* [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes
@ 2017-10-23 16:37 Naveen N. Rao
2017-10-23 16:37 ` [PATCH 2/4] powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace Naveen N. Rao
` (4 more replies)
0 siblings, 5 replies; 11+ messages in thread
From: Naveen N. Rao @ 2017-10-23 16:37 UTC (permalink / raw)
To: Michael Ellerman
Cc: linuxppc-dev, Masami Hiramatsu, Ananth N Mavinakayanahalli
Per Documentation/kprobes.txt, probe handlers need to be invoked with
preemption disabled. Update optimized_callback() to do so. Also move
get_kprobe_ctlblk() invocation post preemption disable, since it
accesses pre-cpu data.
This was not an issue so far since optprobes wasn't selected if
CONFIG_PREEMPT was enabled. Commit a30b85df7d599f ("kprobes: Use
synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y") changes
this.
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
---
arch/powerpc/kernel/optprobes.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/optprobes.c b/arch/powerpc/kernel/optprobes.c
index 91e037ab20a1..60ba7f1370a8 100644
--- a/arch/powerpc/kernel/optprobes.c
+++ b/arch/powerpc/kernel/optprobes.c
@@ -115,7 +115,6 @@ static unsigned long can_optimize(struct kprobe *p)
static void optimized_callback(struct optimized_kprobe *op,
struct pt_regs *regs)
{
- struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
unsigned long flags;
/* This is possible if op is under delayed unoptimizing */
@@ -124,13 +123,14 @@ static void optimized_callback(struct optimized_kprobe *op,
local_irq_save(flags);
hard_irq_disable();
+ preempt_disable();
if (kprobe_running()) {
kprobes_inc_nmissed_count(&op->kp);
} else {
__this_cpu_write(current_kprobe, &op->kp);
regs->nip = (unsigned long)op->kp.addr;
- kcb->kprobe_status = KPROBE_HIT_ACTIVE;
+ get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE;
opt_pre_handler(&op->kp, regs);
__this_cpu_write(current_kprobe, NULL);
}
@@ -140,6 +140,7 @@ static void optimized_callback(struct optimized_kprobe *op,
* local_irq_restore() will re-enable interrupts,
* if they were hard disabled.
*/
+ preempt_enable_no_resched();
local_irq_restore(flags);
}
NOKPROBE_SYMBOL(optimized_callback);
--
2.14.2
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/4] powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace
2017-10-23 16:37 [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Naveen N. Rao
@ 2017-10-23 16:37 ` Naveen N. Rao
2017-10-25 2:19 ` Masami Hiramatsu
2017-10-23 16:37 ` [PATCH 3/4] powerpc/kprobes: Blacklist emulate_update_regs() from kprobes Naveen N. Rao
` (3 subsequent siblings)
4 siblings, 1 reply; 11+ messages in thread
From: Naveen N. Rao @ 2017-10-23 16:37 UTC (permalink / raw)
To: Michael Ellerman
Cc: linuxppc-dev, Masami Hiramatsu, Ananth N Mavinakayanahalli
Per Documentation/kprobes.txt, we don't necessarily need to disable
interrupts before invoking the kprobe handlers. Masami submitted
similar changes for x86 via commit a19b2e3d783964 ("kprobes/x86: Remove
IRQ disabling from ftrace-based/optimized kprobes"). Do the same for
powerpc.
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
---
arch/powerpc/kernel/kprobes-ftrace.c | 10 ++--------
arch/powerpc/kernel/optprobes.c | 10 ----------
2 files changed, 2 insertions(+), 18 deletions(-)
diff --git a/arch/powerpc/kernel/kprobes-ftrace.c b/arch/powerpc/kernel/kprobes-ftrace.c
index 4b1f34f685b1..7a1f99f1b47f 100644
--- a/arch/powerpc/kernel/kprobes-ftrace.c
+++ b/arch/powerpc/kernel/kprobes-ftrace.c
@@ -75,11 +75,7 @@ void kprobe_ftrace_handler(unsigned long nip, unsigned long parent_nip,
{
struct kprobe *p;
struct kprobe_ctlblk *kcb;
- unsigned long flags;
- /* Disable irq for emulating a breakpoint and avoiding preempt */
- local_irq_save(flags);
- hard_irq_disable();
preempt_disable();
p = get_kprobe((kprobe_opcode_t *)nip);
@@ -105,16 +101,14 @@ void kprobe_ftrace_handler(unsigned long nip, unsigned long parent_nip,
else {
/*
* If pre_handler returns !0, it sets regs->nip and
- * resets current kprobe. In this case, we still need
- * to restore irq, but not preemption.
