| Message ID | abaac6ebaa5dd63889803ec568663bc8c8c65b02.1470114993.git.panand@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 08/02, Pratyush Anand wrote: > > This patch adds support for uprobe on ARM64 architecture. I know nothing about ARM, so I can't actually review this change. But it looks good to me ;) Just one note, > +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) > +{ > + struct uprobe_task *utask = current->utask; > + > + /* saved fault code is restored in post_xol */ > + utask->autask.saved_fault_code = current->thread.fault_code; > + > + /* An invalid fault code between pre/post xol event */ > + current->thread.fault_code = UPROBE_INV_FAULT_CODE; > + > + /* Instruction point to execute ol */ > + instruction_pointer_set(regs, utask->xol_vaddr); > + > + user_enable_single_step(current); I don't think we want user_{enable,disable{_single_step in the long term, please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs the same. However, I agree we can do this later and initial version can use these ptrace helpers. Oleg.
Hi Oleg, Thanks a lot for your review, and sorry for delayed response. On 09/08/2016:08:49:44 PM, Oleg Nesterov wrote: > On 08/02, Pratyush Anand wrote: > > > > This patch adds support for uprobe on ARM64 architecture. > > I know nothing about ARM, so I can't actually review this change. > But it looks good to me ;) > > Just one note, > > > +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) > > +{ > > + struct uprobe_task *utask = current->utask; > > + > > + /* saved fault code is restored in post_xol */ > > + utask->autask.saved_fault_code = current->thread.fault_code; > > + > > + /* An invalid fault code between pre/post xol event */ > > + current->thread.fault_code = UPROBE_INV_FAULT_CODE; > > + > > + /* Instruction point to execute ol */ > > + instruction_pointer_set(regs, utask->xol_vaddr); > > + > > + user_enable_single_step(current); > > I don't think we want user_{enable,disable{_single_step in the long term, > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs > the same. IIUC, then you mean that TIF_SINGLESTEP is a per task flag, while arch_uprobe_pre/post_xol() should enable/disable single stepping using a per uprobe_task, and we should have a flag in "struct arch_uprobe_task" to handle this, right? > > However, I agree we can do this later and initial version can use these > ptrace helpers. Yes, I would also like to do that change latter, because these set of patches have already been tested heavily with systemtap, so it would be better to go with an incremental changes latter on. ~Pratyush
Hi Pratyush, On 08/24, Pratyush Anand wrote: > > > I don't think we want user_{enable,disable{_single_step in the long term, > > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP > > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears > > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs > > the same. > > IIUC, then you mean that TIF_SINGLESTEP is a per task flag, Yes, and nobody but ptrace should use it, otherwise ptrace/uprobes can confuse each other. And uprobes simply doesn't need to set/clear it. > while > arch_uprobe_pre/post_xol() should enable/disable single stepping using a per > uprobe_task, I can't really answer since I know nothing about arm. x86 just needs to set X86_EFLAGS_TF, I guess arm needs to modify some register too? > and we should have a flag in "struct arch_uprobe_task" to handle > this, right? Probably yes, because we need to record/restore X86_EFLAGS_TF in case it was already set by ptrace or something else. > > However, I agree we can do this later and initial version can use these > > ptrace helpers. > > Yes, I would also like to do that change latter, because these set of patches > have already been tested heavily with systemtap, so it would be better to go > with an incremental changes latter on. Yes, yes, I agree. Let me repeat that this patch looks good to me as initial version, but obviously I can't really revit it and/or ack. Oleg.
