* Uprobe: Bug(?) when probing small binaries
@ 2018-02-12 13:16 Ravi Bangoria
2018-02-12 15:19 ` Oleg Nesterov
0 siblings, 1 reply; 2+ messages in thread
From: Ravi Bangoria @ 2018-02-12 13:16 UTC (permalink / raw)
To: Oleg Nesterov; +Cc: Srikar Dronamraju, Naveen N. Rao, ananth, lkml
Hi Oleg,
I'm observing a bug in the uprobe infrastructure. When target binary
is quite small, uprobe replaces 'trap' instruction at two different
places. Ex,
Simple test.c that loops for 100 seconds:
void main()
{
int i = 0;
while (i++ != 100) {
printf("hi: %d", i);
sleep(1);
}
}
Add a probe on function main() in test.c
$ perf probe -x ./a.out main
Added new event:
probe_a:main (on main in /home/ravi/a.out)
Start the target program and pause it.
$ gdb --args ./a.out
(gdb) r
main: 1
main: 2
^C
(gdb) disassemble main
0x000000001000069c <+8>: mflr r0
(gdb) x/w 0x1001069c
0x1001069c: 2080899750
Now enable the probe:
# echo 1 > events/probe_a/main/enable
Check probed instruction:
(gdb) disassemble main
0x000000001000069c <+8>: trap
*Bug*:
(gdb) x/w 0x1001069c
0x1001069c: 2145386504
In short, when it replaces the probe instruction, it does some corruption
in the readonly vma. This seems to be a bug.
How did I get the other address 0x1001069c?I found build_map_info()
returns these two vmas for the single probe:
10000000-10010000 r-xp 00000000 08:05 67325595 /home/ravi/a.out
10010000-10020000 r--p 00000000 08:05 67325595 /home/ravi/a.out
and thusregister_for_each_vmas() calls install_breakpoint() on both of
thesevmas with different vaddr.
The example is on powerpc but same issue is observed on x86 as well. As,
the code is common, it should be reproducible on every architecture.
Also, I don't observe this issue for bigger binaries (maybe for those
whose vma spans across multiple pages).
Thanks,
Ravi
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Uprobe: Bug(?) when probing small binaries
2018-02-12 13:16 Uprobe: Bug(?) when probing small binaries Ravi Bangoria
@ 2018-02-12 15:19 ` Oleg Nesterov
0 siblings, 0 replies; 2+ messages in thread
From: Oleg Nesterov @ 2018-02-12 15:19 UTC (permalink / raw)
To: Ravi Bangoria; +Cc: Srikar Dronamraju, Naveen N. Rao, ananth, lkml
Hi Ravi,
On 02/12, Ravi Bangoria wrote:
>
> I'm observing a bug in the uprobe infrastructure.
I am not sure,
> When target binary
> is quite small, uprobe replaces 'trap' instruction at two different
> places. Ex,
but this is actually "the same place" (in the file), just 2 virtual addrs differ,
> (gdb) x/w 0x1001069c
> 0x1001069c: 2080899750
>
> Now enable the probe:
>
> # echo 1 > events/probe_a/main/enable
>
> Check probed instruction:
>
> (gdb) disassemble main
> 0x000000001000069c <+8>: trap
>
> *Bug*:
>
> (gdb) x/w 0x1001069c
> 0x1001069c: 2145386504
>
> In short, when it replaces the probe instruction, it does some corruption
> in the readonly vma. This seems to be a bug.
>
> How did I get the other address 0x1001069c?I found build_map_info()
> returns these two vmas for the single probe:
>
> 10000000-10010000 r-xp 00000000 08:05 67325595 /home/ravi/a.out
> 10010000-10020000 r--p 00000000 08:05 67325595 /home/ravi/a.out
please note that these 2 vma's mmap the same region in a.out, so
*0x1001069c and *0x1000069c point to the same insn.
Oleg.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-02-12 15:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-12 13:16 Uprobe: Bug(?) when probing small binaries Ravi Bangoria
2018-02-12 15:19 ` Oleg Nesterov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).