+ * resets current kprobe. In this case, we should not
+ * re-enable preemption.
*/
- local_irq_restore(flags);
return;
}
}
end:
preempt_enable_no_resched();
- local_irq_restore(flags);
}
NOKPROBE_SYMBOL(kprobe_ftrace_handler);
diff --git a/arch/powerpc/kernel/optprobes.c b/arch/powerpc/kernel/optprobes.c
index 60ba7f1370a8..8237884ca389 100644
--- a/arch/powerpc/kernel/optprobes.c
+++ b/arch/powerpc/kernel/optprobes.c
@@ -115,14 +115,10 @@ static unsigned long can_optimize(struct kprobe *p)
static void optimized_callback(struct optimized_kprobe *op,
struct pt_regs *regs)
{
- unsigned long flags;
-
/* This is possible if op is under delayed unoptimizing */
if (kprobe_disabled(&op->kp))
return;
- local_irq_save(flags);
- hard_irq_disable();
preempt_disable();
if (kprobe_running()) {
@@ -135,13 +131,7 @@ static void optimized_callback(struct optimized_kprobe *op,
__this_cpu_write(current_kprobe, NULL);
}
- /*
- * No need for an explicit __hard_irq_enable() here.
- * local_irq_restore() will re-enable interrupts,
- * if they were hard disabled.
- */
preempt_enable_no_resched();
- local_irq_restore(flags);
}
NOKPROBE_SYMBOL(optimized_callback);
--
2.14.2
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/4] powerpc/kprobes: Blacklist emulate_update_regs() from kprobes
2017-10-23 16:37 [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Naveen N. Rao
2017-10-23 16:37 ` [PATCH 2/4] powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace Naveen N. Rao
@ 2017-10-23 16:37 ` Naveen N. Rao
2017-10-25 16:36 ` Masami Hiramatsu
2017-10-23 16:37 ` [PATCH 4/4] powerpc/kprobes: refactor kprobe_lookup_name for safer string operations Naveen N. Rao
` (2 subsequent siblings)
4 siblings, 1 reply; 11+ messages in thread
From: Naveen N. Rao @ 2017-10-23 16:37 UTC (permalink / raw)
To: Michael Ellerman
Cc: linuxppc-dev, Masami Hiramatsu, Ananth N Mavinakayanahalli
Commit 3cdfcbfd32b9d ("powerpc: Change analyse_instr so it doesn't
modify *regs") introduced emulate_update_regs() to perform part of what
emulate_step() was doing earlier. However, this function was not added
to the kprobes blacklist. Add it so as to prevent it from being probed.
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
---
arch/powerpc/lib/sstep.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c
index 8c3955e183d4..70274b7b4773 100644
--- a/arch/powerpc/lib/sstep.c
+++ b/arch/powerpc/lib/sstep.c
@@ -2717,6 +2717,7 @@ void emulate_update_regs(struct pt_regs *regs, struct instruction_op *op)
}
regs->nip = next_pc;
}
+NOKPROBE_SYMBOL(emulate_update_regs);
/*
* Emulate a previously-analysed load or store instruction.
