* [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
@ 2009-01-28 2:32 Masami Hiramatsu
2009-01-28 2:39 ` [PATCH][bugfix?][kprobes][vunmap?]: use vm_map_ram() in text_poke() Masami Hiramatsu
2009-01-28 5:09 ` [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
0 siblings, 2 replies; 18+ messages in thread
From: Masami Hiramatsu @ 2009-01-28 2:32 UTC (permalink / raw)
To: Nick Piggin, Mathieu Desnoyers
Cc: LKML, Ananth N Mavinakayanahalli, Jim Keniston, systemtap-ml,
Frank Ch. Eigler
[-- Attachment #1: Type: text/plain, Size: 965 bytes --]
Hi
I found that 2.6.28-rc1+ kernel might cause a random memory corruption
including double fault when repeating load/unload kprobe-using module on
i386 with CONFIG_HIGHMEN4G=y.
I narrowed it down by git-bisect and found that after below commit
caused this bug.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db64fe02258f1507e13fe5212a989922323685ce
I also reported details of this bug on the below bugzilla.
http://sources.redhat.com/bugzilla/show_bug.cgi?id=9740
I'm still investigating the root cause of this bug. I just made a
ad-hoc bugfix patch which just changes text_poke() to work as
before above commit(as far as I tested, it just works for me).
A set of test code which written in plain c is attached,
make genkprobe.ko and run testmod.sh, then the bug will
be occurred.
Thanks,
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
[-- Attachment #2: genkprobe.c --]
[-- Type: text/plain, Size: 24865 bytes --]
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/kprobes.h>
MODULE_LICENSE("GPL");
static int kph(struct kprobe *kp, struct pt_regs *regs)
{
return 0;
}
static int kpfh(struct kprobe *kp, struct pt_regs *regs, int nr)
{
printk("fault occurred on kprobes at %p(@%lx:%d)\n", kp->addr, regs->ip, nr);
return 0;
}
static struct kprobe kp[] = {
[0]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_accept"},
[1]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_access"},
[2]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_acct"},
[3]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_add_key"},
[4]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_adjtimex"},
[5]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_alarm"},
[6]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bdflush"},
[7]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bind"},
[8]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_brk"},
[9]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capget"},
[10]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capset"},
[11]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chdir"},
[12]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chmod"},
[13]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown"},
[14]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown16"},
[15]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chroot"},
[16]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_getres"},
[17]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_gettime"},
[18]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_nanosleep"},
[19]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_settime"},
[20]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_close"},
[21]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_connect"},
[22]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_creat"},
[23]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_delete_module"},
[24]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup"},
[25]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup2"},
[26]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_create"},
[27]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_ctl"},
[28]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_pwait"},
[29]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_wait"},
[30]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_eventfd"},
[31]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_execve"},
[32]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_exit"},
[33]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_exit_group"},
[34]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_faccessat"},
[35]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64"},
[36]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64_64"},
[37]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchdir"},
[38]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmod"},
[39]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmodat"},
[40]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown"},
[41]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown16"},
[42]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchownat"},
[43]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl"},
[44]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl64"},
[45]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fdatasync"},
[46]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fgetxattr"},
[47]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flistxattr"},
[48]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flock"},
[49]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_fork"},
[50]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fremovexattr"},
[51]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsetxattr"},
[52]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat"},
[53]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat64"},
[54]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newfstat"},
[55]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatat64"},
[56]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs"},
[57]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs64"},
[58]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsync"},
[59]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate"},
[60]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate64"},
[61]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futex"},
[62]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futimesat"},
[63]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_get_thread_area"},
[64]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getcwd"},
[65]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents"},
[66]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents64"},
[67]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid16"},
[68]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid"},
[69]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid16"},
[70]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid"},
[71]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid16"},
[72]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid"},
[73]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups"},
[74]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups16"},
[75]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gethostname"},
[76]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getitimer"},
[77]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpeername"},
[78]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgid"},
[79]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgrp"},
[80]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpid"},
[81]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getppid"},
[82]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpriority"},
[83]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid16"},
[84]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid"},
[85]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid16"},
[86]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid"},
[87]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrlimit"},
[88]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_old_getrlimit"},
[89]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrusage"},
[90]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsid"},
[91]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockname"},
[92]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockopt"},
[93]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettid"},
[94]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettimeofday"},
[95]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid16"},
[96]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid"},
[97]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getxattr"},
[98]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_init_module"},
[99]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_add_watch"},
[100]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_init"},
[101]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_rm_watch"},
[102]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_cancel"},
[103]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_destroy"},
[104]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_getevents"},
[105]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_setup"},
[106]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_submit"},
[107]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioctl"},
[108]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioperm"},
[109]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_iopl"},
[110]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_get"},
[111]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_set"},
[112]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ipc"},
[113]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kexec_load"},
[114]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_keyctl"},
[115]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kill"},
[116]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown"},
[117]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown16"},
[118]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lgetxattr"},
[119]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_link"},
[120]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_linkat"},
[121]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listen"},
[122]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listxattr"},
[123]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llistxattr"},
[124]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llseek"},
[125]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lookup_dcookie"},
[126]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lremovexattr"},
[127]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lseek"},
[128]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lsetxattr"},
[129]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat"},
[130]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newlstat"},
[131]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat64"},
[132]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_madvise"},
[133]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mincore"},
[134]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdir"},
[135]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdirat"},
[136]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknod"},
[137]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknodat"},
[138]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlock"},
[139]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlockall"},
[140]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mmap2"},
[141]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_modify_ldt"},
[142]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mount"},
[143]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mprotect"},
[144]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_getsetattr"},
[145]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_notify"},
[146]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_open"},
[147]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedreceive"},
[148]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedsend"},
[149]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_unlink"},
[150]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mremap"},
[151]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgctl"},
[152]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgget"},
[153]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgrcv"},
[154]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgsnd"},
[155]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msync"},
[156]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlock"},
[157]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlockall"},
[158]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munmap"},
[159]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nanosleep"},
[160]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nfsservctl"},
[161]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ni_syscall"},
[162]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nice"},
[163]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_open"},
[164]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_openat"},
[165]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pause"},
[166]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_personality"},
[167]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pipe"},
[168]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pivot_root"},
[169]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_poll"},
[170]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ppoll"},
[171]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_prctl"},
[172]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pread64"},
[173]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pselect6"},
[174]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ptrace"},
[175]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pwrite64"},
[176]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_quotactl"},
[177]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_read"},
[178]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readahead"},
[179]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlink"},
[180]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlinkat"},
[181]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readv"},
[182]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_reboot"},
[183]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recv"},
[184]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvfrom"},
[185]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvmsg"},
[186]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_remap_file_pages"},
[187]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_removexattr"},
[188]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rename"},
[189]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_renameat"},
[190]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_request_key"},
[191]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_restart_syscall"},
[192]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rmdir"},
[193]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigaction"},
[194]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigpending"},
[195]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigprocmask"},
[196]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigqueueinfo"},
[197]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigreturn"},
[198]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigsuspend"},
[199]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigtimedwait"},
[200]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_max"},
[201]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_min"},
[202]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getaffinity"},
[203]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getparam"},
[204]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getscheduler"},
[205]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_rr_get_interval"},
[206]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setaffinity"},
[207]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setparam"},
[208]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setscheduler"},
[209]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_yield"},
[210]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_select"},
[211]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semctl"},
[212]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semget"},
[213]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
[214]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
[215]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_send"},
[216]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile"},
[217]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile64"},
[218]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendmsg"},
[219]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendto"},
[220]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_thread_area"},
[221]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_tid_address"},
[222]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setdomainname"},
[223]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid"},
[224]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid16"},
[225]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid"},
[226]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid16"},
[227]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid"},
[228]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid16"},
[229]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups"},
[230]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups16"},
[231]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sethostname"},
[232]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setitimer"},
[233]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpgid"},
[234]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpriority"},
[235]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid"},
[236]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid16"},
[237]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid"},
[238]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid16"},
[239]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid"},
[240]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid16"},
[241]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid"},
[242]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid16"},
[243]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setrlimit"},
[244]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsid"},
[245]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsockopt"},
[246]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_settimeofday"},
[247]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid16"},
[248]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid"},
[249]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setxattr"},
[250]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sgetmask"},
[251]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmat"},
[252]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmctl"},
[253]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmdt"},
[254]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmget"},
[255]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shutdown"},
[256]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaction"},
[257]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaltstack"},
[258]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signal"},
[259]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signalfd"},
[260]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigpending"},
[261]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigprocmask"},
[262]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigreturn"},
[263]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigsuspend"},
[264]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socket"},
[265]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socketpair"},
[266]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_splice"},
[267]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ssetmask"},
[268]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat"},
[269]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newstat"},
[270]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat64"},
[271]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs"},
[272]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs64"},
[273]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stime"},
[274]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapoff"},
[275]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapon"},
[276]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlink"},
[277]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlinkat"},
[278]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sync"},
[279]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysctl"},
[280]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysfs"},
[281]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysinfo"},
[282]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_syslog"},
[283]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tee"},
[284]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tgkill"},
[285]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_time"},
[286]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_create"},
[287]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_delete"},
[288]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_getoverrun"},
[289]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_gettime"},
[290]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_settime"},
[291]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_times"},
[292]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tkill"},
[293]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate"},
[294]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate64"},
[295]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umask"},
[296]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umount"},
[297]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uname"},
[298]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_olduname"},
[299]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newuname"},
[300]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlink"},
[301]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlinkat"},
[302]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unshare"},
[303]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uselib"},
[304]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ustat"},
[305]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utime"},
[306]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimensat"},
[307]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimes"},
[308]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vhangup"},
[309]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86"},
[310]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86old"},
[311]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vmsplice"},
[312]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_wait4"},
[313]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_waitid"},
[314]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_write"},
[315]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_writev"},
};
#define NRPB 316
static struct kprobe *kps[NRPB];
int __gen_init(void)
{
int ret, i;
for (i=0;i<NRPB;i++)
kps[i]=&kp[i];
printk("registering...");
ret = register_kprobes(kps, NRPB);
if (ret) {
printk("failed to register kprobes\n");
return ret;
}
printk("registered\n");
return 0;
}
void __gen_exit(void)
{
printk("unregistering...");
unregister_kprobes(kps, NRPB);
printk("unregistered\n");
}
module_init(__gen_init);
module_exit(__gen_exit);
[-- Attachment #3: testmod.sh --]
[-- Type: application/x-shellscript, Size: 119 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH][bugfix?][kprobes][vunmap?]: use vm_map_ram() in text_poke()
2009-01-28 2:32 [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
@ 2009-01-28 2:39 ` Masami Hiramatsu
2009-01-28 5:09 ` [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
1 sibling, 0 replies; 18+ messages in thread
From: Masami Hiramatsu @ 2009-01-28 2:39 UTC (permalink / raw)
To: Nick Piggin, Mathieu Desnoyers
Cc: LKML, Ananth N Mavinakayanahalli, Jim Keniston, systemtap-ml,
Frank Ch. Eigler
Use vm_map_ram() instead of vmap() in text_poke(), because text_poke()
just want to map pages temporarily.
---
As far as I tested, this patch works fine for me.
However, there might be another hidden bug in the kernel...