On Wed, Aug 24, 2016 at 05:47:11PM +0200, Oleg Nesterov wrote: > On 08/24, Pratyush Anand wrote: > > > > > I don't think we want user_{enable,disable{_single_step in the long term, > > > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP > > > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears > > > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs > > > the same. > > > > IIUC, then you mean that TIF_SINGLESTEP is a per task flag, > > Yes, and nobody but ptrace should use it, otherwise ptrace/uprobes can confuse > each other. And uprobes simply doesn't need to set/clear it. We're already using it for kprobes, hw_breakpoint and kgdb as well as ptrace, so I'd rather uprobes either followed existing practice, or we converted everybody off the current code. In what way do things get confused? > > while > > arch_uprobe_pre/post_xol() should enable/disable single stepping using a per > > uprobe_task, > > I can't really answer since I know nothing about arm. x86 just needs to set > X86_EFLAGS_TF, I guess arm needs to modify some register too? We have {user,kernel}_{enable,disable}_single_step for managing the various registers controlling the single-step state machine on arm64. Will
On 08/24, Will Deacon wrote: > > On Wed, Aug 24, 2016 at 05:47:11PM +0200, Oleg Nesterov wrote: > > On 08/24, Pratyush Anand wrote: > > > > > > > I don't think we want user_{enable,disable{_single_step in the long term, > > > > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP > > > > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears > > > > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs > > > > the same. > > > > > > IIUC, then you mean that TIF_SINGLESTEP is a per task flag, > > > > Yes, and nobody but ptrace should use it, otherwise ptrace/uprobes can confuse > > each other. And uprobes simply doesn't need to set/clear it. > > We're already using it for kprobes, hw_breakpoint and kgdb as well as > ptrace, so I'd rather uprobes either followed existing practice, or we > converted everybody off the current code. And perhaps this is fine for arm64, I do not know. > In what way do things get confused? Say, arch_uprobe_post_xol() should not blindly do user_disable_single_step(), this can confuse ptrace if TIF_SINGLESTEP was set by debugger which wants to step over the probed insn. > > I can't really answer since I know nothing about arm. x86 just needs to set > > X86_EFLAGS_TF, I guess arm needs to modify some register too? > > We have {user,kernel}_{enable,disable}_single_step for managing the various > registers controlling the single-step state machine on arm64. Yes, and perhaps uprobes can just do set_regs_spsr_ss() ? I never looked into arch/arm64/, but it seems that we only need to ensure that call_step_hook() will be called even if user_mode() == T, why do we need TIF_SINGLESTEP ? Nevermind. I can be easily wrong and let me repeat that I agree with user_{enable,disable}_single_step in the initial version in any case. Oleg.
Hi Pratyush, On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote: > --- a/arch/arm64/include/asm/debug-monitors.h > +++ b/arch/arm64/include/asm/debug-monitors.h > @@ -70,6 +70,9 @@ > #define BRK64_ESR_MASK 0xFFFF > #define BRK64_ESR_KPROBES 0x0004 > #define BRK64_OPCODE_KPROBES (AARCH64_BREAK_MON | (BRK64_ESR_KPROBES << 5)) > +/* uprobes BRK opcodes with ESR encoding */ > +#define BRK64_ESR_UPROBES 0x0008 > +#define BRK64_OPCODE_UPROBES (AARCH64_BREAK_MON | (BRK64_ESR_UPROBES << 5)) You can use 0x0005 as immediate, we don't need individual bits here. > --- a/arch/arm64/include/asm/probes.h > +++ b/arch/arm64/include/asm/probes.h > @@ -35,4 +35,8 @@ struct arch_specific_insn { > }; > #endif > > +#ifdef CONFIG_UPROBES > +typedef u32 uprobe_opcode_t; > +#endif We don't need #ifdef around this typedef. Also, all the other architectures seem to have this typedef in