com

[PATCH] kprobes: bugfix: force unoptimize when disable kprobes.

[Masami Hiramatsu]

(2015/01/05 21:32), Wang Nan wrote:
> Original code failed to disarm the probed instruction after
> 
> echo 0 > /sys/kernel/debug/kprobes/enabled
> 
> if OPTPROBE is enabled.
> 
> This is caused by a piece of logically inconsistent code:
> 
> 	unoptimize_kprobe(p, false);
> 	if (!kprobe_queued(p)) {
> 		...
> 	}
> 
> unoptimize_kprobe() with 'force' == false queues p onto
> unoptimizing_list, so following kprobe_queued() check always fail unless
> another core schedules optimizer and does the unoptimization very soon.
> This logic causes arch_disarm_kprobe() failed to get execute, lefts a
> breakpoint at the probed address, instead of restoring it.

No, the root cause of this failure comes from the lack of checking
kprobes_all_disarmed in unoptimized_kprobe(). It should check the flag
and return soon if it is set.

So, I Nak this patch.

> 
> This patch uses force unoptimize instead.
> 
> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> ---
>  kernel/kprobes.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index b185464..9fbe0c3 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -869,7 +869,7 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
>  {
>  	struct kprobe *_p;
>  
> -	unoptimize_kprobe(p, false);	/* Try to unoptimize */
> +	unoptimize_kprobe(p, true);	/* Try to unoptimize */
>  
>  	if (!kprobe_queued(p)) {
>  		arch_disarm_kprobe(p);
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt at hitachi.com

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

Original code failed to disarm the probed instruction after

echo 0 > /sys/kernel/debug/kprobes/enabled

if OPTPROBE is enabled.

This patch checks kprobes_all_disarmed in unoptimized_kprobe().

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 kernel/kprobes.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 9471710..f16936b 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
 {
 	struct optimized_kprobe *op;
 
+	if (kprobes_all_disarmed)
+		return;
+
 	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
 		return; /* This is not an optprobe nor optimized */
 
-- 
1.8.4

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

Original code failed to disarm the probed instruction after

echo 0 > /sys/kernel/debug/kprobes/enabled

if OPTPROBE is enabled.

This patch checks kprobes_all_disarmed in unoptimized_kprobe().

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 kernel/kprobes.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 9471710..f16936b 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
 {
 	struct optimized_kprobe *op;
 
+	if (kprobes_all_disarmed)
+		return;
+
 	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
 		return; /* This is not an optprobe nor optimized */
 
-- 
1.8.4

Re: [PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Masami Hiramatsu]

(2015/01/12 21:09), Wang Nan wrote:
> Original code failed to disarm the probed instruction after
> 
> echo 0 > /sys/kernel/debug/kprobes/enabled
> 
> if OPTPROBE is enabled.
> 
> This patch checks kprobes_all_disarmed in unoptimized_kprobe().
> 

Looks good :)

Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>

Thank you!

> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> ---
>  kernel/kprobes.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 9471710..f16936b 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
>  {
>  	struct optimized_kprobe *op;
>  
> +	if (kprobes_all_disarmed)
> +		return;
> +
>  	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
>  		return; /* This is not an optprobe nor optimized */
>  
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Masami Hiramatsu]

(2015/01/12 21:09), Wang Nan wrote:
> Original code failed to disarm the probed instruction after
> 
> echo 0 > /sys/kernel/debug/kprobes/enabled
> 
> if OPTPROBE is enabled.
> 
> This patch checks kprobes_all_disarmed in unoptimized_kprobe().
> 

Looks good :)

Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>

Thank you!

> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> ---
>  kernel/kprobes.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 9471710..f16936b 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
>  {
>  	struct optimized_kprobe *op;
>  
> +	if (kprobes_all_disarmed)
> +		return;
> +
>  	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
>  		return; /* This is not an optprobe nor optimized */
>  
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt at hitachi.com

Re: [PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

Hi Masami Hiramatsu,

I can't find this patch and '[PATCH] kprobes: bugfix: checks kprobes_all_disarmed
in unoptimized_kprobe().' in current mainline. How do these patches get there?
Should they be merged into Russell King's tree first?

Thank you!

On 2015/1/12 20:52, Masami Hiramatsu wrote:
> (2015/01/12 21:09), Wang Nan wrote:
>> Original code failed to disarm the probed instruction after
>>
>> echo 0 > /sys/kernel/debug/kprobes/enabled
>>
>> if OPTPROBE is enabled.
>>
>> This patch checks kprobes_all_disarmed in unoptimized_kprobe().
>>
> 
> Looks good :)
> 
> Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
> 
> Thank you!
> 
>> Signed-off-by: Wang Nan <wangnan0@huawei.com>
>> ---
>>  kernel/kprobes.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
>> index 9471710..f16936b 100644
>> --- a/kernel/kprobes.c
>> +++ b/kernel/kprobes.c
>> @@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
>>  {
>>  	struct optimized_kprobe *op;
>>  
>> +	if (kprobes_all_disarmed)
>> +		return;
>> +
>>  	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
>>  		return; /* This is not an optprobe nor optimized */
>>  
>>
> 
> 

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

Hi Masami Hiramatsu,

I can't find this patch and '[PATCH] kprobes: bugfix: checks kprobes_all_disarmed
in unoptimized_kprobe().' in current mainline. How do these patches get there?
Should they be merged into Russell King's tree first?

Thank you!