We need to fix that too.
arch/x86/kernel/alternative.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: 2.6-rc/arch/x86/kernel/alternative.c
===================================================================
--- 2.6-rc.orig/arch/x86/kernel/alternative.c
+++ 2.6-rc/arch/x86/kernel/alternative.c
@@ -515,12 +515,12 @@ void *__kprobes text_poke(void *addr, co
BUG_ON(!pages[0]);
if (!pages[1])
nr_pages = 1;
- vaddr = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL);
+ vaddr = vm_map_ram(pages, nr_pages, -1, PAGE_KERNEL);
BUG_ON(!vaddr);
local_irq_save(flags);
memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len);
local_irq_restore(flags);
- vunmap(vaddr);
+ vm_unmap_ram(vaddr, nr_pages);
sync_core();
/* Could also do a CLFLUSH here to speed up CPU recovery; but
that causes hangs on some VIA CPUs. */
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 2:32 [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
2009-01-28 2:39 ` [PATCH][bugfix?][kprobes][vunmap?]: use vm_map_ram() in text_poke() Masami Hiramatsu
@ 2009-01-28 5:09 ` Masami Hiramatsu
2009-01-28 15:48 ` Mathieu Desnoyers
1 sibling, 1 reply; 18+ messages in thread
From: Masami Hiramatsu @ 2009-01-28 5:09 UTC (permalink / raw)
Cc: Nick Piggin, Mathieu Desnoyers, LKML, Ananth N Mavinakayanahalli,
Jim Keniston, systemtap-ml, Frank Ch. Eigler
[-- Attachment #1: Type: text/plain, Size: 1194 bytes --]
Masami Hiramatsu wrote:
> Hi
>
> I found that 2.6.28-rc1+ kernel might cause a random memory corruption
> including double fault when repeating load/unload kprobe-using module on
> i386 with CONFIG_HIGHMEN4G=y.
I think there might be two different bugs.
- First bug may be related to vunmap change.
- I'm not sure the root cause of this bug.
- However, this bug seems to be fixed by my patch(use vm_map_ram in text_poke()).
- Second bug is kprobe_fault_handler bug
- I found a clue of this bug which I reported below by using kdump&crash.
http://sources.redhat.com/bugzilla/show_bug.cgi?id=9740#c21
- I thought this bug should not be fixed by my patch, but as far as I tested,
this bug disappeared with my patch.
> A set of test code which written in plain c is attached,
> make genkprobe.ko and run testmod.sh, then the bug will
> be occurred.
If my thought is correct, previous test-code is only for the second bug.
I attached a bit different test code(just disabled the fault handler)
for the first bug.
Thank you,
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
[-- Attachment #2: genkprobe1.c --]
[-- Type: text/x-csrc, Size: 24903 bytes --]
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/kprobes.h>
MODULE_LICENSE("GPL");
static int kph(struct kprobe *kp, struct pt_regs *regs)
{
return 0;
}
#if 0
static int kpfh(struct kprobe *kp, struct pt_regs *regs, int nr)
{
printk("fault occurred on kprobes at %p(@%lx:%d)\n", kp->addr, regs->ip, nr);
return 0;
}
#else
#define kpfh NULL
#endif
static struct kprobe kp[] = {
[0]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_accept"},
[1]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_access"},
[2]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_acct"},
[3]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_add_key"},
[4]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_adjtimex"},
[5]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_alarm"},
[6]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bdflush"},
[7]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bind"},
[8]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_brk"},
[9]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capget"},
[10]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capset"},
[11]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chdir"},
[12]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chmod"},
[13]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown"},
[14]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown16"},
[15]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chroot"},
[16]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_getres"},
[17]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_gettime"},
[18]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_nanosleep"},
[19]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_settime"},
[20]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_close"},
[21]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_connect"},
[22]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_creat"},
[23]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_delete_module"},
[24]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup"},
[25]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup2"},
[26]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_create"},
[27]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_ctl"},
[28]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_pwait"},
[29]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_wait"},
[30]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_eventfd"},
[31]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_execve"},
[32]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_exit"},
[33]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_exit_group"},
[34]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_faccessat"},
[35]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64"},
[36]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64_64"},
[37]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchdir"},
[38]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmod"},
[39]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmodat"},
[40]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown"},
[41]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown16"},
[42]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchownat"},
[43]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl"},
[44]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl64"},
[45]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fdatasync"},
[46]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fgetxattr"},
[47]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flistxattr"},
[48]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flock"},
[49]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_fork"},
[50]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fremovexattr"},
[51]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsetxattr"},
[52]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat"},
[53]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat64"},
[54]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newfstat"},
[55]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatat64"},
[56]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs"},
[57]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs64"},
[58]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsync"},
[59]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate"},
[60]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate64"},
[61]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futex"},
[62]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futimesat"},
[63]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_get_thread_area"},
[64]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getcwd"},
[65]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents"},
[66]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents64"},
[67]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid16"},
[68]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid"},
[69]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid16"},
[70]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid"},
[71]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid16"},
[72]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid"},
[73]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups"},
[74]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups16"},
[75]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gethostname"},
[76]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getitimer"},
[77]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpeername"},
[78]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgid"},
[79]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgrp"},
[80]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpid"},
[81]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getppid"},
[82]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpriority"},
[83]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid16"},
[84]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid"},
[85]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid16"},
[86]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid"},
[87]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrlimit"},
[88]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_old_getrlimit"},
[89]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrusage"},
[90]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsid"},
[91]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockname"},
[92]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockopt"},
[93]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettid"},
[94]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettimeofday"},
[95]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid16"},
[96]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid"},
[97]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getxattr"},
[98]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_init_module"},
[99]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_add_watch"},
[100]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_init"},
[101]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_rm_watch"},
[102]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_cancel"},
[103]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_destroy"},
[104]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_getevents"},
[105]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_setup"},
[106]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_submit"},
[107]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioctl"},
[108]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioperm"},
[109]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_iopl"},
[110]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_get"},
[111]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_set"},
[112]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ipc"},
[113]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kexec_load"},
[114]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_keyctl"},
[115]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kill"},
[116]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown"},
[117]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown16"},
[118]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lgetxattr"},
[119]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_link"},
[120]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_linkat"},
[121]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listen"},
[122]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listxattr"},
[123]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llistxattr"},
[124]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llseek"},
[125]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lookup_dcookie"},
[126]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lremovexattr"},
[127]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lseek"},
[128]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lsetxattr"},
[129]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat"},
[130]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newlstat"},
[131]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat64"},
[132]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_madvise"},
[133]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mincore"},
[134]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdir"},
[135]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdirat"},
[136]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknod"},
[137]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknodat"},
[138]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlock"},
[139]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlockall"},
[140]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mmap2"},
[141]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_modify_ldt"},
[142]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mount"},
[143]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mprotect"},
[144]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_getsetattr"},
[145]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_notify"},
[146]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_open"},
[147]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedreceive"},
[148]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedsend"},
[149]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_unlink"},
[150]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mremap"},
[151]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgctl"},
[152]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgget"},
[153]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgrcv"},
[154]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgsnd"},
[155]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msync"},
[156]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlock"},
[157]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlockall"},
[158]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munmap"},
[159]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nanosleep"},
[160]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nfsservctl"},
[161]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ni_syscall"},
[162]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nice"},
[163]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_open"},
[164]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_openat"},
[165]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pause"},
[166]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_personality"},
[167]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pipe"},
[168]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pivot_root"},
[169]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_poll"},
[170]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ppoll"},
[171]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_prctl"},
[172]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pread64"},
[173]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pselect6"},
[174]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ptrace"},
[175]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pwrite64"},
[176]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_quotactl"},
[177]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_read"},
[178]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readahead"},
[179]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlink"},
[180]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlinkat"},
[181]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readv"},
[182]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_reboot"},
[183]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recv"},
[184]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvfrom"},
[185]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvmsg"},
[186]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_remap_file_pages"},
[187]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_removexattr"},
[188]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rename"},
[189]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_renameat"},
[190]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_request_key"},
[191]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_restart_syscall"},
[192]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rmdir"},
[193]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigaction"},
[194]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigpending"},
[195]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigprocmask"},
[196]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigqueueinfo"},
[197]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigreturn"},
[198]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigsuspend"},
[199]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigtimedwait"},
[200]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_max"},
[201]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_min"},
[202]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getaffinity"},
[203]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getparam"},
[204]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getscheduler"},
[205]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_rr_get_interval"},
[206]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setaffinity"},
[207]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setparam"},
[208]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setscheduler"},
[209]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_yield"},
[210]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_select"},
[211]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semctl"},
[212]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semget"},
[213]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
[214]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
[215]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_send"},
[216]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile"},
[217]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile64"},
[218]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendmsg"},
[219]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendto"},
[220]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_thread_area"},
[221]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_tid_address"},
[222]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setdomainname"},
[223]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid"},
[224]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid16"},
[225]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid"},
[226]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid16"},
[227]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid"},
[228]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid16"},
[229]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups"},
[230]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups16"},
[231]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sethostname"},
[232]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setitimer"},
[233]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpgid"},
[234]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpriority"},
[235]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid"},
[236]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid16"},
[237]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid"},
[238]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid16"},
[239]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid"},
[240]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid16"},
[241]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid"},
[242]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid16"},
[243]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setrlimit"},
[244]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsid"},
[245]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsockopt"},
[246]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_settimeofday"},
[247]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid16"},
[248]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid"},
[249]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setxattr"},
[250]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sgetmask"},
[251]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmat"},
[252]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmctl"},
[253]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmdt"},
[254]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmget"},
[255]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shutdown"},
[256]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaction"},
[257]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaltstack"},
[258]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signal"},
[259]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signalfd"},
[260]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigpending"},
[261]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigprocmask"},
[262]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigreturn"},
[263]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigsuspend"},
[264]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socket"},
[265]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socketpair"},
[266]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_splice"},
[267]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ssetmask"},
[268]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat"},
[269]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newstat"},
[270]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat64"},
[271]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs"},
[272]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs64"},
[273]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stime"},
[274]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapoff"},
[275]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapon"},
[276]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlink"},
[277]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlinkat"},
[278]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sync"},
[279]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysctl"},
[280]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysfs"},
[281]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysinfo"},
[282]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_syslog"},
[283]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tee"},
[284]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tgkill"},
[285]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_time"},
[286]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_create"},
[287]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_delete"},
[288]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_getoverrun"},
[289]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_gettime"},
[290]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_settime"},
[291]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_times"},
[292]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tkill"},
[293]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate"},
[294]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate64"},
[295]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umask"},
[296]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umount"},
[297]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uname"},
[298]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_olduname"},
[299]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newuname"},
[300]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlink"},
[301]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlinkat"},
[302]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unshare"},
[303]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uselib"},
[304]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ustat"},
[305]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utime"},
[306]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimensat"},
[307]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimes"},
[308]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vhangup"},
[309]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86"},
[310]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86old"},
[311]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vmsplice"},
[312]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_wait4"},
[313]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_waitid"},
[314]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_write"},
[315]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_writev"},
};
#define NRPB 316
static struct kprobe *kps[NRPB];
int __gen_init(void)
{
int ret, i;
for (i=0;i<NRPB;i++)
kps[i]=&kp[i];
printk("registering...");
ret = register_kprobes(kps, NRPB);
if (ret) {
printk("failed to register kprobes\n");
return ret;
}
printk("registered\n");
return 0;
}
void __gen_exit(void)
{
printk("unregistering...");
unregister_kprobes(kps, NRPB);
printk("unregistered\n");
}
module_init(__gen_init);
module_exit(__gen_exit);
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 5:09 ` [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
@ 2009-01-28 15:48 ` Mathieu Desnoyers
2009-01-28 16:22 ` Mathieu Desnoyers
2009-01-28 16:59 ` Masami Hiramatsu
0 siblings, 2 replies; 18+ messages in thread
From: Mathieu Desnoyers @ 2009-01-28 15:48 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Masami Hiramatsu (mhiramat@redhat.com) wrote:
> Masami Hiramatsu wrote:
>> Hi
>> I found that 2.6.28-rc1+ kernel might cause a random memory corruption
>> including double fault when repeating load/unload kprobe-using module on
>> i386 with CONFIG_HIGHMEN4G=y.