--
2.14.2
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 4/4] powerpc/kprobes: refactor kprobe_lookup_name for safer string operations
2017-10-23 16:37 [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Naveen N. Rao
2017-10-23 16:37 ` [PATCH 2/4] powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace Naveen N. Rao
2017-10-23 16:37 ` [PATCH 3/4] powerpc/kprobes: Blacklist emulate_update_regs() from kprobes Naveen N. Rao
@ 2017-10-23 16:37 ` Naveen N. Rao
2017-10-25 16:35 ` Masami Hiramatsu
2017-10-25 2:18 ` [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Masami Hiramatsu
2017-11-14 11:12 ` [1/4] " Michael Ellerman
4 siblings, 1 reply; 11+ messages in thread
From: Naveen N. Rao @ 2017-10-23 16:37 UTC (permalink / raw)
To: Michael Ellerman
Cc: linuxppc-dev, Masami Hiramatsu, Ananth N Mavinakayanahalli
Use safer string manipulation functions when dealing with a
user-provided string in kprobe_lookup_name().
Reported-by: David Laight <David.Laight@ACULAB.COM>
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
---
arch/powerpc/kernel/kprobes.c | 47 ++++++++++++++++++-------------------------
1 file changed, 20 insertions(+), 27 deletions(-)
diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
index a14c61855705..bbb4795660f8 100644
--- a/arch/powerpc/kernel/kprobes.c
+++ b/arch/powerpc/kernel/kprobes.c
@@ -53,7 +53,7 @@ bool arch_within_kprobe_blacklist(unsigned long addr)
kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
{
- kprobe_opcode_t *addr;
+ kprobe_opcode_t *addr = NULL;
#ifdef PPC64_ELF_ABI_v2
/* PPC64 ABIv2 needs local entry point */
@@ -85,36 +85,29 @@ kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
* Also handle <module:symbol> format.
*/
char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
- const char *modsym;
bool dot_appended = false;
- if ((modsym = strchr(name, ':')) != NULL) {
- modsym++;
- if (*modsym != '\0' && *modsym != '.') {
- /* Convert to <module:.symbol> */
- strncpy(dot_name, name, modsym - name);
- dot_name[modsym - name] = '.';
- dot_name[modsym - name + 1] = '\0';
- strncat(dot_name, modsym,
- sizeof(dot_name) - (modsym - name) - 2);
- dot_appended = true;
- } else {
- dot_name[0] = '\0';
- strncat(dot_name, name, sizeof(dot_name) - 1);
- }
- } else if (name[0] != '.') {
- dot_name[0] = '.';
- dot_name[1] = '\0';
- strncat(dot_name, name, KSYM_NAME_LEN - 2);
+ const char *c;
+ ssize_t ret = 0;
+ int len = 0;
+
+ if ((c = strnchr(name, MODULE_NAME_LEN, ':')) != NULL) {
+ c++;
+ len = c - name;
+ memcpy(dot_name, name, len);
+ } else
+ c = name;
+
+ if (*c != '\0' && *c != '.') {
+ dot_name[len++] = '.';
dot_appended = true;
- } else {
- dot_name[0] = '\0';
- strncat(dot_name, name, KSYM_NAME_LEN - 1);
}
- addr = (kprobe_opcode_t *)kallsyms_lookup_name(dot_name);
- if (!addr && dot_appended) {
- /* Let's try the original non-dot symbol lookup */
+ ret = strscpy(dot_name + len, c, KSYM_NAME_LEN);
+ if (ret > 0)
+ addr = (kprobe_opcode_t *)kallsyms_lookup_name(dot_name);
+
+ /* Fallback to the original non-dot symbol lookup */
+ if (!addr && dot_appended)
addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
- }
#else
addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
#endif
--
2.14.2
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes
2017-10-23 16:37 [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Naveen N. Rao
` (2 preceding siblings ...)
2017-10-23 16:37 ` [PATCH 4/4] powerpc/kprobes: refactor kprobe_lookup_name for safer string operations Naveen N. Rao
@ 2017-10-25 2:18 ` Masami Hiramatsu
2017-10-27 11:27 ` Naveen N. Rao
2017-11-14 11:12 ` [1/4] " Michael Ellerman
4 siblings, 1 reply; 11+ messages in thread
From: Masami Hiramatsu @ 2017-10-25 2:18 UTC (permalink / raw)
To: Naveen N. Rao
Cc: Michael Ellerman, linuxppc-dev, Masami Hiramatsu,
Ananth N Mavinakayanahalli
On Mon, 23 Oct 2017 22:07:38 +0530
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> wrote:
> Per Documentation/kprobes.txt, probe handlers need to be invoked with
> preemption disabled. Update optimized_callback() to do so. Also move
> get_kprobe_ctlblk() invocation post preemption disable, since it
> accesses pre-cpu data.