On 2015/1/12 20:52, Masami Hiramatsu wrote:
> (2015/01/12 21:09), Wang Nan wrote:
>> Original code failed to disarm the probed instruction after
>>
>> echo 0 > /sys/kernel/debug/kprobes/enabled
>>
>> if OPTPROBE is enabled.
>>
>> This patch checks kprobes_all_disarmed in unoptimized_kprobe().
>>
> 
> Looks good :)
> 
> Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
> 
> Thank you!
> 
>> Signed-off-by: Wang Nan <wangnan0@huawei.com>
>> ---
>>  kernel/kprobes.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
>> index 9471710..f16936b 100644
>> --- a/kernel/kprobes.c
>> +++ b/kernel/kprobes.c
>> @@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
>>  {
>>  	struct optimized_kprobe *op;
>>  
>> +	if (kprobes_all_disarmed)
>> +		return;
>> +
>>  	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
>>  		return; /* This is not an optprobe nor optimized */
>>  
>>
> 
> 

Re: [PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Masami Hiramatsu]

Hi Wang,

I've found a problem on this patch, since kprobes calls unoptioize_kprobe
with kprobes_all_disarmed=true when trying to disable all kprobes, this
cause a serious problem.

Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
Could you test it again?

Unless I could reproduce this bug, I'd like to keep this uncommitted.

Thank you,

(2015/01/19 12:04), Wang Nan wrote:
> Hi Masami Hiramatsu,
> 
> I can't find this patch and '[PATCH] kprobes: bugfix: checks kprobes_all_disarmed
> in unoptimized_kprobe().' in current mainline. How do these patches get there?
> Should they be merged into Russell King's tree first?
> 
> Thank you!
> 
> On 2015/1/12 20:52, Masami Hiramatsu wrote:
>> (2015/01/12 21:09), Wang Nan wrote:
>>> Original code failed to disarm the probed instruction after
>>>
>>> echo 0 > /sys/kernel/debug/kprobes/enabled
>>>
>>> if OPTPROBE is enabled.
>>>
>>> This patch checks kprobes_all_disarmed in unoptimized_kprobe().
>>>
>>
>> Looks good :)
>>
>> Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
>>
>> Thank you!
>>
>>> Signed-off-by: Wang Nan <wangnan0@huawei.com>
>>> ---
>>>  kernel/kprobes.c | 3 +++
>>>  1 file changed, 3 insertions(+)
>>>
>>> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
>>> index 9471710..f16936b 100644
>>> --- a/kernel/kprobes.c
>>> +++ b/kernel/kprobes.c
>>> @@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
>>>  {
>>>  	struct optimized_kprobe *op;
>>>  
>>> +	if (kprobes_all_disarmed)
>>> +		return;
>>> +
>>>  	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
>>>  		return; /* This is not an optprobe nor optimized */
>>>  
>>>
>>
>>
> 
> 
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Masami Hiramatsu]

Hi Wang,

I've found a problem on this patch, since kprobes calls unoptioize_kprobe
with kprobes_all_disarmed=true when trying to disable all kprobes, this
cause a serious problem.

Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
Could you test it again?

Unless I could reproduce this bug, I'd like to keep this uncommitted.

Thank you,

(2015/01/19 12:04), Wang Nan wrote:
> Hi Masami Hiramatsu,
> 
> I can't find this patch and '[PATCH] kprobes: bugfix: checks kprobes_all_disarmed
> in unoptimized_kprobe().' in current mainline. How do these patches get there?
> Should they be merged into Russell King's tree first?
> 
> Thank you!
> 
> On 2015/1/12 20:52, Masami Hiramatsu wrote:
>> (2015/01/12 21:09), Wang Nan wrote:
>>> Original code failed to disarm the probed instruction after
>>>
>>> echo 0 > /sys/kernel/debug/kprobes/enabled
>>>
>>> if OPTPROBE is enabled.
>>>
>>> This patch checks kprobes_all_disarmed in unoptimized_kprobe().
>>>
>>
>> Looks good :)
>>
>> Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
>>
>> Thank you!
>>
>>> Signed-off-by: Wang Nan <wangnan0@huawei.com>
>>> ---
>>>  kernel/kprobes.c | 3 +++
>>>  1 file changed, 3 insertions(+)
>>>
>>> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
>>> index 9471710..f16936b 100644
>>> --- a/kernel/kprobes.c
>>> +++ b/kernel/kprobes.c
>>> @@ -630,6 +630,9 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
>>>  {
>>>  	struct optimized_kprobe *op;
>>>  
>>> +	if (kprobes_all_disarmed)
>>> +		return;
>>> +
>>>  	if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
>>>  		return; /* This is not an optprobe nor optimized */
>>>  
>>>
>>
>>
> 
> 
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt at hitachi.com

Re: [PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

On 2015/1/19 17:05, Masami Hiramatsu wrote:
> Hi Wang,
> 
> I've found a problem on this patch, since kprobes calls unoptioize_kprobe
> with kprobes_all_disarmed=true when trying to disable all kprobes, this
> cause a serious problem.
> 
> Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
> Could you test it again?
> 

I tested it again based on 3.19-rc5 and found that the problem still exists.
My testing is based on QEMU.

First I tested my kprobeopt for ARM, then on x86_64. The test results are pasted
at the bottom of this mail. Commands after 'gdb attaches to QEMU' is my actions
on a gdb console attached to QEMU; commands after 'inside virtual machine' is
what I do in Linux run under QEMU.