>
> I think there might be two different bugs.
>
> - First bug may be related to vunmap change.
> - I'm not sure the root cause of this bug.
> - However, this bug seems to be fixed by my patch(use vm_map_ram in
> text_poke()).
>
> - Second bug is kprobe_fault_handler bug
> - I found a clue of this bug which I reported below by using
> kdump&crash.
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=9740#c21
> - I thought this bug should not be fixed by my patch, but as far as I
> tested,
> this bug disappeared with my patch.
>
Hi Masami,
This would not surprise me if it came from bug in the new vmap()
implementation done in this commit :
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db64fe02258f1507e13fe5212a989922323685ce
Especially because going from vmap -> vm_map_ram makes this behavior
disappear.
Looking at the commit, I notice that it delays vunmap so it's done in
batch to minimize locking effect. I think it would be good to create a
test case to try to isolate this, without any kprobes/text_poke
involved, which does something like this :
load module (this is also doing vmalloc, so it might be part of the
problem)
for i (i=0; i < 400; i++) {
vmap()
vfree()
}
unload module
Another interesting test would be :
for i (i=0; i < 400; i++) {
vmalloc()
vfree()
}
All this called in a loop. This would help isolating the "vmap" part of
the issue. If this test is not enough, then we should maybe try
something like this in a kernel module (which does what text_poke does
with vmalloc, more or less) in a loop :
char somedata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
char copydata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
void test_vmap(void)
}
struct page *pages[2];
char *vaddr;
int i;
for (i = 0; i < 2 * PAGE_SIZE; i++)
copydata[i] = somedata[i];
page[0] = virt_to_page(&somedata);
BUG_ON(!page[0]);
page[1] = virt_to_page(&somedata + PAGE_SIZE);
BUG_ON(!page[1]);
vaddr = vmap(pages, 2, VM_MAP, PAGE_KERNEL);
BUG_ON(!vaddr);
for (i = 0; i < 2 * PAGE_SIZE; i++)
vaddr[i] = copydata[i] + 1;
vunmap(vaddr);
for (i = 0; i < 2 * PAGE_SIZE; i++)
BUG_ON(somedata[i] != copydata[i] + 1);
}
Given you don't seem to have hit the
for (i = 0; i < len; i++)
BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
test at the end of text_poke, I suspect the write through the vmapped
area is correctly done, but that the problem may lay in the mm layer.
Maybe it's running out of pre-allocated vmap areas or something like
this ?
Best regards,
Mathieu
>> A set of test code which written in plain c is attached,
>> make genkprobe.ko and run testmod.sh, then the bug will
>> be occurred.
>
> If my thought is correct, previous test-code is only for the second bug.
> I attached a bit different test code(just disabled the fault handler)
> for the first bug.
>
> Thank you,
>
> --
> Masami Hiramatsu
>
> Software Engineer
> Hitachi Computer Products (America) Inc.
> Software Solutions Division
>
> e-mail: mhiramat@redhat.com
>
>
> #include <linux/module.h>
> #include <linux/kernel.h>
> #include <linux/init.h>
> #include <linux/kprobes.h>
>
> MODULE_LICENSE("GPL");
>
> static int kph(struct kprobe *kp, struct pt_regs *regs)
> {
> return 0;
> }
> #if 0
> static int kpfh(struct kprobe *kp, struct pt_regs *regs, int nr)
> {
> printk("fault occurred on kprobes at %p(@%lx:%d)\n", kp->addr, regs->ip, nr);
> return 0;
> }
> #else
> #define kpfh NULL
> #endif
> static struct kprobe kp[] = {
> [0]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_accept"},
> [1]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_access"},
> [2]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_acct"},
> [3]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_add_key"},
> [4]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_adjtimex"},
> [5]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_alarm"},
> [6]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bdflush"},
> [7]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bind"},
> [8]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_brk"},
> [9]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capget"},
> [10]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capset"},
> [11]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chdir"},
> [12]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chmod"},
> [13]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown"},
> [14]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown16"},
> [15]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chroot"},
> [16]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_getres"},
> [17]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_gettime"},
> [18]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_nanosleep"},
> [19]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_settime"},
> [20]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_close"},
> [21]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_connect"},
> [22]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_creat"},
> [23]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_delete_module"},
> [24]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup"},
> [25]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup2"},
> [26]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_create"},
> [27]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_ctl"},
> [28]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_pwait"},
> [29]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_wait"},
> [30]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_eventfd"},
> [31]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_execve"},
> [32]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_exit"},
> [33]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_exit_group"},
> [34]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_faccessat"},
> [35]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64"},
> [36]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64_64"},
> [37]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchdir"},
> [38]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmod"},
> [39]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmodat"},
> [40]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown"},
> [41]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown16"},
> [42]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchownat"},
> [43]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl"},
> [44]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl64"},
> [45]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fdatasync"},
> [46]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fgetxattr"},
> [47]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flistxattr"},
> [48]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flock"},
> [49]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_fork"},
> [50]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fremovexattr"},
> [51]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsetxattr"},
> [52]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat"},
> [53]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat64"},
> [54]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newfstat"},
> [55]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatat64"},
> [56]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs"},
> [57]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs64"},
> [58]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsync"},
> [59]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate"},
> [60]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate64"},
> [61]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futex"},
> [62]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futimesat"},
> [63]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_get_thread_area"},
> [64]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getcwd"},
> [65]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents"},
> [66]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents64"},
> [67]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid16"},
> [68]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid"},
> [69]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid16"},
> [70]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid"},
> [71]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid16"},
> [72]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid"},
> [73]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups"},
> [74]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups16"},
> [75]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gethostname"},
> [76]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getitimer"},
> [77]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpeername"},
> [78]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgid"},
> [79]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgrp"},
> [80]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpid"},
> [81]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getppid"},
> [82]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpriority"},
> [83]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid16"},
> [84]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid"},
> [85]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid16"},
> [86]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid"},
> [87]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrlimit"},
> [88]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_old_getrlimit"},
> [89]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrusage"},
> [90]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsid"},
> [91]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockname"},
> [92]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockopt"},
> [93]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettid"},
> [94]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettimeofday"},
> [95]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid16"},
> [96]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid"},
> [97]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getxattr"},
> [98]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_init_module"},
> [99]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_add_watch"},
> [100]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_init"},
> [101]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_rm_watch"},
> [102]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_cancel"},
> [103]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_destroy"},
> [104]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_getevents"},
> [105]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_setup"},
> [106]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_submit"},
> [107]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioctl"},
> [108]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioperm"},
> [109]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_iopl"},
> [110]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_get"},
> [111]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_set"},
> [112]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ipc"},
> [113]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kexec_load"},
> [114]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_keyctl"},
> [115]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kill"},
> [116]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown"},
> [117]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown16"},
> [118]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lgetxattr"},
> [119]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_link"},
> [120]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_linkat"},
> [121]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listen"},
> [122]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listxattr"},
> [123]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llistxattr"},
> [124]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llseek"},
> [125]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lookup_dcookie"},
> [126]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lremovexattr"},
> [127]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lseek"},
> [128]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lsetxattr"},
> [129]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat"},
> [130]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newlstat"},
> [131]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat64"},
> [132]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_madvise"},
> [133]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mincore"},
> [134]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdir"},
> [135]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdirat"},
> [136]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknod"},
> [137]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknodat"},
> [138]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlock"},
> [139]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlockall"},
> [140]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mmap2"},
> [141]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_modify_ldt"},
> [142]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mount"},
> [143]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mprotect"},
> [144]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_getsetattr"},
> [145]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_notify"},
> [146]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_open"},
> [147]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedreceive"},
> [148]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedsend"},
> [149]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_unlink"},
> [150]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mremap"},
> [151]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgctl"},
> [152]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgget"},
> [153]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgrcv"},
> [154]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgsnd"},
> [155]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msync"},
> [156]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlock"},
> [157]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlockall"},
> [158]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munmap"},
> [159]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nanosleep"},
> [160]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nfsservctl"},
> [161]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ni_syscall"},
> [162]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nice"},
> [163]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_open"},
> [164]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_openat"},
> [165]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pause"},
> [166]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_personality"},
> [167]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pipe"},
> [168]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pivot_root"},
> [169]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_poll"},
> [170]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ppoll"},
> [171]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_prctl"},
> [172]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pread64"},
> [173]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pselect6"},
> [174]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ptrace"},
> [175]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pwrite64"},
> [176]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_quotactl"},
> [177]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_read"},
> [178]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readahead"},
> [179]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlink"},
> [180]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlinkat"},
> [181]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readv"},
> [182]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_reboot"},
> [183]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recv"},
> [184]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvfrom"},
> [185]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvmsg"},
> [186]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_remap_file_pages"},
> [187]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_removexattr"},
> [188]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rename"},
> [189]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_renameat"},
> [190]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_request_key"},
> [191]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_restart_syscall"},
> [192]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rmdir"},
> [193]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigaction"},
> [194]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigpending"},
> [195]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigprocmask"},
> [196]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigqueueinfo"},
> [197]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigreturn"},
> [198]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigsuspend"},
> [199]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigtimedwait"},
> [200]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_max"},
> [201]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_min"},
> [202]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getaffinity"},
> [203]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getparam"},
> [204]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getscheduler"},
> [205]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_rr_get_interval"},
> [206]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setaffinity"},
> [207]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setparam"},
> [208]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setscheduler"},
> [209]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_yield"},
> [210]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_select"},
> [211]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semctl"},
> [212]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semget"},
> [213]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
> [214]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
> [215]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_send"},
> [216]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile"},
> [217]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile64"},
> [218]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendmsg"},
> [219]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendto"},
> [220]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_thread_area"},
> [221]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_tid_address"},
> [222]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setdomainname"},
> [223]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid"},
> [224]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid16"},
> [225]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid"},
> [226]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid16"},
> [227]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid"},
> [228]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid16"},
> [229]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups"},
> [230]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups16"},
> [231]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sethostname"},
> [232]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setitimer"},
> [233]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpgid"},
> [234]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpriority"},
> [235]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid"},
> [236]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid16"},
> [237]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid"},
> [238]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid16"},
> [239]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid"},
> [240]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid16"},
> [241]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid"},
> [242]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid16"},
> [243]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setrlimit"},
> [244]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsid"},
> [245]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsockopt"},
> [246]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_settimeofday"},
> [247]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid16"},
> [248]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid"},
> [249]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setxattr"},
> [250]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sgetmask"},
> [251]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmat"},
> [252]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmctl"},
> [253]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmdt"},
> [254]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmget"},
> [255]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shutdown"},
> [256]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaction"},
> [257]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaltstack"},
> [258]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signal"},
> [259]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signalfd"},
> [260]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigpending"},
> [261]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigprocmask"},
> [262]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigreturn"},
> [263]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigsuspend"},
> [264]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socket"},
> [265]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socketpair"},
> [266]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_splice"},
> [267]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ssetmask"},
> [268]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat"},
> [269]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newstat"},
> [270]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat64"},
> [271]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs"},
> [272]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs64"},
> [273]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stime"},
> [274]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapoff"},
> [275]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapon"},
> [276]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlink"},
> [277]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlinkat"},
> [278]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sync"},
> [279]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysctl"},
> [280]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysfs"},
> [281]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysinfo"},
> [282]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_syslog"},
> [283]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tee"},
> [284]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tgkill"},
> [285]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_time"},
> [286]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_create"},
> [287]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_delete"},
> [288]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_getoverrun"},
> [289]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_gettime"},
> [290]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_settime"},
> [291]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_times"},
> [292]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tkill"},
> [293]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate"},
> [294]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate64"},
> [295]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umask"},
> [296]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umount"},
> [297]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uname"},
> [298]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_olduname"},
> [299]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newuname"},
> [300]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlink"},
> [301]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlinkat"},
> [302]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unshare"},
> [303]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uselib"},
> [304]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ustat"},
> [305]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utime"},
> [306]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimensat"},
> [307]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimes"},
> [308]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vhangup"},
> [309]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86"},
> [310]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86old"},
> [311]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vmsplice"},
> [312]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_wait4"},
> [313]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_waitid"},
> [314]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_write"},
> [315]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_writev"},
> };
> #define NRPB 316
>
> static struct kprobe *kps[NRPB];
>
> int __gen_init(void)
> {
> int ret, i;
> for (i=0;i<NRPB;i++)
> kps[i]=&kp[i];
> printk("registering...");
> ret = register_kprobes(kps, NRPB);
> if (ret) {
> printk("failed to register kprobes\n");
> return ret;
> }
> printk("registered\n");
> return 0;
> }
>
> void __gen_exit(void)
> {
> printk("unregistering...");
> unregister_kprobes(kps, NRPB);
> printk("unregistered\n");
> }
>
> module_init(__gen_init);
> module_exit(__gen_exit);
>
--
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 15:48 ` Mathieu Desnoyers
@ 2009-01-28 16:22 ` Mathieu Desnoyers
2009-01-28 16:59 ` Masami Hiramatsu
1 sibling, 0 replies; 18+ messages in thread
From: Mathieu Desnoyers @ 2009-01-28 16:22 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Mathieu Desnoyers (mathieu.desnoyers@polymtl.ca) wrote:
> * Masami Hiramatsu (mhiramat@redhat.com) wrote:
> > Masami Hiramatsu wrote:
> >> Hi
> >> I found that 2.6.28-rc1+ kernel might cause a random memory corruption
> >> including double fault when repeating load/unload kprobe-using module on
> >> i386 with CONFIG_HIGHMEN4G=y.