asm/uprobes.h. > --- a/arch/arm64/include/asm/ptrace.h > +++ b/arch/arm64/include/asm/ptrace.h > @@ -217,6 +217,14 @@ int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task); > > #include <asm-generic/ptrace.h> > > +#define procedure_link_pointer(regs) ((regs)->regs[30]) > + > +static inline void procedure_link_pointer_set(struct pt_regs *regs, > + unsigned long val) > +{ > + procedure_link_pointer(regs) = val; > +} Do you need these macro and function here? It seems that they are only used in arch_uretprobe_hijack_return_addr(), so you can just expand them in there, no need for additional definitions. > --- a/arch/arm64/include/asm/thread_info.h > +++ b/arch/arm64/include/asm/thread_info.h > @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void) > #define TIF_NEED_RESCHED 1 > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ > #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */ > +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */ Nitpick: you can just use 4 until we cover this gap. > --- /dev/null > +++ b/arch/arm64/include/asm/uprobes.h > @@ -0,0 +1,37 @@ > +/* > + * Copyright (C) 2014-2015 Pratyush Anand <panand@redhat.com> > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License version 2 as > + * published by the Free Software Foundation. > + */ > + > +#ifndef _ASM_UPROBES_H > +#define _ASM_UPROBES_H > + > +#include <asm/debug-monitors.h> > +#include <asm/insn.h> > +#include <asm/probes.h> > + > +#define MAX_UINSN_BYTES AARCH64_INSN_SIZE > + > +#define UPROBE_SWBP_INSN BRK64_OPCODE_UPROBES > +#define UPROBE_SWBP_INSN_SIZE 4 Nitpick: for consistency, just use AARCH64_INSN_SIZE. > +#define UPROBE_XOL_SLOT_BYTES MAX_UINSN_BYTES > + > +struct arch_uprobe_task { > + unsigned long saved_fault_code; > +}; > + > +struct arch_uprobe { > + union { > + u8 insn[MAX_UINSN_BYTES]; > + u8 ixol[MAX_UINSN_BYTES]; > + }; > + struct arch_probe_insn api; > + bool simulate; > +}; > + > +extern void flush_uprobe_xol_access(struct page *page, unsigned long uaddr, > + void *kaddr, unsigned long len); I don't think we need this. It doesn't seem to be used anywhere other than the arm64 uprobes.c file. So I would rather expose sync_icache_aliases(), similarly to __sync_icache_dcache(). > --- a/arch/arm64/kernel/entry.S > +++ b/arch/arm64/kernel/entry.S > @@ -688,7 +688,8 @@ ret_fast_syscall: > ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing > and x2, x1, #_TIF_SYSCALL_WORK > cbnz x2, ret_fast_syscall_trace > - and x2, x1, #_TIF_WORK_MASK > + mov x2, #_TIF_WORK_MASK > + and x2, x1, x2 Is this needed because _TIF_WORK_MASK cannot work as an immediate value to 'and'? We could reorder the TIF bits, they are not exposed to user to have ABI implications. > cbnz x2, work_pending > enable_step_tsk x1, x2 > kernel_exit 0 > @@ -718,7 +719,8 @@ work_resched: > ret_to_user: > disable_irq // disable interrupts > ldr x1, [tsk, #TI_FLAGS] > - and x2, x1, #_TIF_WORK_MASK > + mov x2, #_TIF_WORK_MASK > + and x2, x1, x2 > cbnz x2, work_pending > enable_step_tsk x1, x2 > kernel_exit 0 Same here. > --- /dev/null > +++ b/arch/arm64/kernel/probes/uprobes.c > @@ -0,0 +1,227 @@ > +/* > + * Copyright (C) 2014-2015 Pratyush Anand <panand@redhat.com> > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License version 2 as > + * published by the Free Software Foundation. > + */ > +#include <linux/highmem.h> > +#include <linux/ptrace.h> > +#include <linux/uprobes.h> > + > +#include "decode-insn.h" > + > +#define UPROBE_INV_FAULT_CODE UINT_MAX > + > +void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, > + void *src, unsigned long len) > +{ > + void *xol_page_kaddr = kmap_atomic(page); > + void *dst = xol_page_kaddr + (vaddr & ~PAGE_MASK); > + > + preempt_disable(); kmap_atomic() already disabled preemption. > + > + /* Initialize the slot */ > + memcpy(dst, src, len); > + > + /* flush caches (dcache/icache) */ > + flush_uprobe_xol_access(page, vaddr, dst, len); Just use sync_icache_aliases() here (once exposed in an arm64 header). > + > + preempt_enable(); > + > + kunmap_atomic(xol_page_kaddr); > +} > + > +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs) > +{ > + return instruction_pointer(regs); > +} > + > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, > + unsigned long addr) > +{ > + probe_opcode_t insn; > + > + /* TODO: Currently we do not support AARCH32 instruction probing */ Is there a way to check (not necessarily in this file) that we don't probe 32-bit tasks? > + if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE)) > + return -EINVAL; > + > + insn = *(probe_opcode_t *)(&auprobe->insn[0]); > + > + switch (arm_probe_decode_insn(insn, &auprobe->api)) { > + case INSN_REJECTED: > + return -EINVAL; > + > + case INSN_GOOD_NO_SLOT: > + auprobe->simulate = true; > + break; > + > + case INSN_GOOD: > + default: > + break; Nitpick, we don't need case INSN_GOOD as well since default would cover it (that's unless you want to change default to BUG()). > + } > + > + return 0; > +} > + > +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) > +{ > + struct uprobe_task *utask = current->utask; > + > + /* saved fault code is restored in post_xol */ > + utask->autask.saved_fault_code = current->thread.fault_code; Does the current->thread.fault_code has any meaning here? We use it in the arm64 code when delivering a signal to user but I don't think that's the case here, we are handling a breakpoint instruction and there isn't anything that set the fault_code. > + > + /* An invalid fault code between pre/post xol event */ > + current->thread.fault_code = UPROBE_INV_FAULT_CODE; > + > + /* Instruction point to execute ol */ > + instruction_pointer_set(regs, utask->xol_vaddr); > + > + user_enable_single_step(current); > + > + return 0; > +} > + > +int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) > +{ > + struct uprobe_task *utask = current->utask; > + > + WARN_ON_ONCE(current->thread.fault_code != UPROBE_INV_FAULT_CODE); > + > + /* restore fault code */ > + current->thread.fault_code = utask->autask.saved_fault_code; Same here, I don't think this needs restoring if it wasn't meaningful in the first place.
Hi Catalin, Thanks for your review. On 20/09/2016:05:59:46 PM, Catalin Marinas wrote: > Hi Pratyush, > > On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote: > > --- a/arch/arm64/include/asm/debug-monitors.h > > +++ b/arch/arm64/include/asm/debug-monitors.h > > @@ -70,6 +70,9 @@ > > #define BRK64_ESR_MASK 0xFFFF > > #define BRK64_ESR_KPROBES 0x0004 > > #define BRK64_OPCODE_KPROBES (AARCH64_BREAK_MON | (BRK64_ESR_KPROBES << 5)) > > +/* uprobes BRK opcodes with ESR encoding */ > > +#define BRK64_ESR_UPROBES 0x0008 > > +#define BRK64_OPCODE_UPROBES (AARCH64_BREAK_MON | (BRK64_ESR_UPROBES << 5)) > > You can use 0x0005 as immediate, we don't need individual bits here. OK. will define BRK64_ESR_UPROBES as 0x0005 > > > --- a/arch/arm64/include/asm/probes.h > > +++ b/arch/arm64/include/asm/probes.h > > @@ -35,4 +35,8 @@ struct arch_specific_insn { > > }; > > #endif > > > > +#ifdef CONFIG_UPROBES > > +typedef u32 uprobe_opcode_t; > > +#endif > > We don't need #ifdef around this typedef. Also, all the other > architectures seem to have this typedef in asm/uprobes.h. kprobe_opcode_t was defined here, so I defined it here as well. But yes, it would be good to move it to asm/uprobes.h to keep in sync with other arch. > > > --- a/arch/arm64/include/asm/ptrace.h > > +++ b/arch/arm64/include/asm/ptrace.h > > @@ -217,6 +217,14 @@ int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task); > > > > #include <asm-generic/ptrace.h> > > > > +#define procedure_link_pointer(regs) ((regs)->regs[30]) > > + > > +static inline void procedure_link_pointer_set(struct pt_regs *regs, > > + unsigned