** ARM result **

------ gdb attaches to QEMU -------
(gdb) x/3i sys_open
   0xc013619c <SyS_open>:	mov	r12, sp          <--- *original insn*
   0xc01361a0 <SyS_open+4>:	push	{r11, r12, lr, pc}
   0xc01361a4 <SyS_open+8>:	sub	r11, r12, #4

------ inside virtual machine -------
# echo 'p:myprobe sys_open' > /sys/kernel/debug/tracing/kprobe_events
# echo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable

------ gdb attaches to QEMU -------
cpu_v7_do_idle () at /home/w00229757/kernel-hydrogen/arch/arm/mm/proc-v7.S:74
74		ret	lr
(gdb) x/3i sys_open
   0xc013619c <SyS_open>:	b	0xbf000000        <--- *optimized*
   0xc01361a0 <SyS_open+4>:	push	{r11, r12, lr, pc}
   0xc01361a4 <SyS_open+8>:	sub	r11, r12, #4
(gdb) c

------ inside virtual machine -------
# echo 0 > /sys/kernel/debug/kprobes/enabled

------ gdb attaches to QEMU -------
cpu_v7_do_idle () at /home/w00229757/kernel-hydrogen/arch/arm/mm/proc-v7.S:74
74		ret	lr
(gdb) x/3i sys_open
   0xc013619c <SyS_open>:			; <UNDEFINED> instruction: 0xe7f001f8    <--- *BREAKPOINT*
   0xc01361a0 <SyS_open+4>:	push	{r11, r12, lr, pc}
   0xc01361a4 <SyS_open+8>:	sub	r11, r12, #4
(gdb) c



** x86_64 result **

------ gdb attaches to QEMU -------
(gdb) x/10i sys_open
   0xffffffff81184fe0 <SyS_open>:	data32 data32 data32 xchg %ax,%ax
   0xffffffff81184fe5 <SyS_open+5>:	push   %rbp
   0xffffffff81184fe6 <SyS_open+6>:	movzwl %dx,%ecx
   0xffffffff81184fe9 <SyS_open+9>:	mov    %esi,%edx
   0xffffffff81184feb <SyS_open+11>:	mov    %rsp,%rbp
   0xffffffff81184fee <SyS_open+14>:	mov    %rdi,%rsi
   0xffffffff81184ff1 <SyS_open+17>:	or     $0x80,%dh
   0xffffffff81184ff4 <SyS_open+20>:	mov    $0xffffff9c,%edi
   0xffffffff81184ff9 <SyS_open+25>:	callq  0xffffffff81184da0 <do_sys_open>
   0xffffffff81184ffe <SyS_open+30>:	pop    %rbp
(gdb) c
Continuing


------ inside virtual machine -------
# echo 'p:myprobe sys_open+20' > /sys/kernel/debug/tracing/kprobe_events
# echo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable

------ gdb attaches to QEMU -------
(gdb) x/10i sys_open
   0xffffffff81184fe0 <SyS_open>:	data32 data32 data32 xchg %ax,%ax
   0xffffffff81184fe5 <SyS_open+5>:	push   %rbp
   0xffffffff81184fe6 <SyS_open+6>:	movzwl %dx,%ecx
   0xffffffff81184fe9 <SyS_open+9>:	mov    %esi,%edx
   0xffffffff81184feb <SyS_open+11>:	mov    %rsp,%rbp
   0xffffffff81184fee <SyS_open+14>:	mov    %rdi,%rsi
   0xffffffff81184ff1 <SyS_open+17>:	or     $0x80,%dh
   0xffffffff81184ff4 <SyS_open+20>:	jmpq   0xffffffffa0002000         <--- *optimized*
   0xffffffff81184ff9 <SyS_open+25>:	callq  0xffffffff81184da0 <do_sys_open>
   0xffffffff81184ffe <SyS_open+30>:	pop    %rbp
(gdb) c
Continuing.

------ inside virtual machine -------
# echo 0 > /sys/kernel/debug/kprobes/enabled

------ gdb attaches to QEMU -------
(gdb) x/10i sys_open
   0xffffffff81184fe0 <SyS_open>:	data32 data32 data32 xchg %ax,%ax
   0xffffffff81184fe5 <SyS_open+5>:	push   %rbp
   0xffffffff81184fe6 <SyS_open+6>:	movzwl %dx,%ecx
   0xffffffff81184fe9 <SyS_open+9>:	mov    %esi,%edx
   0xffffffff81184feb <SyS_open+11>:	mov    %rsp,%rbp
   0xffffffff81184fee <SyS_open+14>:	mov    %rdi,%rsi
   0xffffffff81184ff1 <SyS_open+17>:	or     $0x80,%dh
   0xffffffff81184ff4 <SyS_open+20>:	int3          <-- **BREAKPOINT**
   0xffffffff81184ff5 <SyS_open+21>:	pushfq
   0xffffffff81184ff6 <SyS_open+22>:	(bad)
(gdb)

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

On 2015/1/19 17:05, Masami Hiramatsu wrote:
> Hi Wang,
> 
> I've found a problem on this patch, since kprobes calls unoptioize_kprobe
> with kprobes_all_disarmed=true when trying to disable all kprobes, this
> cause a serious problem.
> 
> Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
> Could you test it again?
> 

I tested it again based on 3.19-rc5 and found that the problem still exists.
My testing is based on QEMU.

First I tested my kprobeopt for ARM, then on x86_64. The test results are pasted
at the bottom of this mail. Commands after 'gdb attaches to QEMU' is my actions
on a gdb console attached to QEMU; commands after 'inside virtual machine' is
what I do in Linux run under QEMU.