> >
> > I think there might be two different bugs.
> >
> > - First bug may be related to vunmap change.
> > - I'm not sure the root cause of this bug.
> > - However, this bug seems to be fixed by my patch(use vm_map_ram in
> > text_poke()).
> >
> > - Second bug is kprobe_fault_handler bug
> > - I found a clue of this bug which I reported below by using
> > kdump&crash.
> > http://sources.redhat.com/bugzilla/show_bug.cgi?id=9740#c21
> > - I thought this bug should not be fixed by my patch, but as far as I
> > tested,
> > this bug disappeared with my patch.
> >
>
> Hi Masami,
>
> This would not surprise me if it came from bug in the new vmap()
> implementation done in this commit :
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db64fe02258f1507e13fe5212a989922323685ce
>
> Especially because going from vmap -> vm_map_ram makes this behavior
> disappear.
>
> Looking at the commit, I notice that it delays vunmap so it's done in
> batch to minimize locking effect. I think it would be good to create a
> test case to try to isolate this, without any kprobes/text_poke
> involved, which does something like this :
>
> load module (this is also doing vmalloc, so it might be part of the
> problem)
> for i (i=0; i < 400; i++) {
> vmap()
> vfree()
> }
> unload module
>
> Another interesting test would be :
>
> for i (i=0; i < 400; i++) {
> vmalloc()
> vfree()
> }
>
>
> All this called in a loop. This would help isolating the "vmap" part of
> the issue. If this test is not enough, then we should maybe try
> something like this in a kernel module (which does what text_poke does
> with vmalloc, more or less) in a loop :
>
> char somedata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
> char copydata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
>
> void test_vmap(void)
> }
> struct page *pages[2];
> char *vaddr;
> int i;
>
> for (i = 0; i < 2 * PAGE_SIZE; i++)
> copydata[i] = somedata[i];
> page[0] = virt_to_page(&somedata);
> BUG_ON(!page[0]);
> page[1] = virt_to_page(&somedata + PAGE_SIZE);
> BUG_ON(!page[1]);
> vaddr = vmap(pages, 2, VM_MAP, PAGE_KERNEL);
> BUG_ON(!vaddr);
>
> for (i = 0; i < 2 * PAGE_SIZE; i++)
> vaddr[i] = copydata[i] + 1;
>
> vunmap(vaddr);
>
> for (i = 0; i < 2 * PAGE_SIZE; i++)
> BUG_ON(somedata[i] != copydata[i] + 1);
> }
>
>
> Given you don't seem to have hit the
> for (i = 0; i < len; i++)
> BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
> test at the end of text_poke, I suspect the write through the vmapped
> area is correctly done, but that the problem may lay in the mm layer.
> Maybe it's running out of pre-allocated vmap areas or something like
> this ?
>
My red light blinks at this function :
/*
422 * lazy_max_pages is the maximum amount of virtual address space we gather up
423 * before attempting to purge with a TLB flush.
424 *
425 * There is a tradeoff here: a larger number will cover more kernel page tables
426 * and take slightly longer to purge, but it will linearly reduce the number of
427 * global TLB flushes that must be performed. It would seem natural to scale
428 * this number up linearly with the number of CPUs (because vmapping activity
429 * could also scale linearly with the number of CPUs), however it is likely
430 * that in practice, workloads might be constrained in other ways that mean
431 * vmap activity will not scale linearly with CPUs. Also, I want to be
432 * conservative and not introduce a big latency on huge systems, so go with
433 * a less aggressive log scale. It will still be an improvement over the old
434 * code, and it will be simple to change the scale factor if we find that it
435 * becomes a problem on bigger systems.
436 */
437 static unsigned long lazy_max_pages(void)
438 {
439 unsigned int log;
440
441 log = fls(num_online_cpus());
442
443 return log * (32UL * 1024 * 1024 / PAGE_SIZE);
444 }
Is it me or with 8 active CPUs, this can reach
3 * (32UL * 1024 * 1024 / PAGE_SIZE) = 24576 pages
or 96 MB
On my laptop with 2GB ram, I have these numbers in /proc/meminfo :
VmallocTotal: 122880 kB
VmallocUsed: 40268 kB
VmallocChunk: 75732 kB
So I think it's possible that this lazy_max_pages does not protect from
using all the pages between two RCU periods.
You might want as a quick test to try changing
return log * (32UL * 1024 * 1024 / PAGE_SIZE);
for
return min(1024, log * (32UL * 1024 * 1024 / PAGE_SIZE));
(a cap to 4M of vmalloc space should be safe to start from and see if it
fixes the problem. After that we could tweak it wrt available vmalloc
space, but let's play on the safe side)
Mathieu
> Best regards,
>
> Mathieu
>
> >> A set of test code which written in plain c is attached,
> >> make genkprobe.ko and run testmod.sh, then the bug will
> >> be occurred.
> >
> > If my thought is correct, previous test-code is only for the second bug.
> > I attached a bit different test code(just disabled the fault handler)
> > for the first bug.
> >
> > Thank you,
> >
> > --
> > Masami Hiramatsu
> >
> > Software Engineer
> > Hitachi Computer Products (America) Inc.