>
> This was not an issue so far since optprobes wasn't selected if
> CONFIG_PREEMPT was enabled. Commit a30b85df7d599f ("kprobes: Use
> synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y") changes
> this.
Actually, if you local_irq_save(), it also disables preempt. So unless you
enables irqs, it should be safe.
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Thank you,
> Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
> ---
> arch/powerpc/kernel/optprobes.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kernel/optprobes.c b/arch/powerpc/kernel/optprobes.c
> index 91e037ab20a1..60ba7f1370a8 100644
> --- a/arch/powerpc/kernel/optprobes.c
> +++ b/arch/powerpc/kernel/optprobes.c
> @@ -115,7 +115,6 @@ static unsigned long can_optimize(struct kprobe *p)
> static void optimized_callback(struct optimized_kprobe *op,
> struct pt_regs *regs)
> {
> - struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
> unsigned long flags;
>
> /* This is possible if op is under delayed unoptimizing */
> @@ -124,13 +123,14 @@ static void optimized_callback(struct optimized_kprobe *op,
>
> local_irq_save(flags);
> hard_irq_disable();
> + preempt_disable();
>
> if (kprobe_running()) {
> kprobes_inc_nmissed_count(&op->kp);
> } else {
> __this_cpu_write(current_kprobe, &op->kp);
> regs->nip = (unsigned long)op->kp.addr;
> - kcb->kprobe_status = KPROBE_HIT_ACTIVE;
> + get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE;
> opt_pre_handler(&op->kp, regs);
> __this_cpu_write(current_kprobe, NULL);
> }
> @@ -140,6 +140,7 @@ static void optimized_callback(struct optimized_kprobe *op,
> * local_irq_restore() will re-enable interrupts,
> * if they were hard disabled.
> */
> + preempt_enable_no_resched();
> local_irq_restore(flags);
> }
> NOKPROBE_SYMBOL(optimized_callback);
> --
> 2.14.2
>
--
Masami Hiramatsu <mhiramat@kernel.org>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace
2017-10-23 16:37 ` [PATCH 2/4] powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace Naveen N. Rao
@ 2017-10-25 2:19 ` Masami Hiramatsu
0 siblings, 0 replies; 11+ messages in thread
From: Masami Hiramatsu @ 2017-10-25 2:19 UTC (permalink / raw)
To: Naveen N. Rao
Cc: Michael Ellerman, linuxppc-dev, Masami Hiramatsu,
Ananth N Mavinakayanahalli
On Mon, 23 Oct 2017 22:07:39 +0530
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> wrote:
> Per Documentation/kprobes.txt, we don't necessarily need to disable
> interrupts before invoking the kprobe handlers. Masami submitted
> similar changes for x86 via commit a19b2e3d783964 ("kprobes/x86: Remove
> IRQ disabling from ftrace-based/optimized kprobes"). Do the same for
> powerpc.
Yes, and this requires to make preempt disable :)
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Thank you!