** ARM result **

------ gdb attaches to QEMU -------
(gdb) x/3i sys_open
   0xc013619c <SyS_open>:	mov	r12, sp          <--- *original insn*
   0xc01361a0 <SyS_open+4>:	push	{r11, r12, lr, pc}
   0xc01361a4 <SyS_open+8>:	sub	r11, r12, #4

------ inside virtual machine -------
# echo 'p:myprobe sys_open' > /sys/kernel/debug/tracing/kprobe_events
# echo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable

------ gdb attaches to QEMU -------
cpu_v7_do_idle () at /home/w00229757/kernel-hydrogen/arch/arm/mm/proc-v7.S:74
74		ret	lr
(gdb) x/3i sys_open
   0xc013619c <SyS_open>:	b	0xbf000000        <--- *optimized*
   0xc01361a0 <SyS_open+4>:	push	{r11, r12, lr, pc}
   0xc01361a4 <SyS_open+8>:	sub	r11, r12, #4
(gdb) c

------ inside virtual machine -------
# echo 0 > /sys/kernel/debug/kprobes/enabled

------ gdb attaches to QEMU -------
cpu_v7_do_idle () at /home/w00229757/kernel-hydrogen/arch/arm/mm/proc-v7.S:74
74		ret	lr
(gdb) x/3i sys_open
   0xc013619c <SyS_open>:			; <UNDEFINED> instruction: 0xe7f001f8    <--- *BREAKPOINT*
   0xc01361a0 <SyS_open+4>:	push	{r11, r12, lr, pc}
   0xc01361a4 <SyS_open+8>:	sub	r11, r12, #4
(gdb) c



** x86_64 result **

------ gdb attaches to QEMU -------
(gdb) x/10i sys_open
   0xffffffff81184fe0 <SyS_open>:	data32 data32 data32 xchg %ax,%ax
   0xffffffff81184fe5 <SyS_open+5>:	push   %rbp
   0xffffffff81184fe6 <SyS_open+6>:	movzwl %dx,%ecx
   0xffffffff81184fe9 <SyS_open+9>:	mov    %esi,%edx
   0xffffffff81184feb <SyS_open+11>:	mov    %rsp,%rbp
   0xffffffff81184fee <SyS_open+14>:	mov    %rdi,%rsi
   0xffffffff81184ff1 <SyS_open+17>:	or     $0x80,%dh
   0xffffffff81184ff4 <SyS_open+20>:	mov    $0xffffff9c,%edi
   0xffffffff81184ff9 <SyS_open+25>:	callq  0xffffffff81184da0 <do_sys_open>
   0xffffffff81184ffe <SyS_open+30>:	pop    %rbp
(gdb) c
Continuing


------ inside virtual machine -------
# echo 'p:myprobe sys_open+20' > /sys/kernel/debug/tracing/kprobe_events
# echo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable

------ gdb attaches to QEMU -------
(gdb) x/10i sys_open
   0xffffffff81184fe0 <SyS_open>:	data32 data32 data32 xchg %ax,%ax
   0xffffffff81184fe5 <SyS_open+5>:	push   %rbp
   0xffffffff81184fe6 <SyS_open+6>:	movzwl %dx,%ecx
   0xffffffff81184fe9 <SyS_open+9>:	mov    %esi,%edx
   0xffffffff81184feb <SyS_open+11>:	mov    %rsp,%rbp
   0xffffffff81184fee <SyS_open+14>:	mov    %rdi,%rsi
   0xffffffff81184ff1 <SyS_open+17>:	or     $0x80,%dh
   0xffffffff81184ff4 <SyS_open+20>:	jmpq   0xffffffffa0002000         <--- *optimized*
   0xffffffff81184ff9 <SyS_open+25>:	callq  0xffffffff81184da0 <do_sys_open>
   0xffffffff81184ffe <SyS_open+30>:	pop    %rbp
(gdb) c
Continuing.

------ inside virtual machine -------
# echo 0 > /sys/kernel/debug/kprobes/enabled

------ gdb attaches to QEMU -------
(gdb) x/10i sys_open
   0xffffffff81184fe0 <SyS_open>:	data32 data32 data32 xchg %ax,%ax
   0xffffffff81184fe5 <SyS_open+5>:	push   %rbp
   0xffffffff81184fe6 <SyS_open+6>:	movzwl %dx,%ecx
   0xffffffff81184fe9 <SyS_open+9>:	mov    %esi,%edx
   0xffffffff81184feb <SyS_open+11>:	mov    %rsp,%rbp
   0xffffffff81184fee <SyS_open+14>:	mov    %rdi,%rsi
   0xffffffff81184ff1 <SyS_open+17>:	or     $0x80,%dh
   0xffffffff81184ff4 <SyS_open+20>:	int3          <-- **BREAKPOINT**
   0xffffffff81184ff5 <SyS_open+21>:	pushfq
   0xffffffff81184ff6 <SyS_open+22>:	(bad)
(gdb)

Re: [PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Masami Hiramatsu]

(2015/01/19 20:21), Wang Nan wrote:
> On 2015/1/19 17:05, Masami Hiramatsu wrote:
>> Hi Wang,
>>
>> I've found a problem on this patch, since kprobes calls unoptioize_kprobe
>> with kprobes_all_disarmed=true when trying to disable all kprobes, this
>> cause a serious problem.
>>
>> Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
>> Could you test it again?
>>
> 
> I tested it again based on 3.19-rc5 and found that the problem still exists.
> My testing is based on QEMU.
> 
> First I tested my kprobeopt for ARM, then on x86_64. The test results are pasted
> at the bottom of this mail. Commands after 'gdb attaches to QEMU' is my actions
> on a gdb console attached to QEMU; commands after 'inside virtual machine' is
> what I do in Linux run under QEMU.