> > Software Solutions Division
> >
> > e-mail: mhiramat@redhat.com
> >
> >
>
> > #include <linux/module.h>
> > #include <linux/kernel.h>
> > #include <linux/init.h>
> > #include <linux/kprobes.h>
> >
> > MODULE_LICENSE("GPL");
> >
> > static int kph(struct kprobe *kp, struct pt_regs *regs)
> > {
> > return 0;
> > }
> > #if 0
> > static int kpfh(struct kprobe *kp, struct pt_regs *regs, int nr)
> > {
> > printk("fault occurred on kprobes at %p(@%lx:%d)\n", kp->addr, regs->ip, nr);
> > return 0;
> > }
> > #else
> > #define kpfh NULL
> > #endif
> > static struct kprobe kp[] = {
> > [0]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_accept"},
> > [1]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_access"},
> > [2]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_acct"},
> > [3]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_add_key"},
> > [4]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_adjtimex"},
> > [5]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_alarm"},
> > [6]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bdflush"},
> > [7]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_bind"},
> > [8]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_brk"},
> > [9]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capget"},
> > [10]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_capset"},
> > [11]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chdir"},
> > [12]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chmod"},
> > [13]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown"},
> > [14]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chown16"},
> > [15]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_chroot"},
> > [16]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_getres"},
> > [17]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_gettime"},
> > [18]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_nanosleep"},
> > [19]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_clock_settime"},
> > [20]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_close"},
> > [21]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_connect"},
> > [22]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_creat"},
> > [23]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_delete_module"},
> > [24]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup"},
> > [25]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_dup2"},
> > [26]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_create"},
> > [27]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_ctl"},
> > [28]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_pwait"},
> > [29]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_epoll_wait"},
> > [30]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_eventfd"},
> > [31]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_execve"},
> > [32]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_exit"},
> > [33]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_exit_group"},
> > [34]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_faccessat"},
> > [35]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64"},
> > [36]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fadvise64_64"},
> > [37]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchdir"},
> > [38]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmod"},
> > [39]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchmodat"},
> > [40]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown"},
> > [41]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchown16"},
> > [42]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fchownat"},
> > [43]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl"},
> > [44]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fcntl64"},
> > [45]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fdatasync"},
> > [46]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fgetxattr"},
> > [47]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flistxattr"},
> > [48]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_flock"},
> > [49]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="do_fork"},
> > [50]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fremovexattr"},
> > [51]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsetxattr"},
> > [52]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat"},
> > [53]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstat64"},
> > [54]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newfstat"},
> > [55]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatat64"},
> > [56]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs"},
> > [57]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fstatfs64"},
> > [58]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_fsync"},
> > [59]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate"},
> > [60]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ftruncate64"},
> > [61]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futex"},
> > [62]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_futimesat"},
> > [63]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_get_thread_area"},
> > [64]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getcwd"},
> > [65]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents"},
> > [66]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getdents64"},
> > [67]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid16"},
> > [68]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getegid"},
> > [69]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid16"},
> > [70]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_geteuid"},
> > [71]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid16"},
> > [72]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgid"},
> > [73]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups"},
> > [74]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getgroups16"},
> > [75]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gethostname"},
> > [76]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getitimer"},
> > [77]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpeername"},
> > [78]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgid"},
> > [79]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpgrp"},
> > [80]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpid"},
> > [81]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getppid"},
> > [82]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getpriority"},
> > [83]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid16"},
> > [84]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresgid"},
> > [85]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid16"},
> > [86]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getresuid"},
> > [87]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrlimit"},
> > [88]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_old_getrlimit"},
> > [89]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getrusage"},
> > [90]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsid"},
> > [91]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockname"},
> > [92]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getsockopt"},
> > [93]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettid"},
> > [94]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_gettimeofday"},
> > [95]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid16"},
> > [96]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getuid"},
> > [97]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_getxattr"},
> > [98]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_init_module"},
> > [99]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_add_watch"},
> > [100]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_init"},
> > [101]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_inotify_rm_watch"},
> > [102]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_cancel"},
> > [103]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_destroy"},
> > [104]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_getevents"},
> > [105]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_setup"},
> > [106]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_io_submit"},
> > [107]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioctl"},
> > [108]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioperm"},
> > [109]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_iopl"},
> > [110]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_get"},
> > [111]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ioprio_set"},
> > [112]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ipc"},
> > [113]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kexec_load"},
> > [114]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_keyctl"},
> > [115]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_kill"},
> > [116]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown"},
> > [117]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lchown16"},
> > [118]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lgetxattr"},
> > [119]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_link"},
> > [120]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_linkat"},
> > [121]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listen"},
> > [122]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_listxattr"},
> > [123]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llistxattr"},
> > [124]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_llseek"},
> > [125]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lookup_dcookie"},
> > [126]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lremovexattr"},
> > [127]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lseek"},
> > [128]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lsetxattr"},
> > [129]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat"},
> > [130]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newlstat"},
> > [131]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_lstat64"},
> > [132]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_madvise"},
> > [133]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mincore"},
> > [134]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdir"},
> > [135]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mkdirat"},
> > [136]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknod"},
> > [137]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mknodat"},
> > [138]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlock"},
> > [139]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mlockall"},
> > [140]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mmap2"},
> > [141]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_modify_ldt"},
> > [142]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mount"},
> > [143]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mprotect"},
> > [144]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_getsetattr"},
> > [145]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_notify"},
> > [146]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_open"},
> > [147]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedreceive"},
> > [148]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_timedsend"},
> > [149]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mq_unlink"},
> > [150]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_mremap"},
> > [151]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgctl"},
> > [152]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgget"},
> > [153]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgrcv"},
> > [154]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msgsnd"},
> > [155]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_msync"},
> > [156]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlock"},
> > [157]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munlockall"},
> > [158]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_munmap"},
> > [159]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nanosleep"},
> > [160]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nfsservctl"},
> > [161]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ni_syscall"},
> > [162]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_nice"},
> > [163]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_open"},
> > [164]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_openat"},
> > [165]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pause"},
> > [166]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_personality"},
> > [167]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pipe"},
> > [168]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pivot_root"},
> > [169]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_poll"},
> > [170]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ppoll"},
> > [171]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_prctl"},
> > [172]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pread64"},
> > [173]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pselect6"},
> > [174]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ptrace"},
> > [175]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_pwrite64"},
> > [176]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_quotactl"},
> > [177]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_read"},
> > [178]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readahead"},
> > [179]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlink"},
> > [180]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readlinkat"},
> > [181]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_readv"},
> > [182]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_reboot"},
> > [183]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recv"},
> > [184]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvfrom"},
> > [185]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_recvmsg"},
> > [186]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_remap_file_pages"},
> > [187]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_removexattr"},
> > [188]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rename"},
> > [189]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_renameat"},
> > [190]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_request_key"},
> > [191]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_restart_syscall"},
> > [192]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rmdir"},
> > [193]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigaction"},
> > [194]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigpending"},
> > [195]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigprocmask"},
> > [196]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigqueueinfo"},
> > [197]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigreturn"},
> > [198]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigsuspend"},
> > [199]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_rt_sigtimedwait"},
> > [200]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_max"},
> > [201]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_get_priority_min"},
> > [202]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getaffinity"},
> > [203]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getparam"},
> > [204]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_getscheduler"},
> > [205]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_rr_get_interval"},
> > [206]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setaffinity"},
> > [207]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setparam"},
> > [208]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_setscheduler"},
> > [209]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sched_yield"},
> > [210]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_select"},
> > [211]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semctl"},
> > [212]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semget"},
> > [213]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
> > [214]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_semtimedop"},
> > [215]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_send"},
> > [216]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile"},
> > [217]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendfile64"},
> > [218]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendmsg"},
> > [219]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sendto"},
> > [220]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_thread_area"},
> > [221]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_set_tid_address"},
> > [222]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setdomainname"},
> > [223]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid"},
> > [224]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsgid16"},
> > [225]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid"},
> > [226]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setfsuid16"},
> > [227]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid"},
> > [228]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgid16"},
> > [229]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups"},
> > [230]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setgroups16"},
> > [231]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sethostname"},
> > [232]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setitimer"},
> > [233]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpgid"},
> > [234]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setpriority"},
> > [235]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid"},
> > [236]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setregid16"},
> > [237]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid"},
> > [238]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresgid16"},
> > [239]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid"},
> > [240]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setresuid16"},
> > [241]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid"},
> > [242]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setreuid16"},
> > [243]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setrlimit"},
> > [244]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsid"},
> > [245]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setsockopt"},
> > [246]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_settimeofday"},
> > [247]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid16"},
> > [248]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setuid"},
> > [249]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_setxattr"},
> > [250]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sgetmask"},
> > [251]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmat"},
> > [252]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmctl"},
> > [253]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmdt"},
> > [254]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shmget"},
> > [255]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_shutdown"},
> > [256]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaction"},
> > [257]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigaltstack"},
> > [258]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signal"},
> > [259]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_signalfd"},
> > [260]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigpending"},
> > [261]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigprocmask"},
> > [262]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigreturn"},
> > [263]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sigsuspend"},
> > [264]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socket"},
> > [265]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_socketpair"},
> > [266]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_splice"},
> > [267]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ssetmask"},
> > [268]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat"},
> > [269]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newstat"},
> > [270]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stat64"},
> > [271]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs"},
> > [272]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_statfs64"},
> > [273]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_stime"},
> > [274]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapoff"},
> > [275]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_swapon"},
> > [276]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlink"},
> > [277]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_symlinkat"},
> > [278]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sync"},
> > [279]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysctl"},
> > [280]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysfs"},
> > [281]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_sysinfo"},
> > [282]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_syslog"},
> > [283]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tee"},
> > [284]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tgkill"},
> > [285]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_time"},
> > [286]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_create"},
> > [287]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_delete"},
> > [288]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_getoverrun"},
> > [289]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_gettime"},
> > [290]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_timer_settime"},
> > [291]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_times"},
> > [292]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_tkill"},
> > [293]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate"},
> > [294]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_truncate64"},
> > [295]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umask"},
> > [296]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_umount"},
> > [297]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uname"},
> > [298]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_olduname"},
> > [299]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_newuname"},
> > [300]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlink"},
> > [301]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unlinkat"},
> > [302]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_unshare"},
> > [303]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_uselib"},
> > [304]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_ustat"},
> > [305]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utime"},
> > [306]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimensat"},
> > [307]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_utimes"},
> > [308]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vhangup"},
> > [309]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86"},
> > [310]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vm86old"},
> > [311]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_vmsplice"},
> > [312]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_wait4"},
> > [313]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_waitid"},
> > [314]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_write"},
> > [315]={.pre_handler=kph, .fault_handler=kpfh, .symbol_name="sys_writev"},
> > };
> > #define NRPB 316
> >
> > static struct kprobe *kps[NRPB];
> >
> > int __gen_init(void)
> > {
> > int ret, i;
> > for (i=0;i<NRPB;i++)
> > kps[i]=&kp[i];
> > printk("registering...");
> > ret = register_kprobes(kps, NRPB);
> > if (ret) {
> > printk("failed to register kprobes\n");
> > return ret;
> > }
> > printk("registered\n");
> > return 0;
> > }
> >
> > void __gen_exit(void)
> > {
> > printk("unregistering...");
> > unregister_kprobes(kps, NRPB);
> > printk("unregistered\n");
> > }
> >
> > module_init(__gen_init);
> > module_exit(__gen_exit);
> >
>
>
> --
> Mathieu Desnoyers
> OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
--
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 15:48 ` Mathieu Desnoyers
2009-01-28 16:22 ` Mathieu Desnoyers
@ 2009-01-28 16:59 ` Masami Hiramatsu
2009-01-28 17:13 ` Mathieu Desnoyers
1 sibling, 1 reply; 18+ messages in thread
From: Masami Hiramatsu @ 2009-01-28 16:59 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
Mathieu Desnoyers wrote:
> * Masami Hiramatsu (mhiramat@redhat.com) wrote:
>> Masami Hiramatsu wrote:
> Hi Masami,
>
> This would not surprise me if it came from bug in the new vmap()
> implementation done in this commit :
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db64fe02258f1507e13fe5212a989922323685ce
>
> Especially because going from vmap -> vm_map_ram makes this behavior
> disappear.
>
> Looking at the commit, I notice that it delays vunmap so it's done in
> batch to minimize locking effect. I think it would be good to create a
> test case to try to isolate this, without any kprobes/text_poke
> involved, which does something like this :
>
> load module (this is also doing vmalloc, so it might be part of the
> problem)
> for i (i=0; i < 400; i++) {
> vmap()
> vfree()
^^^^^ vunmap?
> }
> unload module
>
> Another interesting test would be :
>
> for i (i=0; i < 400; i++) {
> vmalloc()
> vfree()
> }
Hi Mathieu,
Thank you for test ideas.
I made both of above two tests and run it. Both test modules
do NOT cause memory corruption...
> All this called in a loop. This would help isolating the "vmap" part of
> the issue. If this test is not enough, then we should maybe try
> something like this in a kernel module (which does what text_poke does
> with vmalloc, more or less) in a loop :
>
> char somedata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
> char copydata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
Should both of them have PAGE_SIZE*2?
>
> void test_vmap(void)
> }
> struct page *pages[2];
> char *vaddr;
> int i;
>
> for (i = 0; i < 2 * PAGE_SIZE; i++)
> copydata[i] = somedata[i];
> page[0] = virt_to_page(&somedata);
> BUG_ON(!page[0]);
> page[1] = virt_to_page(&somedata + PAGE_SIZE);
> BUG_ON(!page[1]);
> vaddr = vmap(pages, 2, VM_MAP, PAGE_KERNEL);
> BUG_ON(!vaddr);
>
> for (i = 0; i < 2 * PAGE_SIZE; i++)
> vaddr[i] = copydata[i] + 1;
>
> vunmap(vaddr);
>
> for (i = 0; i < 2 * PAGE_SIZE; i++)
> BUG_ON(somedata[i] != copydata[i] + 1);
> }
Hmm, when I ran above code, it hit the last BUG_ON().
I checked that somedata[i] didn't updated.
> Given you don't seem to have hit the
> for (i = 0; i < len; i++)
> BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
> test at the end of text_poke,
However, when I ran kprobe-based test, it doesn't hit the BUG_ON()
in text_poke().
> I suspect the write through the vmapped
> area is correctly done, but that the problem may lay in the mm layer.