>
> Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
> ---
> arch/powerpc/kernel/kprobes-ftrace.c | 10 ++--------
> arch/powerpc/kernel/optprobes.c | 10 ----------
> 2 files changed, 2 insertions(+), 18 deletions(-)
>
> diff --git a/arch/powerpc/kernel/kprobes-ftrace.c b/arch/powerpc/kernel/kprobes-ftrace.c
> index 4b1f34f685b1..7a1f99f1b47f 100644
> --- a/arch/powerpc/kernel/kprobes-ftrace.c
> +++ b/arch/powerpc/kernel/kprobes-ftrace.c
> @@ -75,11 +75,7 @@ void kprobe_ftrace_handler(unsigned long nip, unsigned long parent_nip,
> {
> struct kprobe *p;
> struct kprobe_ctlblk *kcb;
> - unsigned long flags;
>
> - /* Disable irq for emulating a breakpoint and avoiding preempt */
> - local_irq_save(flags);
> - hard_irq_disable();
> preempt_disable();
>
> p = get_kprobe((kprobe_opcode_t *)nip);
> @@ -105,16 +101,14 @@ void kprobe_ftrace_handler(unsigned long nip, unsigned long parent_nip,
> else {
> /*
> * If pre_handler returns !0, it sets regs->nip and
> - * resets current kprobe. In this case, we still need
> - * to restore irq, but not preemption.
> + * resets current kprobe. In this case, we should not
> + * re-enable preemption.
> */
> - local_irq_restore(flags);
> return;
> }
> }
> end:
> preempt_enable_no_resched();
> - local_irq_restore(flags);
> }
> NOKPROBE_SYMBOL(kprobe_ftrace_handler);
>
> diff --git a/arch/powerpc/kernel/optprobes.c b/arch/powerpc/kernel/optprobes.c
> index 60ba7f1370a8..8237884ca389 100644
> --- a/arch/powerpc/kernel/optprobes.c
> +++ b/arch/powerpc/kernel/optprobes.c
> @@ -115,14 +115,10 @@ static unsigned long can_optimize(struct kprobe *p)
> static void optimized_callback(struct optimized_kprobe *op,
> struct pt_regs *regs)
> {
> - unsigned long flags;
> -
> /* This is possible if op is under delayed unoptimizing */
> if (kprobe_disabled(&op->kp))
> return;
>
> - local_irq_save(flags);
> - hard_irq_disable();
> preempt_disable();
>
> if (kprobe_running()) {
> @@ -135,13 +131,7 @@ static void optimized_callback(struct optimized_kprobe *op,
> __this_cpu_write(current_kprobe, NULL);
> }
>
> - /*
> - * No need for an explicit __hard_irq_enable() here.
> - * local_irq_restore() will re-enable interrupts,
> - * if they were hard disabled.
> - */
> preempt_enable_no_resched();
> - local_irq_restore(flags);
> }
> NOKPROBE_SYMBOL(optimized_callback);
>
> --
> 2.14.2
>
--
Masami Hiramatsu <mhiramat@kernel.org>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 4/4] powerpc/kprobes: refactor kprobe_lookup_name for safer string operations
2017-10-23 16:37 ` [PATCH 4/4] powerpc/kprobes: refactor kprobe_lookup_name for safer string operations Naveen N. Rao
@ 2017-10-25 16:35 ` Masami Hiramatsu
2017-10-27 11:34 ` Naveen N. Rao
0 siblings, 1 reply; 11+ messages in thread
From: Masami Hiramatsu @ 2017-10-25 16:35 UTC (permalink / raw)
To: Naveen N. Rao
Cc: Michael Ellerman, linuxppc-dev, Masami Hiramatsu,
Ananth N Mavinakayanahalli
On Mon, 23 Oct 2017 22:07:41 +0530
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> wrote:
> Use safer string manipulation functions when dealing with a
> user-provided string in kprobe_lookup_name().
>
What would you mean "safer" here? using strnchr()?
Could you please show at least an example case that causes problem in original code.
And have one comment below:
> Reported-by: David Laight <David.Laight@ACULAB.COM>
> Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
> ---
> arch/powerpc/kernel/kprobes.c | 47 ++++++++++++++++++-------------------------
> 1 file changed, 20 insertions(+), 27 deletions(-)
>
> diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
> index a14c61855705..bbb4795660f8 100644
> --- a/arch/powerpc/kernel/kprobes.c
> +++ b/arch/powerpc/kernel/kprobes.c
> @@ -53,7 +53,7 @@ bool arch_within_kprobe_blacklist(unsigned long addr)
>
> kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
> {
> - kprobe_opcode_t *addr;
> + kprobe_opcode_t *addr = NULL;
>
> #ifdef PPC64_ELF_ABI_v2
> /* PPC64 ABIv2 needs local entry point */
> @@ -85,36 +85,29 @@ kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
> * Also handle <module:symbol> format.