Thank you for the reporting.
So, now I know what happened, the problem is "debugfs/kprobes/enabled doesn't work
correctly on optimized kprobes". Please make update the patch description.

I also reproduced the bug without gdb.
Here is the log.

----
[root@localhost ~]# cd /sys/kernel/debug/tracing/
[root@localhost tracing]# echo p do_fork+5 > kprobe_events	# setup new event
[root@localhost tracing]# echo $$ > set_ftrace_pid		# trace only this process
[root@localhost tracing]# echo 1 > events/kprobes/p_do_fork_5/enable	# enable it
[root@localhost tracing]# cat trace				# check the trace data
# tracer: nop
#
# entries-in-buffer/entries-written: 1/1   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-3883  [006] d...   279.799023: p_do_fork_5: (do_fork+0x5/0x360) # OK, now tracing
[root@localhost tracing]# cat ../kprobes/list
ffffffff810bc1c5  k  do_fork+0x5    [OPTIMIZED]			# and it is actually optimized
[root@localhost tracing]# echo 0 > ../kprobes/enabled		# disable *ALL* kprobes
[root@localhost tracing]# echo > trace				# clear events
[root@localhost tracing]# cat trace				# this should show empty buffer
# tracer: nop
#
# entries-in-buffer/entries-written: 1/1   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)  # But still tracing!
[root@localhost tracing]# cat trace				# Check again
# tracer: nop
#
# entries-in-buffer/entries-written: 2/2   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)
            bash-3883  [006] d...   345.592178: p_do_fork_5: (do_fork+0x5/0x360) # We are tracing!!

So, after global disabling kprobes, ALL kprobes event should be disabled, but not.

OK, I think your first patch is better than the second one, but not enough.
What we should do is use kprobes_all_disarmed for force option like below.

	unoptimize_kprobe(p, kprobes_all_disarmed);    /* Try to unoptimize */

We also would better to check the flag in unregistering path for skipping unneeded
disarming process when kprobes globally disarmed.

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Masami Hiramatsu]

(2015/01/19 20:21), Wang Nan wrote:
> On 2015/1/19 17:05, Masami Hiramatsu wrote:
>> Hi Wang,
>>
>> I've found a problem on this patch, since kprobes calls unoptioize_kprobe
>> with kprobes_all_disarmed=true when trying to disable all kprobes, this
>> cause a serious problem.
>>
>> Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
>> Could you test it again?
>>
> 
> I tested it again based on 3.19-rc5 and found that the problem still exists.
> My testing is based on QEMU.
> 
> First I tested my kprobeopt for ARM, then on x86_64. The test results are pasted
> at the bottom of this mail. Commands after 'gdb attaches to QEMU' is my actions
> on a gdb console attached to QEMU; commands after 'inside virtual machine' is
> what I do in Linux run under QEMU.

Thank you for the reporting.
So, now I know what happened, the problem is "debugfs/kprobes/enabled doesn't work
correctly on optimized kprobes". Please make update the patch description.

I also reproduced the bug without gdb.
Here is the log.

----
[root at localhost ~]# cd /sys/kernel/debug/tracing/
[root at localhost tracing]# echo p do_fork+5 > kprobe_events	# setup new event
[root at localhost tracing]# echo $$ > set_ftrace_pid		# trace only this process
[root at localhost tracing]# echo 1 > events/kprobes/p_do_fork_5/enable	# enable it
[root at localhost tracing]# cat trace				# check the trace data
# tracer: nop
#
# entries-in-buffer/entries-written: 1/1   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-3883  [006] d...   279.799023: p_do_fork_5: (do_fork+0x5/0x360) # OK, now tracing
[root at localhost tracing]# cat ../kprobes/list
ffffffff810bc1c5  k  do_fork+0x5    [OPTIMIZED]			# and it is actually optimized
[root at localhost tracing]# echo 0 > ../kprobes/enabled		# disable *ALL* kprobes
[root at localhost tracing]# echo > trace				# clear events
[root at localhost tracing]# cat trace				# this should show empty buffer
# tracer: nop
#
# entries-in-buffer/entries-written: 1/1   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)  # But still tracing!
[root at localhost tracing]# cat trace				# Check again
# tracer: nop
#
# entries-in-buffer/entries-written: 2/2   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)
            bash-3883  [006] d...   345.592178: p_do_fork_5: (do_fork+0x5/0x360) # We are tracing!!

So, after global disabling kprobes, ALL kprobes event should be disabled, but not.

OK, I think your first patch is better than the second one, but not enough.
What we should do is use kprobes_all_disarmed for force option like below.

	unoptimize_kprobe(p, kprobes_all_disarmed);    /* Try to unoptimize */

We also would better to check the flag in unregistering path for skipping unneeded
disarming process when kprobes globally disarmed.