> Maybe it's running out of pre-allocated vmap areas or something like
> this ?
I haven't seen vmalloc failure message on 2.6.29-rc2.
Thank you again,
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 16:59 ` Masami Hiramatsu
@ 2009-01-28 17:13 ` Mathieu Desnoyers
2009-01-28 17:58 ` Masami Hiramatsu
0 siblings, 1 reply; 18+ messages in thread
From: Mathieu Desnoyers @ 2009-01-28 17:13 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Masami Hiramatsu (mhiramat@redhat.com) wrote:
> Mathieu Desnoyers wrote:
> > * Masami Hiramatsu (mhiramat@redhat.com) wrote:
> >> Masami Hiramatsu wrote:
> > Hi Masami,
> >
> > This would not surprise me if it came from bug in the new vmap()
> > implementation done in this commit :
> >
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db64fe02258f1507e13fe5212a989922323685ce
> >
> > Especially because going from vmap -> vm_map_ram makes this behavior
> > disappear.
> >
> > Looking at the commit, I notice that it delays vunmap so it's done in
> > batch to minimize locking effect. I think it would be good to create a
> > test case to try to isolate this, without any kprobes/text_poke
> > involved, which does something like this :
> >
> > load module (this is also doing vmalloc, so it might be part of the
> > problem)
> > for i (i=0; i < 400; i++) {
> > vmap()
> > vfree()
> ^^^^^ vunmap?
yep.
> > }
> > unload module
> >
> > Another interesting test would be :
> >
> > for i (i=0; i < 400; i++) {
> > vmalloc()
> > vfree()
> > }
>
> Hi Mathieu,
>
> Thank you for test ideas.
> I made both of above two tests and run it. Both test modules
> do NOT cause memory corruption...
>
OK
> > All this called in a loop. This would help isolating the "vmap" part of
> > the issue. If this test is not enough, then we should maybe try
> > something like this in a kernel module (which does what text_poke does
> > with vmalloc, more or less) in a loop :
> >
> > char somedata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
> > char copydata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
>
> Should both of them have PAGE_SIZE*2?
>
Yes.
> >
> > void test_vmap(void)
> > }
> > struct page *pages[2];
> > char *vaddr;
> > int i;
> >
> > for (i = 0; i < 2 * PAGE_SIZE; i++)
> > copydata[i] = somedata[i];
> > page[0] = virt_to_page(&somedata);
> > BUG_ON(!page[0]);
> > page[1] = virt_to_page(&somedata + PAGE_SIZE);
> > BUG_ON(!page[1]);
> > vaddr = vmap(pages, 2, VM_MAP, PAGE_KERNEL);
> > BUG_ON(!vaddr);
> >
> > for (i = 0; i < 2 * PAGE_SIZE; i++)
> > vaddr[i] = copydata[i] + 1;
> >
> > vunmap(vaddr);
> >
> > for (i = 0; i < 2 * PAGE_SIZE; i++)
> > BUG_ON(somedata[i] != copydata[i] + 1);
> > }
>
> Hmm, when I ran above code, it hit the last BUG_ON().
> I checked that somedata[i] didn't updated.
>
Do you hit the BUG_ON after the first loop ?
> > Given you don't seem to have hit the
> > for (i = 0; i < len; i++)
> > BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
> > test at the end of text_poke,
>
> However, when I ran kprobe-based test, it doesn't hit the BUG_ON()
> in text_poke().
>
The variable declarations should have been 2*PAGE_SIZE, hopefully you
fixed them.
There is also a sync_core() in text_poke. It should not matter, but
maybe that could help ?
> > I suspect the write through the vmapped
> > area is correctly done, but that the problem may lay in the mm layer.
> > Maybe it's running out of pre-allocated vmap areas or something like
> > this ?
>
> I haven't seen vmalloc failure message on 2.6.29-rc2.
>
It could be because the available vmalloc space is slightly higher.
Looking into the lazy vunmap threshold would be useful.
You could also try with loop values higher than 400.
Mathieu
> Thank you again,
>
>
> --
> Masami Hiramatsu
>
> Software Engineer
> Hitachi Computer Products (America) Inc.
> Software Solutions Division
>
> e-mail: mhiramat@redhat.com
>
--
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 17:13 ` Mathieu Desnoyers
@ 2009-01-28 17:58 ` Masami Hiramatsu
2009-01-28 18:10 ` Mathieu Desnoyers
2009-01-28 18:13 ` [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
0 siblings, 2 replies; 18+ messages in thread
From: Masami Hiramatsu @ 2009-01-28 17:58 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
Mathieu Desnoyers wrote:
> * Masami Hiramatsu (mhiramat@redhat.com) wrote:
>> Mathieu Desnoyers wrote:
[...]
>>> All this called in a loop. This would help isolating the "vmap" part of
>>> the issue. If this test is not enough, then we should maybe try
>>> something like this in a kernel module (which does what text_poke does
>>> with vmalloc, more or less) in a loop :
>>>
>>> char somedata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
>>> char copydata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
>> Should both of them have PAGE_SIZE*2?
>>
>
> Yes.
>
>>> void test_vmap(void)
>>> }
>>> struct page *pages[2];
>>> char *vaddr;
>>> int i;
>>>
>>> for (i = 0; i < 2 * PAGE_SIZE; i++)
>>> copydata[i] = somedata[i];
>>> page[0] = virt_to_page(&somedata);
>>> BUG_ON(!page[0]);
>>> page[1] = virt_to_page(&somedata + PAGE_SIZE);
>>> BUG_ON(!page[1]);
Oops, these should be vmalloc_to_page(), shouldn't it?
>>> vaddr = vmap(pages, 2, VM_MAP, PAGE_KERNEL);
>>> BUG_ON(!vaddr);
>>>
>>> for (i = 0; i < 2 * PAGE_SIZE; i++)
>>> vaddr[i] = copydata[i] + 1;
>>>
>>> vunmap(vaddr);
>>>
>>> for (i = 0; i < 2 * PAGE_SIZE; i++)
>>> BUG_ON(somedata[i] != copydata[i] + 1);
>>> }
>> Hmm, when I ran above code, it hit the last BUG_ON().
>> I checked that somedata[i] didn't updated.
>>
>
> Do you hit the BUG_ON after the first loop ?
At the first loop, it hit the BUG_ON.
>>> Given you don't seem to have hit the
>>> for (i = 0; i < len; i++)
>>> BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
>>> test at the end of text_poke,
>> However, when I ran kprobe-based test, it doesn't hit the BUG_ON()
>> in text_poke().
>>
>
> The variable declarations should have been 2*PAGE_SIZE, hopefully you
> fixed them.
Sure,
> There is also a sync_core() in text_poke. It should not matter, but
> maybe that could help ?
Adding sync_core() could not help me... anyway, I'll try again
with using vmalloc_to_page().
>>> I suspect the write through the vmapped
>>> area is correctly done, but that the problem may lay in the mm layer.
>>> Maybe it's running out of pre-allocated vmap areas or something like
>>> this ?
>> I haven't seen vmalloc failure message on 2.6.29-rc2.
>>
>
> It could be because the available vmalloc space is slightly higher.
> Looking into the lazy vunmap threshold would be useful.
>
> You could also try with loop values higher than 400.
OK, Thanks,
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 17:58 ` Masami Hiramatsu
@ 2009-01-28 18:10 ` Mathieu Desnoyers
2009-02-05 22:12 ` [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults Masami Hiramatsu
2009-03-16 22:57 ` [BUGFIX][PATCH] prevent boosting kprobes on exception address Masami Hiramatsu
2009-01-28 18:13 ` [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
1 sibling, 2 replies; 18+ messages in thread
From: Mathieu Desnoyers @ 2009-01-28 18:10 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Masami Hiramatsu (mhiramat@redhat.com) wrote:
> Mathieu Desnoyers wrote:
> > * Masami Hiramatsu (mhiramat@redhat.com) wrote:
> >> Mathieu Desnoyers wrote:
> [...]
> >>> All this called in a loop. This would help isolating the "vmap" part of
> >>> the issue. If this test is not enough, then we should maybe try
> >>> something like this in a kernel module (which does what text_poke does
> >>> with vmalloc, more or less) in a loop :
> >>>
> >>> char somedata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
> >>> char copydata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
> >> Should both of them have PAGE_SIZE*2?
> >>
> >
> > Yes.
> >
> >>> void test_vmap(void)
> >>> }
> >>> struct page *pages[2];
> >>> char *vaddr;
> >>> int i;
> >>>
> >>> for (i = 0; i < 2 * PAGE_SIZE; i++)
> >>> copydata[i] = somedata[i];
> >>> page[0] = virt_to_page(&somedata);
> >>> BUG_ON(!page[0]);
> >>> page[1] = virt_to_page(&somedata + PAGE_SIZE);
> >>> BUG_ON(!page[1]);
>
> Oops, these should be vmalloc_to_page(), shouldn't it?
>
Yes, my bad. That should fix your oopses.
Mathieu
> >>> vaddr = vmap(pages, 2, VM_MAP, PAGE_KERNEL);
> >>> BUG_ON(!vaddr);
> >>>
> >>> for (i = 0; i < 2 * PAGE_SIZE; i++)
> >>> vaddr[i] = copydata[i] + 1;
> >>>
> >>> vunmap(vaddr);
> >>>
> >>> for (i = 0; i < 2 * PAGE_SIZE; i++)
> >>> BUG_ON(somedata[i] != copydata[i] + 1);
> >>> }
> >> Hmm, when I ran above code, it hit the last BUG_ON().
> >> I checked that somedata[i] didn't updated.
> >>
> >
> > Do you hit the BUG_ON after the first loop ?
>
> At the first loop, it hit the BUG_ON.
>
> >>> Given you don't seem to have hit the
> >>> for (i = 0; i < len; i++)
> >>> BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
> >>> test at the end of text_poke,
> >> However, when I ran kprobe-based test, it doesn't hit the BUG_ON()
> >> in text_poke().
> >>
> >
> > The variable declarations should have been 2*PAGE_SIZE, hopefully you
> > fixed them.
>
> Sure,
>
> > There is also a sync_core() in text_poke. It should not matter, but
> > maybe that could help ?
>
> Adding sync_core() could not help me... anyway, I'll try again
> with using vmalloc_to_page().
>
> >>> I suspect the write through the vmapped
> >>> area is correctly done, but that the problem may lay in the mm layer.
> >>> Maybe it's running out of pre-allocated vmap areas or something like
> >>> this ?
> >> I haven't seen vmalloc failure message on 2.6.29-rc2.
> >>
> >
> > It could be because the available vmalloc space is slightly higher.
> > Looking into the lazy vunmap threshold would be useful.
> >
> > You could also try with loop values higher than 400.
>
> OK, Thanks,
>
> --
> Masami Hiramatsu
>
> Software Engineer
> Hitachi Computer Products (America) Inc.
> Software Solutions Division
>
> e-mail: mhiramat@redhat.com
>
--
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption
2009-01-28 17:58 ` Masami Hiramatsu
2009-01-28 18:10 ` Mathieu Desnoyers
@ 2009-01-28 18:13 ` Masami Hiramatsu
1 sibling, 0 replies; 18+ messages in thread
From: Masami Hiramatsu @ 2009-01-28 18:13 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
Masami Hiramatsu wrote:
> Mathieu Desnoyers wrote:
>> * Masami Hiramatsu (mhiramat@redhat.com) wrote:
>>> Mathieu Desnoyers wrote:
> [...]