> */
> char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
> - const char *modsym;
> bool dot_appended = false;
> - if ((modsym = strchr(name, ':')) != NULL) {
> - modsym++;
> - if (*modsym != '\0' && *modsym != '.') {
> - /* Convert to <module:.symbol> */
> - strncpy(dot_name, name, modsym - name);
> - dot_name[modsym - name] = '.';
> - dot_name[modsym - name + 1] = '\0';
> - strncat(dot_name, modsym,
> - sizeof(dot_name) - (modsym - name) - 2);
> - dot_appended = true;
> - } else {
> - dot_name[0] = '\0';
> - strncat(dot_name, name, sizeof(dot_name) - 1);
> - }
> - } else if (name[0] != '.') {
> - dot_name[0] = '.';
> - dot_name[1] = '\0';
> - strncat(dot_name, name, KSYM_NAME_LEN - 2);
> + const char *c;
> + ssize_t ret = 0;
> + int len = 0;
> +
> + if ((c = strnchr(name, MODULE_NAME_LEN, ':')) != NULL) {
> + c++;
> + len = c - name;
> + memcpy(dot_name, name, len);
> + } else
> + c = name;
> +
> + if (*c != '\0' && *c != '.') {
> + dot_name[len++] = '.';
> dot_appended = true;
It is odd, you can call kallsyms_lookup_name(dot_name) here.
> - } else {
> - dot_name[0] = '\0';
> - strncat(dot_name, name, KSYM_NAME_LEN - 1);
> }
> - addr = (kprobe_opcode_t *)kallsyms_lookup_name(dot_name);
> - if (!addr && dot_appended) {
> - /* Let's try the original non-dot symbol lookup */
> + ret = strscpy(dot_name + len, c, KSYM_NAME_LEN);
> + if (ret > 0)
> + addr = (kprobe_opcode_t *)kallsyms_lookup_name(dot_name);
> +
> + /* Fallback to the original non-dot symbol lookup */
> + if (!addr && dot_appended)
> addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
Then we can remove dot_appended.
Thank you,
> - }
> #else
> addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
> #endif
> --
> 2.14.2
>
--
Masami Hiramatsu <mhiramat@kernel.org>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 3/4] powerpc/kprobes: Blacklist emulate_update_regs() from kprobes
2017-10-23 16:37 ` [PATCH 3/4] powerpc/kprobes: Blacklist emulate_update_regs() from kprobes Naveen N. Rao
@ 2017-10-25 16:36 ` Masami Hiramatsu
0 siblings, 0 replies; 11+ messages in thread
From: Masami Hiramatsu @ 2017-10-25 16:36 UTC (permalink / raw)
To: Naveen N. Rao
Cc: Michael Ellerman, linuxppc-dev, Masami Hiramatsu,
Ananth N Mavinakayanahalli
On Mon, 23 Oct 2017 22:07:40 +0530
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> wrote:
> Commit 3cdfcbfd32b9d ("powerpc: Change analyse_instr so it doesn't
> modify *regs") introduced emulate_update_regs() to perform part of what
> emulate_step() was doing earlier. However, this function was not added
> to the kprobes blacklist. Add it so as to prevent it from being probed.
>
Looks good to me.
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Thank you!
> Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
> ---
> arch/powerpc/lib/sstep.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c
> index 8c3955e183d4..70274b7b4773 100644
> --- a/arch/powerpc/lib/sstep.c
> +++ b/arch/powerpc/lib/sstep.c
> @@ -2717,6 +2717,7 @@ void emulate_update_regs(struct pt_regs *regs, struct instruction_op *op)
> }
> regs->nip = next_pc;
> }
> +NOKPROBE_SYMBOL(emulate_update_regs);
>
> /*
> * Emulate a previously-analysed load or store instruction.