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt at hitachi.com

Re: [PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

On 2015/1/19 20:45, Masami Hiramatsu wrote:
> (2015/01/19 20:21), Wang Nan wrote:
>> On 2015/1/19 17:05, Masami Hiramatsu wrote:
>>> Hi Wang,
>>>
>>> I've found a problem on this patch, since kprobes calls unoptioize_kprobe
>>> with kprobes_all_disarmed=true when trying to disable all kprobes, this
>>> cause a serious problem.
>>>
>>> Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
>>> Could you test it again?
>>>
>>
>> I tested it again based on 3.19-rc5 and found that the problem still exists.
>> My testing is based on QEMU.
>>
>> First I tested my kprobeopt for ARM, then on x86_64. The test results are pasted
>> at the bottom of this mail. Commands after 'gdb attaches to QEMU' is my actions
>> on a gdb console attached to QEMU; commands after 'inside virtual machine' is
>> what I do in Linux run under QEMU.
> 
> Thank you for the reporting.
> So, now I know what happened, the problem is "debugfs/kprobes/enabled doesn't work
> correctly on optimized kprobes". Please make update the patch description.
> 
> I also reproduced the bug without gdb.
> Here is the log.
> 
> ----
> [root@localhost ~]# cd /sys/kernel/debug/tracing/
> [root@localhost tracing]# echo p do_fork+5 > kprobe_events	# setup new event
> [root@localhost tracing]# echo $$ > set_ftrace_pid		# trace only this process
> [root@localhost tracing]# echo 1 > events/kprobes/p_do_fork_5/enable	# enable it
> [root@localhost tracing]# cat trace				# check the trace data
> # tracer: nop
> #
> # entries-in-buffer/entries-written: 1/1   #P:8
> #
> #                              _-----=> irqs-off
> #                             / _----=> need-resched
> #                            | / _---=> hardirq/softirq
> #                            || / _--=> preempt-depth
> #                            ||| /     delay
> #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
> #              | |       |   ||||       |         |
>             bash-3883  [006] d...   279.799023: p_do_fork_5: (do_fork+0x5/0x360) # OK, now tracing
> [root@localhost tracing]# cat ../kprobes/list
> ffffffff810bc1c5  k  do_fork+0x5    [OPTIMIZED]			# and it is actually optimized
> [root@localhost tracing]# echo 0 > ../kprobes/enabled		# disable *ALL* kprobes
> [root@localhost tracing]# echo > trace				# clear events
> [root@localhost tracing]# cat trace				# this should show empty buffer
> # tracer: nop
> #
> # entries-in-buffer/entries-written: 1/1   #P:8
> #
> #                              _-----=> irqs-off
> #                             / _----=> need-resched
> #                            | / _---=> hardirq/softirq
> #                            || / _--=> preempt-depth
> #                            ||| /     delay
> #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
> #              | |       |   ||||       |         |
>             bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)  # But still tracing!
> [root@localhost tracing]# cat trace				# Check again
> # tracer: nop
> #
> # entries-in-buffer/entries-written: 2/2   #P:8
> #
> #                              _-----=> irqs-off
> #                             / _----=> need-resched
> #                            | / _---=> hardirq/softirq
> #                            || / _--=> preempt-depth
> #                            ||| /     delay
> #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
> #              | |       |   ||||       |         |
>             bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)
>             bash-3883  [006] d...   345.592178: p_do_fork_5: (do_fork+0x5/0x360) # We are tracing!!
> 
> So, after global disabling kprobes, ALL kprobes event should be disabled, but not.
> 
> OK, I think your first patch is better than the second one, but not enough.
> What we should do is use kprobes_all_disarmed for force option like below.
> 
> 	unoptimize_kprobe(p, kprobes_all_disarmed);    /* Try to unoptimize */
> 
> We also would better to check the flag in unregistering path for skipping unneeded
> disarming process when kprobes globally disarmed.
> 
> Thank you,
> 

Thanks to your quick reply. I'll post an improved v1 patch tomorrow.

[PATCH] kprobes: bugfix: checks kprobes_all_disarmed in unoptimized_kprobe().

[Wang Nan]

On 2015/1/19 20:45, Masami Hiramatsu wrote:
> (2015/01/19 20:21), Wang Nan wrote:
>> On 2015/1/19 17:05, Masami Hiramatsu wrote:
>>> Hi Wang,
>>>
>>> I've found a problem on this patch, since kprobes calls unoptioize_kprobe
>>> with kprobes_all_disarmed=true when trying to disable all kprobes, this
>>> cause a serious problem.
>>>
>>> Moreover, I couldn't reproduce your reported bug on my 3.19-rc4 kernel.
>>> Could you test it again?
>>>
>>
>> I tested it again based on 3.19-rc5 and found that the problem still exists.
>> My testing is based on QEMU.
>>
>> First I tested my kprobeopt for ARM, then on x86_64. The test results are pasted
>> at the bottom of this mail. Commands after 'gdb attaches to QEMU' is my actions
>> on a gdb console attached to QEMU; commands after 'inside virtual machine' is
>> what I do in Linux run under QEMU.
> 
> Thank you for the reporting.
> So, now I know what happened, the problem is "debugfs/kprobes/enabled doesn't work
> correctly on optimized kprobes". Please make update the patch description.
> 
> I also reproduced the bug without gdb.
> Here is the log.
> 
> ----
> [root at localhost ~]# cd /sys/kernel/debug/tracing/
> [root at localhost tracing]# echo p do_fork+5 > kprobe_events	# setup new event
> [root at localhost tracing]# echo $$ > set_ftrace_pid		# trace only this process
> [root at localhost tracing]# echo 1 > events/kprobes/p_do_fork_5/enable	# enable it
> [root at localhost tracing]# cat trace				# check the trace data
> # tracer: nop
> #
> # entries-in-buffer/entries-written: 1/1   #P:8
> #
> #                              _-----=> irqs-off
> #                             / _----=> need-resched
> #                            | / _---=> hardirq/softirq
> #                            || / _--=> preempt-depth
> #                            ||| /     delay
> #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
> #              | |       |   ||||       |         |
>             bash-3883  [006] d...   279.799023: p_do_fork_5: (do_fork+0x5/0x360) # OK, now tracing
> [root at localhost tracing]# cat ../kprobes/list
> ffffffff810bc1c5  k  do_fork+0x5    [OPTIMIZED]			# and it is actually optimized
> [root at localhost tracing]# echo 0 > ../kprobes/enabled		# disable *ALL* kprobes
> [root at localhost tracing]# echo > trace				# clear events
> [root at localhost tracing]# cat trace				# this should show empty buffer
> # tracer: nop
> #
> # entries-in-buffer/entries-written: 1/1   #P:8
> #
> #                              _-----=> irqs-off
> #                             / _----=> need-resched
> #                            | / _---=> hardirq/softirq
> #                            || / _--=> preempt-depth
> #                            ||| /     delay
> #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
> #              | |       |   ||||       |         |
>             bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)  # But still tracing!
> [root at localhost tracing]# cat trace				# Check again
> # tracer: nop
> #
> # entries-in-buffer/entries-written: 2/2   #P:8
> #
> #                              _-----=> irqs-off
> #                             / _----=> need-resched
> #                            | / _---=> hardirq/softirq
> #                            || / _--=> preempt-depth
> #                            ||| /     delay
> #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
> #              | |       |   ||||       |         |
>             bash-3883  [006] d...   337.770785: p_do_fork_5: (do_fork+0x5/0x360)
>             bash-3883  [006] d...   345.592178: p_do_fork_5: (do_fork+0x5/0x360) # We are tracing!!
> 
> So, after global disabling kprobes, ALL kprobes event should be disabled, but not.
> 
> OK, I think your first patch is better than the second one, but not enough.
> What we should do is use kprobes_all_disarmed for force option like below.
> 
> 	unoptimize_kprobe(p, kprobes_all_disarmed);    /* Try to unoptimize */
> 
> We also would better to check the flag in unregistering path for skipping unneeded
> disarming process when kprobes globally disarmed.
> 
> Thank you,
> 