>>>> All this called in a loop. This would help isolating the "vmap" part of
>>>> the issue. If this test is not enough, then we should maybe try
>>>> something like this in a kernel module (which does what text_poke does
>>>> with vmalloc, more or less) in a loop :
>>>>
>>>> char somedata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
>>>> char copydata[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
>>> Should both of them have PAGE_SIZE*2?
>>>
>> Yes.
>>
>>>> void test_vmap(void)
>>>> }
>>>> struct page *pages[2];
>>>> char *vaddr;
>>>> int i;
>>>>
>>>> for (i = 0; i < 2 * PAGE_SIZE; i++)
>>>> copydata[i] = somedata[i];
>>>> page[0] = virt_to_page(&somedata);
>>>> BUG_ON(!page[0]);
>>>> page[1] = virt_to_page(&somedata + PAGE_SIZE);
>>>> BUG_ON(!page[1]);
>
> Oops, these should be vmalloc_to_page(), shouldn't it?
>
>>>> vaddr = vmap(pages, 2, VM_MAP, PAGE_KERNEL);
>>>> BUG_ON(!vaddr);
>>>>
>>>> for (i = 0; i < 2 * PAGE_SIZE; i++)
>>>> vaddr[i] = copydata[i] + 1;
>>>>
>>>> vunmap(vaddr);
>>>>
>>>> for (i = 0; i < 2 * PAGE_SIZE; i++)
>>>> BUG_ON(somedata[i] != copydata[i] + 1);
>>>> }
>>> Hmm, when I ran above code, it hit the last BUG_ON().
>>> I checked that somedata[i] didn't updated.
>>>
>> Do you hit the BUG_ON after the first loop ?
>
> At the first loop, it hit the BUG_ON.
>
>>>> Given you don't seem to have hit the
>>>> for (i = 0; i < len; i++)
>>>> BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
>>>> test at the end of text_poke,
>>> However, when I ran kprobe-based test, it doesn't hit the BUG_ON()
>>> in text_poke().
>>>
>> The variable declarations should have been 2*PAGE_SIZE, hopefully you
>> fixed them.
>
> Sure,
>
>> There is also a sync_core() in text_poke. It should not matter, but
>> maybe that could help ?
>
> Adding sync_core() could not help me... anyway, I'll try again
> with using vmalloc_to_page().
Hmm, using vmalloc_to_page() works fine... the test didn't hit any BUG_ON.
>
>>>> I suspect the write through the vmapped
>>>> area is correctly done, but that the problem may lay in the mm layer.
>>>> Maybe it's running out of pre-allocated vmap areas or something like
>>>> this ?
>>> I haven't seen vmalloc failure message on 2.6.29-rc2.
>>>
>> It could be because the available vmalloc space is slightly higher.
>> Looking into the lazy vunmap threshold would be useful.
>>
>> You could also try with loop values higher than 400.
I also tested with 1000 loops, but nothing happened.
Thank you,
>
> OK, Thanks,
>
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults
2009-01-28 18:10 ` Mathieu Desnoyers
@ 2009-02-05 22:12 ` Masami Hiramatsu
2009-02-05 23:57 ` Ingo Molnar
2009-03-16 22:57 ` [BUGFIX][PATCH] prevent boosting kprobes on exception address Masami Hiramatsu
1 sibling, 1 reply; 18+ messages in thread
From: Masami Hiramatsu @ 2009-02-05 22:12 UTC (permalink / raw)
To: Andrew Morton, Linus Torvalds, Greg KH
Cc: Mathieu Desnoyers, Nick Piggin, LKML, Ananth N Mavinakayanahalli,
Jim Keniston, systemtap-ml, Frank Ch. Eigler
Prevent kprobes from catching spurious faults which will cause infinite
recursive page-fault and memory corruption by stack overflow.
Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
---
This patch solves memory corruption bug which I reported last week.
http://lkml.org/lkml/2009/1/27/428
Since 2.6.28 kernel also has same bug, I think it should be applied
to 2.6.28.y too.
Thanks,
arch/x86/mm/fault.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: linux-2.6/arch/x86/mm/fault.c
===================================================================
--- linux-2.6.orig/arch/x86/mm/fault.c
+++ linux-2.6/arch/x86/mm/fault.c
@@ -603,8 +603,6 @@ void __kprobes do_page_fault(struct pt_r
si_code = SEGV_MAPERR;
- if (notify_page_fault(regs))
- return;
if (unlikely(kmmio_fault(regs, address)))
return;
@@ -634,6 +632,9 @@ void __kprobes do_page_fault(struct pt_r
if (spurious_fault(address, error_code))
return;
+ /* kprobes don't want to hook the spurious faults. */
+ if (notify_page_fault(regs))
+ return;
/*
* Don't take the mm semaphore here. If we fixup a prefetch
* fault we could otherwise deadlock.
@@ -641,6 +642,9 @@ void __kprobes do_page_fault(struct pt_r
goto bad_area_nosemaphore;
}
+ /* kprobes don't want to hook the spurious faults. */
+ if (notify_page_fault(regs))
+ return;
/*
* It's safe to allow irq's after cr2 has been saved and the
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults
2009-02-05 22:12 ` [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults Masami Hiramatsu
@ 2009-02-05 23:57 ` Ingo Molnar
2009-02-06 1:13 ` Mathieu Desnoyers
2009-02-06 15:57 ` Masami Hiramatsu
0 siblings, 2 replies; 18+ messages in thread
From: Ingo Molnar @ 2009-02-05 23:57 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Andrew Morton, Linus Torvalds, Greg KH, Mathieu Desnoyers,
Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Masami Hiramatsu <mhiramat@redhat.com> wrote:
> - if (notify_page_fault(regs))
> - return;
> if (unlikely(kmmio_fault(regs, address)))
> return;
>
> @@ -634,6 +632,9 @@ void __kprobes do_page_fault(struct pt_r
> if (spurious_fault(address, error_code))
> return;
>
> + /* kprobes don't want to hook the spurious faults. */
> + if (notify_page_fault(regs))
> + return;
> /*
> * Don't take the mm semaphore here. If we fixup a prefetch
> * fault we could otherwise deadlock.
> @@ -641,6 +642,9 @@ void __kprobes do_page_fault(struct pt_r
> goto bad_area_nosemaphore;
> }
>
> + /* kprobes don't want to hook the spurious faults. */
> + if (notify_page_fault(regs))
> + return;
I dont know - this spreads that callback to two places now. Any
reason why kprobes cannot call spurious_fault(), if there's a
probe active?
Also, moving that would remove the planned cleanup of merging these
two into one call:
if (notify_page_fault(regs))
return;
if (unlikely(kmmio_fault(regs, address)))
return;
We should reduce the probing cross section, not increase it,
especially in such a critical codepath as the pagefault handler.
Btw., why cannot kprobes install a dynamic probe to the fault
handler itself? That way the default path would have no such
callbacks and checks at all.
Ingo
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults
2009-02-05 23:57 ` Ingo Molnar
@ 2009-02-06 1:13 ` Mathieu Desnoyers
2009-02-06 2:04 ` Ingo Molnar
2009-02-06 16:30 ` Masami Hiramatsu
2009-02-06 15:57 ` Masami Hiramatsu
1 sibling, 2 replies; 18+ messages in thread
From: Mathieu Desnoyers @ 2009-02-06 1:13 UTC (permalink / raw)
To: Ingo Molnar
Cc: Masami Hiramatsu, Andrew Morton, Linus Torvalds, Greg KH,
Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Ingo Molnar (mingo@elte.hu) wrote:
>
> * Masami Hiramatsu <mhiramat@redhat.com> wrote:
>
> > - if (notify_page_fault(regs))
> > - return;
> > if (unlikely(kmmio_fault(regs, address)))
> > return;
> >
> > @@ -634,6 +632,9 @@ void __kprobes do_page_fault(struct pt_r
> > if (spurious_fault(address, error_code))
> > return;
> >
> > + /* kprobes don't want to hook the spurious faults. */
> > + if (notify_page_fault(regs))
> > + return;
> > /*
> > * Don't take the mm semaphore here. If we fixup a prefetch
> > * fault we could otherwise deadlock.
> > @@ -641,6 +642,9 @@ void __kprobes do_page_fault(struct pt_r
> > goto bad_area_nosemaphore;
> > }
> >
> > + /* kprobes don't want to hook the spurious faults. */
> > + if (notify_page_fault(regs))
> > + return;
>
> I dont know - this spreads that callback to two places now. Any
> reason why kprobes cannot call spurious_fault(), if there's a
> probe active?
>
> Also, moving that would remove the planned cleanup of merging these
> two into one call:
>
> if (notify_page_fault(regs))
> return;
> if (unlikely(kmmio_fault(regs, address)))
> return;
>
> We should reduce the probing cross section, not increase it,
> especially in such a critical codepath as the pagefault handler.
>
> Btw., why cannot kprobes install a dynamic probe to the fault
> handler itself? That way the default path would have no such
> callbacks and checks at all.
>
Or we could simply merge my 2 LTTng page fault handler tracepoints per
architecture and be done with it ?
I'd need to clean up the patchset a little bit to fold a few patches,
but that would be straightforward enough.
Mathieu
--
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults
2009-02-06 1:13 ` Mathieu Desnoyers
@ 2009-02-06 2:04 ` Ingo Molnar
2009-02-06 2:05 ` Ingo Molnar
2009-02-06 16:30 ` Masami Hiramatsu
1 sibling, 1 reply; 18+ messages in thread
From: Ingo Molnar @ 2009-02-06 2:04 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Masami Hiramatsu, Andrew Morton, Linus Torvalds, Greg KH,
Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca> wrote:
> * Ingo Molnar (mingo@elte.hu) wrote:
> >
> > * Masami Hiramatsu <mhiramat@redhat.com> wrote:
> >
> > > - if (notify_page_fault(regs))
> > > - return;
> > > if (unlikely(kmmio_fault(regs, address)))
> > > return;
> > >
> > > @@ -634,6 +632,9 @@ void __kprobes do_page_fault(struct pt_r
> > > if (spurious_fault(address, error_code))
> > > return;
> > >
> > > + /* kprobes don't want to hook the spurious faults. */
> > > + if (notify_page_fault(regs))
> > > + return;
> > > /*
> > > * Don't take the mm semaphore here. If we fixup a prefetch
> > > * fault we could otherwise deadlock.
> > > @@ -641,6 +642,9 @@ void __kprobes do_page_fault(struct pt_r
> > > goto bad_area_nosemaphore;
> > > }
> > >
> > > + /* kprobes don't want to hook the spurious faults. */
> > > + if (notify_page_fault(regs))
> > > + return;
> >
> > I dont know - this spreads that callback to two places now. Any
> > reason why kprobes cannot call spurious_fault(), if there's a
> > probe active?
> >
> > Also, moving that would remove the planned cleanup of merging these
> > two into one call:
> >
> > if (notify_page_fault(regs))
> > return;
> > if (unlikely(kmmio_fault(regs, address)))
> > return;
> >
> > We should reduce the probing cross section, not increase it,
> > especially in such a critical codepath as the pagefault handler.
> >
> > Btw., why cannot kprobes install a dynamic probe to the fault
> > handler itself? That way the default path would have no such
> > callbacks and checks at all.
