[PATCH] kprobes: Enable tracing for mololithic kernel images

Fri Jun 10 08:23:02 AEST 2022

On Thu, Jun 9, 2022 at 1:34 AM Christophe Leroy
<christophe.leroy at csgroup.eu> wrote:
>
>
>
> Le 08/06/2022 à 18:12, Song Liu a écrit :
> > On Wed, Jun 8, 2022 at 7:21 AM Masami Hiramatsu <mhiramat at kernel.org> wrote:
> >>
> >> Hi Jarkko,
> >>
> >> On Wed, 8 Jun 2022 08:25:38 +0300
> >> Jarkko Sakkinen <jarkko at kernel.org> wrote:
> >>
> >>> On Wed, Jun 08, 2022 at 10:35:42AM +0800, Guo Ren wrote:
> >>>> .
> >>>>
> >>>> On Wed, Jun 8, 2022 at 8:02 AM Jarkko Sakkinen <jarkko at profian.com> wrote:
> >>>>>
> >>>>> Tracing with kprobes while running a monolithic kernel is currently
> >>>>> impossible because CONFIG_KPROBES is dependent of CONFIG_MODULES.  This
> >>>>> dependency is a result of kprobes code using the module allocator for the
> >>>>> trampoline code.
> >>>>>
> >>>>> Detaching kprobes from modules helps to squeeze down the user space,
> >>>>> e.g. when developing new core kernel features, while still having all
> >>>>> the nice tracing capabilities.
> >>>>>
> >>>>> For kernel/ and arch/*, move module_alloc() and module_memfree() to
> >>>>> module_alloc.c, and compile as part of vmlinux when either CONFIG_MODULES
> >>>>> or CONFIG_KPROBES is enabled.  In addition, flag kernel module specific
> >>>>> code with CONFIG_MODULES.
> >>>>>
> >>>>> As the result, kprobes can be used with a monolithic kernel.
> >>>> It's strange when MODULES is n, but vmlinux still obtains module_alloc.
> >>>>
> >>>> Maybe we need a kprobe_alloc, right?
> >>>
> >>> Perhaps not the best name but at least it documents the fact that
> >>> they use the same allocator.
> >>>
> >>> Few years ago I carved up something "half-way there" for kprobes,
> >>> and I used the name text_alloc() [*].
> >>>
> >>> [*] https://lore.kernel.org/all/20200724050553.1724168-1-jarkko.sakkinen@linux.intel.com/
> >>
> >> Yeah, I remember that. Thank you for updating your patch!
> >> I think the idea (split module_alloc() from CONFIG_MODULE) is good to me.
> >> If module support maintainers think this name is not good, you may be
> >> able to rename it as text_alloc() and make the module_alloc() as a
> >> wrapper of it.
> >
> > IIUC, most users of module_alloc() use it to allocate memory for text, except
> > that module code uses it for both text and data. Therefore, I guess calling it
> > text_alloc() is not 100% accurate until we change the module code (to use
> > a different API to allocate memory for data).
>
> When CONFIG_ARCH_WANTS_MODULES_DATA_IN_VMALLOC, module code uses
> module_alloc() for text and vmalloc() for data, see function
> move_module() in kernel/module/main.c

Thanks for the pointer! I will play with it.

Song