Thanks to your quick reply. I'll post an improved v1 patch tomorrow.

[PATCH] kprobes: bugfix: makes kprobes/enabled works correctly for optimized kprobes.

[Wang Nan]

debugfs/kprobes/enabled doesn't work correctly on optimized kprobes.
Masami Hiramatsu has a test report on x86_64 platform:

https://lkml.org/lkml/2015/1/19/274

This patch forces it to unoptimize kprobe if kprobes_all_disarmed
is set. It also checks the flag in unregistering path for skipping
unneeded disarming process when kprobes globally disarmed.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 kernel/kprobes.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 9471710..fb995ef 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -869,7 +869,8 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
 {
 	struct kprobe *_p;
 
-	unoptimize_kprobe(p, false);	/* Try to unoptimize */
+	/* Try to unoptimize */
+	unoptimize_kprobe(p, kprobes_all_disarmed);
 
 	if (!kprobe_queued(p)) {
 		arch_disarm_kprobe(p);
@@ -1571,7 +1572,13 @@ static struct kprobe *__disable_kprobe(struct kprobe *p)
 
 		/* Try to disarm and disable this/parent probe */
 		if (p == orig_p || aggr_kprobe_disabled(orig_p)) {
-			disarm_kprobe(orig_p, true);
+			/*
+			 * If kprobes_all_disarmed is set, orig_p
+			 * should have already been disarmed, so
+			 * skip unneed disarming process.
+			 */
+			if (!kprobes_all_disarmed)
+				disarm_kprobe(orig_p, true);
 			orig_p->flags |= KPROBE_FLAG_DISABLED;
 		}
 	}
-- 
1.8.4

[PATCH] kprobes: bugfix: makes kprobes/enabled works correctly for optimized kprobes.

[Wang Nan]

debugfs/kprobes/enabled doesn't work correctly on optimized kprobes.
Masami Hiramatsu has a test report on x86_64 platform:

https://lkml.org/lkml/2015/1/19/274

This patch forces it to unoptimize kprobe if kprobes_all_disarmed
is set. It also checks the flag in unregistering path for skipping
unneeded disarming process when kprobes globally disarmed.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 kernel/kprobes.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 9471710..fb995ef 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -869,7 +869,8 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
 {
 	struct kprobe *_p;
 
-	unoptimize_kprobe(p, false);	/* Try to unoptimize */
+	/* Try to unoptimize */
+	unoptimize_kprobe(p, kprobes_all_disarmed);
 
 	if (!kprobe_queued(p)) {
 		arch_disarm_kprobe(p);
@@ -1571,7 +1572,13 @@ static struct kprobe *__disable_kprobe(struct kprobe *p)
 
 		/* Try to disarm and disable this/parent probe */
 		if (p == orig_p || aggr_kprobe_disabled(orig_p)) {
-			disarm_kprobe(orig_p, true);
+			/*
+			 * If kprobes_all_disarmed is set, orig_p
+			 * should have already been disarmed, so
+			 * skip unneed disarming process.
+			 */
+			if (!kprobes_all_disarmed)
+				disarm_kprobe(orig_p, true);
 			orig_p->flags |= KPROBE_FLAG_DISABLED;
 		}
 	}
-- 
1.8.4

Re: [PATCH] kprobes: bugfix: makes kprobes/enabled works correctly for optimized kprobes.