> >
>
> Or we could simply merge my 2 LTTng page fault handler tracepoints per
> architecture and be done with it ?
>
> I'd need to clean up the patchset a little bit to fold a few patches,
> but that would be straightforward enough.
yes, that would be an option too - it depends on the details of how it looks
like and what kind of complexity it hides.
Ingo
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults
2009-02-06 2:04 ` Ingo Molnar
@ 2009-02-06 2:05 ` Ingo Molnar
0 siblings, 0 replies; 18+ messages in thread
From: Ingo Molnar @ 2009-02-06 2:05 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Masami Hiramatsu, Andrew Morton, Linus Torvalds, Greg KH,
Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
* Ingo Molnar <mingo@elte.hu> wrote:
>
> * Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca> wrote:
>
> > * Ingo Molnar (mingo@elte.hu) wrote:
> > >
> > > * Masami Hiramatsu <mhiramat@redhat.com> wrote:
> > >
> > > > - if (notify_page_fault(regs))
> > > > - return;
> > > > if (unlikely(kmmio_fault(regs, address)))
> > > > return;
> > > >
> > > > @@ -634,6 +632,9 @@ void __kprobes do_page_fault(struct pt_r
> > > > if (spurious_fault(address, error_code))
> > > > return;
> > > >
> > > > + /* kprobes don't want to hook the spurious faults. */
> > > > + if (notify_page_fault(regs))
> > > > + return;
> > > > /*
> > > > * Don't take the mm semaphore here. If we fixup a prefetch
> > > > * fault we could otherwise deadlock.
> > > > @@ -641,6 +642,9 @@ void __kprobes do_page_fault(struct pt_r
> > > > goto bad_area_nosemaphore;
> > > > }
> > > >
> > > > + /* kprobes don't want to hook the spurious faults. */
> > > > + if (notify_page_fault(regs))
> > > > + return;
> > >
> > > I dont know - this spreads that callback to two places now. Any
> > > reason why kprobes cannot call spurious_fault(), if there's a
> > > probe active?
> > >
> > > Also, moving that would remove the planned cleanup of merging these
> > > two into one call:
> > >
> > > if (notify_page_fault(regs))
> > > return;
> > > if (unlikely(kmmio_fault(regs, address)))
> > > return;
> > >
> > > We should reduce the probing cross section, not increase it,
> > > especially in such a critical codepath as the pagefault handler.
> > >
> > > Btw., why cannot kprobes install a dynamic probe to the fault
> > > handler itself? That way the default path would have no such
> > > callbacks and checks at all.
> > >
> >
> > Or we could simply merge my 2 LTTng page fault handler tracepoints per
> > architecture and be done with it ?
> >
> > I'd need to clean up the patchset a little bit to fold a few patches,
> > but that would be straightforward enough.
>
> yes, that would be an option too - it depends on the details of how it looks
> like and what kind of complexity it hides.
Linus just merged the fix so the urgency of the matter has become lower :)
Ingo
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults
2009-02-05 23:57 ` Ingo Molnar
2009-02-06 1:13 ` Mathieu Desnoyers
@ 2009-02-06 15:57 ` Masami Hiramatsu
1 sibling, 0 replies; 18+ messages in thread
From: Masami Hiramatsu @ 2009-02-06 15:57 UTC (permalink / raw)
To: Ingo Molnar
Cc: Andrew Morton, Linus Torvalds, Greg KH, Mathieu Desnoyers,
Nick Piggin, LKML, Ananth N Mavinakayanahalli, Jim Keniston,
systemtap-ml, Frank Ch. Eigler
Ingo Molnar wrote:
> * Masami Hiramatsu <mhiramat@redhat.com> wrote:
>
>> - if (notify_page_fault(regs))
>> - return;
>> if (unlikely(kmmio_fault(regs, address)))
>> return;
>>
>> @@ -634,6 +632,9 @@ void __kprobes do_page_fault(struct pt_r
>> if (spurious_fault(address, error_code))
>> return;
>>
>> + /* kprobes don't want to hook the spurious faults. */
>> + if (notify_page_fault(regs))
>> + return;
>> /*
>> * Don't take the mm semaphore here. If we fixup a prefetch
>> * fault we could otherwise deadlock.
>> @@ -641,6 +642,9 @@ void __kprobes do_page_fault(struct pt_r
>> goto bad_area_nosemaphore;
>> }
>>
>> + /* kprobes don't want to hook the spurious faults. */
>> + if (notify_page_fault(regs))
>> + return;
>
> I dont know - this spreads that callback to two places now. Any
> reason why kprobes cannot call spurious_fault(), if there's a
> probe active?
Hmm, because I think how the spurious faults are treated depends on
do_page_fault(). Calling spurious_fault() and vmalloc_fault() in
kprobe_fault_handler() is just spreading another code different way...
> Also, moving that would remove the planned cleanup of merging these
> two into one call:
>
> if (notify_page_fault(regs))
> return;
> if (unlikely(kmmio_fault(regs, address)))
> return;
Sure, that is reasonable, if kmmio also want not catch spurious fault too.
> We should reduce the probing cross section, not increase it,
> especially in such a critical codepath as the pagefault handler.
I think my patch doesn't increase it, the first path jumps to
bad_area_nosemaphore right after calling notify_page_fault().
>
> Btw., why cannot kprobes install a dynamic probe to the fault
> handler itself? That way the default path would have no such
> callbacks and checks at all.
because kprobe_fault_handler() is implemented not only for the
user fault handler but also for fixup page-fault ip during
single step out-of-line. It's an elemental part of kprobes.
Thank you,
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults
2009-02-06 1:13 ` Mathieu Desnoyers
2009-02-06 2:04 ` Ingo Molnar
@ 2009-02-06 16:30 ` Masami Hiramatsu
1 sibling, 0 replies; 18+ messages in thread
From: Masami Hiramatsu @ 2009-02-06 16:30 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Ingo Molnar, Andrew Morton, Linus Torvalds, Greg KH, Nick Piggin,
LKML, Ananth N Mavinakayanahalli, Jim Keniston, systemtap-ml,
Frank Ch. Eigler
Mathieu Desnoyers wrote:
> * Ingo Molnar (mingo@elte.hu) wrote:
>> * Masami Hiramatsu <mhiramat@redhat.com> wrote:
>>
>>> - if (notify_page_fault(regs))
>>> - return;
>>> if (unlikely(kmmio_fault(regs, address)))
>>> return;
>>>
>>> @@ -634,6 +632,9 @@ void __kprobes do_page_fault(struct pt_r
>>> if (spurious_fault(address, error_code))
>>> return;
>>>
>>> + /* kprobes don't want to hook the spurious faults. */
>>> + if (notify_page_fault(regs))
>>> + return;
>>> /*
>>> * Don't take the mm semaphore here. If we fixup a prefetch
>>> * fault we could otherwise deadlock.
>>> @@ -641,6 +642,9 @@ void __kprobes do_page_fault(struct pt_r
>>> goto bad_area_nosemaphore;
>>> }
>>>
>>> + /* kprobes don't want to hook the spurious faults. */
>>> + if (notify_page_fault(regs))
>>> + return;
>> I dont know - this spreads that callback to two places now. Any
>> reason why kprobes cannot call spurious_fault(), if there's a
>> probe active?
>>
>> Also, moving that would remove the planned cleanup of merging these
>> two into one call:
>>
>> if (notify_page_fault(regs))
>> return;
>> if (unlikely(kmmio_fault(regs, address)))
>> return;
>>
>> We should reduce the probing cross section, not increase it,
>> especially in such a critical codepath as the pagefault handler.
>>
>> Btw., why cannot kprobes install a dynamic probe to the fault
>> handler itself? That way the default path would have no such
>> callbacks and checks at all.
>>
>
> Or we could simply merge my 2 LTTng page fault handler tracepoints per
> architecture and be done with it ?
As you can see, these functions are a kind of fixup code.
If it succeed fixup a fault, do_page_fault() has to return because
the fault is fixed.
Since tracepoint itself is just a watchpoint, it should not
change code path. So, I think just moving kmmio_fault() to
notify_page_fault() is enough.
> I'd need to clean up the patchset a little bit to fold a few patches,
> but that would be straightforward enough.
Anyway, I agree with the idea to push tracepoint in the pagefault.
It is very useful for watching system behavior.
Thanks!
>
> Mathieu
>
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* [BUGFIX][PATCH] prevent boosting kprobes on exception address
2009-01-28 18:10 ` Mathieu Desnoyers
2009-02-05 22:12 ` [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults Masami Hiramatsu
@ 2009-03-16 22:57 ` Masami Hiramatsu
1 sibling, 0 replies; 18+ messages in thread
From: Masami Hiramatsu @ 2009-03-16 22:57 UTC (permalink / raw)
To: Andrew Morton, Linus Torvalds, Greg KH
Cc: LKML, Ananth N Mavinakayanahalli, Jim Keniston, systemtap-ml,
Frank Ch. Eigler
Don't boost at the addresses which are listed on exception tables,
because major page fault will occur on those addresses. In that case,
kprobes can not ensure that when instruction buffer can be freed
since some processes will sleep on the buffer.
(kprobes-ia64 already has same check.)
Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
---
arch/x86/kernel/kprobes.c | 3 +++
1 file changed, 3 insertions(+)
Index: mmotm/arch/x86/kernel/kprobes.c
===================================================================
--- mmotm.orig/arch/x86/kernel/kprobes.c
+++ mmotm/arch/x86/kernel/kprobes.c
@@ -193,6 +193,9 @@ static int __kprobes can_boost(kprobe_op
kprobe_opcode_t opcode;
kprobe_opcode_t *orig_opcodes = opcodes;
+ if (search_exception_tables(opcodes))
+ return 0; /* Page fault may occur on this address. */
+
retry:
if (opcodes - orig_opcodes > MAX_INSN_SIZE - 1)
return 0;
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division
e-mail: mhiramat@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2009-03-16 22:57 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-01-28 2:32 [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
2009-01-28 2:39 ` [PATCH][bugfix?][kprobes][vunmap?]: use vm_map_ram() in text_poke() Masami Hiramatsu
2009-01-28 5:09 ` [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
2009-01-28 15:48 ` Mathieu Desnoyers
2009-01-28 16:22 ` Mathieu Desnoyers
2009-01-28 16:59 ` Masami Hiramatsu
2009-01-28 17:13 ` Mathieu Desnoyers
2009-01-28 17:58 ` Masami Hiramatsu
2009-01-28 18:10 ` Mathieu Desnoyers
2009-02-05 22:12 ` [BUGFIX][PATCH -rc/-mm] prevent kprobes from catching spurious page faults Masami Hiramatsu
2009-02-05 23:57 ` Ingo Molnar
2009-02-06 1:13 ` Mathieu Desnoyers
2009-02-06 2:04 ` Ingo Molnar
2009-02-06 2:05 ` Ingo Molnar
2009-02-06 16:30 ` Masami Hiramatsu
2009-02-06 15:57 ` Masami Hiramatsu
2009-03-16 22:57 ` [BUGFIX][PATCH] prevent boosting kprobes on exception address Masami Hiramatsu
2009-01-28 18:13 ` [BUG][kprobes][vunmap?]: kprobes may cause memory corruption Masami Hiramatsu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).