> --
> 2.14.2
>
--
Masami Hiramatsu <mhiramat@kernel.org>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes
2017-10-25 2:18 ` [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Masami Hiramatsu
@ 2017-10-27 11:27 ` Naveen N. Rao
0 siblings, 0 replies; 11+ messages in thread
From: Naveen N. Rao @ 2017-10-27 11:27 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Michael Ellerman, linuxppc-dev, Ananth N Mavinakayanahalli
On 2017/10/25 02:18AM, Masami Hiramatsu wrote:
> On Mon, 23 Oct 2017 22:07:38 +0530
> "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> wrote:
>
> > Per Documentation/kprobes.txt, probe handlers need to be invoked with
> > preemption disabled. Update optimized_callback() to do so. Also move
> > get_kprobe_ctlblk() invocation post preemption disable, since it
> > accesses pre-cpu data.
> >
> > This was not an issue so far since optprobes wasn't selected if
> > CONFIG_PREEMPT was enabled. Commit a30b85df7d599f ("kprobes: Use
> > synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y") changes
> > this.
>
> Actually, if you local_irq_save(), it also disables preempt. So unless you
> enables irqs, it should be safe.
I think we still need to disable preemption explicitly (at least on
powerpc, disabling irqs doesn't increment preempt count). See commit
6baea433bc84cd ("powerpc/jprobes: Disable preemption when triggered
through ftrace") for example.
We need to ensure preempt count is properly balanced for our usage
across KPROBES_ON_FTRACE, OPTPROBES and POTS (plain old trap system ;-)
>
> Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Thanks for the review!
- Naveen
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 4/4] powerpc/kprobes: refactor kprobe_lookup_name for safer string operations
2017-10-25 16:35 ` Masami Hiramatsu
@ 2017-10-27 11:34 ` Naveen N. Rao
0 siblings, 0 replies; 11+ messages in thread
From: Naveen N. Rao @ 2017-10-27 11:34 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Michael Ellerman, linuxppc-dev, Ananth N Mavinakayanahalli
On 2017/10/25 04:35PM, Masami Hiramatsu wrote:
> On Mon, 23 Oct 2017 22:07:41 +0530
> "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> wrote:
>
> > Use safer string manipulation functions when dealing with a
> > user-provided string in kprobe_lookup_name().
> >
>
> What would you mean "safer" here? using strnchr()?
> Could you please show at least an example case that causes problem in original code.
Yes, essentially about using bounded string operations. Since the 'name'
parameter is provided by user, it's better to ensure it is within
limits. Granted, this isn't a big deal since user needs to be root for
accessing this API, but we felt it is good to clean up this code.
> And have one comment below:
>
> > Reported-by: David Laight <David.Laight@ACULAB.COM>
> > Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
> > ---
> > arch/powerpc/kernel/kprobes.c | 47 ++++++++++++++++++-------------------------
> > 1 file changed, 20 insertions(+), 27 deletions(-)
> >
> > diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
> > index a14c61855705..bbb4795660f8 100644
> > --- a/arch/powerpc/kernel/kprobes.c
> > +++ b/arch/powerpc/kernel/kprobes.c
> > @@ -53,7 +53,7 @@ bool arch_within_kprobe_blacklist(unsigned long addr)
> >
> > kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
> > {
> > - kprobe_opcode_t *addr;
> > + kprobe_opcode_t *addr = NULL;
> >
> > #ifdef PPC64_ELF_ABI_v2
> > /* PPC64 ABIv2 needs local entry point */
> > @@ -85,36 +85,29 @@ kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
> > * Also handle <module:symbol> format.