[Masami Hiramatsu]

(2015/01/20 11:51), Wang Nan wrote:
> debugfs/kprobes/enabled doesn't work correctly on optimized kprobes.
> Masami Hiramatsu has a test report on x86_64 platform:
> 
> https://lkml.org/lkml/2015/1/19/274
> 
> This patch forces it to unoptimize kprobe if kprobes_all_disarmed
> is set. It also checks the flag in unregistering path for skipping
> unneeded disarming process when kprobes globally disarmed.
> 

OK, here is the test result.
----
[root@localhost tracing]# echo p do_fork+5 > kprobe_events
[root@localhost tracing]# echo $$ > set_ftrace_pid
[root@localhost tracing]# echo 1 > events/kprobes/p_do_fork_5/enable
[root@localhost tracing]# cat trace
# tracer: nop
#
# entries-in-buffer/entries-written: 1/1   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-11466 [004] d...  4548.420463: p_do_fork_5: (do_fork+0x5/0x360)
[root@localhost tracing]# cat ../kprobes/list
ffffffff810bc1c5  k  do_fork+0x5    [OPTIMIZED]
[root@localhost tracing]# echo 0 > ../kprobes/enabled   # kprobes globally disabled
[root@localhost tracing]# echo > trace                  # clear trace buffer
[root@localhost tracing]# cat trace
# tracer: nop
#
# entries-in-buffer/entries-written: 0/0   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |          # No event traced!
[root@localhost tracing]# echo 0 > events/kprobes/p_do_fork_5/enable
[root@localhost tracing]# echo > kprobe_events
[root@localhost tracing]# cat ../kprobes/list
[root@localhost tracing]#				# And we can safely remove the probe
-----

Now it looks good to me :)

Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Tested-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>

Ingo,
Could you pull this patch to your -tip tree?

Thank you,

> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> ---
>  kernel/kprobes.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 9471710..fb995ef 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -869,7 +869,8 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
>  {
>  	struct kprobe *_p;
>  
> -	unoptimize_kprobe(p, false);	/* Try to unoptimize */
> +	/* Try to unoptimize */
> +	unoptimize_kprobe(p, kprobes_all_disarmed);
>  
>  	if (!kprobe_queued(p)) {
>  		arch_disarm_kprobe(p);
> @@ -1571,7 +1572,13 @@ static struct kprobe *__disable_kprobe(struct kprobe *p)
>  
>  		/* Try to disarm and disable this/parent probe */
>  		if (p == orig_p || aggr_kprobe_disabled(orig_p)) {
> -			disarm_kprobe(orig_p, true);
> +			/*
> +			 * If kprobes_all_disarmed is set, orig_p
> +			 * should have already been disarmed, so
> +			 * skip unneed disarming process.
> +			 */
> +			if (!kprobes_all_disarmed)
> +				disarm_kprobe(orig_p, true);
>  			orig_p->flags |= KPROBE_FLAG_DISABLED;
>  		}
>  	}
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com

[PATCH] kprobes: bugfix: makes kprobes/enabled works correctly for optimized kprobes.

[Masami Hiramatsu]

(2015/01/20 11:51), Wang Nan wrote:
> debugfs/kprobes/enabled doesn't work correctly on optimized kprobes.
> Masami Hiramatsu has a test report on x86_64 platform:
> 
> https://lkml.org/lkml/2015/1/19/274
> 
> This patch forces it to unoptimize kprobe if kprobes_all_disarmed
> is set. It also checks the flag in unregistering path for skipping
> unneeded disarming process when kprobes globally disarmed.
> 

OK, here is the test result.
----
[root at localhost tracing]# echo p do_fork+5 > kprobe_events
[root at localhost tracing]# echo $$ > set_ftrace_pid
[root at localhost tracing]# echo 1 > events/kprobes/p_do_fork_5/enable
[root at localhost tracing]# cat trace
# tracer: nop
#
# entries-in-buffer/entries-written: 1/1   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
            bash-11466 [004] d...  4548.420463: p_do_fork_5: (do_fork+0x5/0x360)
[root at localhost tracing]# cat ../kprobes/list
ffffffff810bc1c5  k  do_fork+0x5    [OPTIMIZED]
[root at localhost tracing]# echo 0 > ../kprobes/enabled   # kprobes globally disabled
[root at localhost tracing]# echo > trace                  # clear trace buffer
[root at localhost tracing]# cat trace
# tracer: nop
#
# entries-in-buffer/entries-written: 0/0   #P:8
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |          # No event traced!
[root at localhost tracing]# echo 0 > events/kprobes/p_do_fork_5/enable
[root at localhost tracing]# echo > kprobe_events
[root at localhost tracing]# cat ../kprobes/list
[root at localhost tracing]#				# And we can safely remove the probe
-----

Now it looks good to me :)

Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Tested-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>

Ingo,
Could you pull this patch to your -tip tree?

Thank you,

> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> ---
>  kernel/kprobes.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 9471710..fb995ef 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -869,7 +869,8 @@ static void __disarm_kprobe(struct kprobe *p, bool reopt)
>  {
>  	struct kprobe *_p;
>  
> -	unoptimize_kprobe(p, false);	/* Try to unoptimize */
> +	/* Try to unoptimize */
> +	unoptimize_kprobe(p, kprobes_all_disarmed);
>  
>  	if (!kprobe_queued(p)) {
>  		arch_disarm_kprobe(p);
> @@ -1571,7 +1572,13 @@ static struct kprobe *__disable_kprobe(struct kprobe *p)
>  
>  		/* Try to disarm and disable this/parent probe */
>  		if (p == orig_p || aggr_kprobe_disabled(orig_p)) {
> -			disarm_kprobe(orig_p, true);
> +			/*
> +			 * If kprobes_all_disarmed is set, orig_p
> +			 * should have already been disarmed, so
> +			 * skip unneed disarming process.
> +			 */
> +			if (!kprobes_all_disarmed)
> +				disarm_kprobe(orig_p, true);
>  			orig_p->flags |= KPROBE_FLAG_DISABLED;
>  		}
>  	}
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt at hitachi.com