[PATCH v2 2/3] powerpc/kprobes: un-blacklist system_call() from kprobes
Michael Ellerman
mpe at ellerman.id.au
Thu May 4 16:03:26 AEST 2017
"Naveen N. Rao" <naveen.n.rao at linux.vnet.ibm.com> writes:
> On 2017/04/27 08:19PM, Michael Ellerman wrote:
>> "Naveen N. Rao" <naveen.n.rao at linux.vnet.ibm.com> writes:
>>
>> > It is actually safe to probe system_call() in entry_64.S, but only till
>> > .Lsyscall_exit. To allow this, convert .Lsyscall_exit to a non-local
>> > symbol __system_call() and blacklist that symbol, rather than
>> > system_call().
>>
>> I'm not sure I like this. The reason we made it a local symbol in the
>> first place is because it made backtraces look odd:
>>
>> commit 4c3b21686111e0ac6018469dacbc5549f9915cf8
>> Author: Michael Ellerman <mpe at ellerman.id.au>
>> AuthorDate: Fri Dec 5 21:16:59 2014 +1100
>>
>> powerpc/kernel: Make syscall_exit a local label
>>
>> Currently when we back trace something that is in a syscall we see
>> something like this:
>>
>> [c000000000000000] [c000000000000000] SyS_read+0x6c/0x110
>> [c000000000000000] [c000000000000000] syscall_exit+0x0/0x98
>>
>> Although it's entirely correct, seeing syscall_exit at the bottom can be
>> confusing - we were exiting from a syscall and then called SyS_read() ?
>>
>> If we instead change syscall_exit to be a local label we get something
>> more intuitive:
>>
>> [c0000001fa46fde0] [c00000000026719c] SyS_read+0x6c/0x110
>> [c0000001fa46fe30] [c000000000009264] system_call+0x38/0xd0
>>
>> ie. we were handling a system call, and it was SyS_read().
>>
>>
>> I think you know that, although you didn't mention it in the change log,
>> because you've called the new symbol __system_call. But that is not a
>> great name either because that's not what it does.
>
> Yes, you're right. I used __system_call since I felt that it won't cause
> confusion like syscall_exit did. I agree it's not a great name, but we
> need _some_ label other than system_call if we want to allow probing at
> this point.
>
> Also, if I'm reading this right, there is no other place to probe if we
> want to capture all system call entries.
>
> So, I felt this would be good to have.
>
>>
>> > diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
>> > index 380361c0bb6a..e030ce34dd66 100644
>> > --- a/arch/powerpc/kernel/entry_64.S
>> > +++ b/arch/powerpc/kernel/entry_64.S
>> > @@ -176,7 +176,7 @@ system_call: /* label this so stack traces look sane */
>> > mtctr r12
>> > bctrl /* Call handler */
>> >
>> > -.Lsyscall_exit:
>> > +__system_call:
>> > std r3,RESULT(r1)
>> > CURRENT_THREAD_INFO(r12, r1)
>>
>> Why can't we kprobe the std and the rotate to current thread info?
>>
>> Is the real no-probe point just here, prior to the clearing of MSR_RI ?
>>
>> ld r8,_MSR(r1)
>> #ifdef CONFIG_PPC_BOOK3S
>> /* No MSR:RI on BookE */
>
> We can probe at all those places, just not once MSR_RI is unset. So, the
> no-probe point is just *after* the mtmsrd.
>
> However, for kprobe blacklisting, the granularity is at a function level
> (or ASM labels). As such, we will have to blacklist all of
> syscall_exit/__system_call.
Would this work?
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index 767ef6d68c9e..8d0fa4a2262a 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -207,6 +207,7 @@ system_call: /* label this so stack traces look sane */
mtmsrd r11,1
#endif /* CONFIG_PPC_BOOK3E */
+syscall_exit:
ld r9,TI_FLAGS(r12)
li r11,-MAX_ERRNO
andi. r0,r9,(_TIF_SYSCALL_DOTRACE|_TIF_SINGLESTEP|_TIF_USER_WORK_MASK|_TIF_PERSYSCALL_MASK)
cheers
More information about the Linuxppc-dev
mailing list