> > */
> > char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
> > - const char *modsym;
> > bool dot_appended = false;
> > - if ((modsym = strchr(name, ':')) != NULL) {
> > - modsym++;
> > - if (*modsym != '\0' && *modsym != '.') {
> > - /* Convert to <module:.symbol> */
> > - strncpy(dot_name, name, modsym - name);
> > - dot_name[modsym - name] = '.';
> > - dot_name[modsym - name + 1] = '\0';
> > - strncat(dot_name, modsym,
> > - sizeof(dot_name) - (modsym - name) - 2);
> > - dot_appended = true;
> > - } else {
> > - dot_name[0] = '\0';
> > - strncat(dot_name, name, sizeof(dot_name) - 1);
> > - }
> > - } else if (name[0] != '.') {
> > - dot_name[0] = '.';
> > - dot_name[1] = '\0';
> > - strncat(dot_name, name, KSYM_NAME_LEN - 2);
> > + const char *c;
> > + ssize_t ret = 0;
> > + int len = 0;
> > +
> > + if ((c = strnchr(name, MODULE_NAME_LEN, ':')) != NULL) {
> > + c++;
> > + len = c - name;
> > + memcpy(dot_name, name, len);
> > + } else
> > + c = name;
> > +
> > + if (*c != '\0' && *c != '.') {
> > + dot_name[len++] = '.';
> > dot_appended = true;
>
> It is odd, you can call kallsyms_lookup_name(dot_name) here.
We'll then have to duplicate the strscpy() here.
Thanks for the review,
- Naveen
>
> > - } else {
> > - dot_name[0] = '\0';
> > - strncat(dot_name, name, KSYM_NAME_LEN - 1);
> > }
> > - addr = (kprobe_opcode_t *)kallsyms_lookup_name(dot_name);
> > - if (!addr && dot_appended) {
> > - /* Let's try the original non-dot symbol lookup */
> > + ret = strscpy(dot_name + len, c, KSYM_NAME_LEN);
> > + if (ret > 0)
> > + addr = (kprobe_opcode_t *)kallsyms_lookup_name(dot_name);
> > +
> > + /* Fallback to the original non-dot symbol lookup */
> > + if (!addr && dot_appended)
> > addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
>
> Then we can remove dot_appended.
>
> Thank you,
>
> > - }
> > #else
> > addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
> > #endif
> > --
> > 2.14.2
> >
>
>
> --
> Masami Hiramatsu <mhiramat@kernel.org>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes
2017-10-23 16:37 [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Naveen N. Rao
` (3 preceding siblings ...)
2017-10-25 2:18 ` [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Masami Hiramatsu
@ 2017-11-14 11:12 ` Michael Ellerman
4 siblings, 0 replies; 11+ messages in thread
From: Michael Ellerman @ 2017-11-14 11:12 UTC (permalink / raw)
To: Naveen N. Rao; +Cc: linuxppc-dev, Masami Hiramatsu
On Mon, 2017-10-23 at 16:37:38 UTC, "Naveen N. Rao" wrote:
> Per Documentation/kprobes.txt, probe handlers need to be invoked with
> preemption disabled. Update optimized_callback() to do so. Also move
> get_kprobe_ctlblk() invocation post preemption disable, since it
> accesses pre-cpu data.
>
> This was not an issue so far since optprobes wasn't selected if
> CONFIG_PREEMPT was enabled. Commit a30b85df7d599f ("kprobes: Use
> synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y") changes
> this.
>
> Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
> Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Series applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/8a2d71a3f2737e2448aa68de2b6052
cheers
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-11-14 11:12 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-23 16:37 [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Naveen N. Rao
2017-10-23 16:37 ` [PATCH 2/4] powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace Naveen N. Rao
2017-10-25 2:19 ` Masami Hiramatsu
2017-10-23 16:37 ` [PATCH 3/4] powerpc/kprobes: Blacklist emulate_update_regs() from kprobes Naveen N. Rao
2017-10-25 16:36 ` Masami Hiramatsu
2017-10-23 16:37 ` [PATCH 4/4] powerpc/kprobes: refactor kprobe_lookup_name for safer string operations Naveen N. Rao
2017-10-25 16:35 ` Masami Hiramatsu
2017-10-27 11:34 ` Naveen N. Rao
2017-10-25 2:18 ` [PATCH 1/4] powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Masami Hiramatsu
2017-10-27 11:27 ` Naveen N. Rao
2017-11-14 11:12 ` [1/4] " Michael Ellerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).