long val) > > +{ > > + procedure_link_pointer(regs) = val; > > +} > > Do you need these macro and function here? It seems that they are only > used in arch_uretprobe_hijack_return_addr(), so you can just expand them > in there, no need for additional definitions. I introduced it to keep sync with other register usage like instruction_pointer_set(). I have used it in uprobe code only, but I think, we can have a patch to modify following code, which can use them as well. arch/arm64/kernel/probes/kprobes.c: ri->ret_addr = (kprobe_opcode_t *)regs->regs[30]; arch/arm64/kernel/probes/kprobes.c: regs->regs[30] = (long)&kretprobe_trampoline; arch/arm64/kernel/process.c: lr = regs->regs[30]; arch/arm64/kernel/signal.c: __put_user_error(regs->regs[30], &sf->lr, err); arch/arm64/kernel/signal.c: regs->regs[30] = (unsigned long)sigtramp; > > > --- a/arch/arm64/include/asm/thread_info.h > > +++ b/arch/arm64/include/asm/thread_info.h > > @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void) > > #define TIF_NEED_RESCHED 1 > > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ > > #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */ > > +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */ > > Nitpick: you can just use 4 until we cover this gap. Hummm..as stated in commit log, Shi Yang suggested to define TIF_UPROBE as 5 in stead of 4, since 4 has already been used in -rt kernel. May be, I can put a comment in code as well. Or, keep it 4 and -rt kernel will change their definitions. I am OK with both. let me know. > > > --- /dev/null > > +++ b/arch/arm64/include/asm/uprobes.h > > @@ -0,0 +1,37 @@ > > +/* > > + * Copyright (C) 2014-2015 Pratyush Anand <panand@redhat.com> > > + * > > + * This program is free software; you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License version 2 as > > + * published by the Free Software Foundation. > > + */ > > + > > +#ifndef _ASM_UPROBES_H > > +#define _ASM_UPROBES_H > > + > > +#include <asm/debug-monitors.h> > > +#include <asm/insn.h> > > +#include <asm/probes.h> > > + > > +#define MAX_UINSN_BYTES AARCH64_INSN_SIZE > > + > > +#define UPROBE_SWBP_INSN BRK64_OPCODE_UPROBES > > +#define UPROBE_SWBP_INSN_SIZE 4 > > Nitpick: for consistency, just use AARCH64_INSN_SIZE. OK > > > +#define UPROBE_XOL_SLOT_BYTES MAX_UINSN_BYTES > > + > > +struct arch_uprobe_task { > > + unsigned long saved_fault_code; > > +}; > > + > > +struct arch_uprobe { > > + union { > > + u8 insn[MAX_UINSN_BYTES]; > > + u8 ixol[MAX_UINSN_BYTES]; > > + }; > > + struct arch_probe_insn api; > > + bool simulate; > > +}; > > + > > +extern void flush_uprobe_xol_access(struct page *page, unsigned long uaddr, > > + void *kaddr, unsigned long len); > > I don't think we need this. It doesn't seem to be used anywhere other > than the arm64 uprobes.c file. So I would rather expose > sync_icache_aliases(), similarly to __sync_icache_dcache(). OK. > > > --- a/arch/arm64/kernel/entry.S > > +++ b/arch/arm64/kernel/entry.S > > @@ -688,7 +688,8 @@ ret_fast_syscall: > > ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing > > and x2, x1, #_TIF_SYSCALL_WORK > > cbnz x2, ret_fast_syscall_trace > > - and x2, x1, #_TIF_WORK_MASK > > + mov x2, #_TIF_WORK_MASK > > + and x2, x1, x2 > > Is this needed because _TIF_WORK_MASK cannot work as an immediate value > to 'and'? We could reorder the TIF bits, they are not exposed to user to > have ABI implications. _TIF_WORK_MASK is defined as follows: #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \ _TIF_UPROBE) Re-ordering will not help, because 0-3 have already been used by previous definitions. Only way to use immediate value could be if, TIF_UPROBE is defined as 4. > > > cbnz x2, work_pending > > enable_step_tsk x1, x2 > > kernel_exit 0 > > @@ -718,7 +719,8 @@ work_resched: > > ret_to_user: > > disable_irq // disable interrupts > > ldr x1, [tsk, #TI_FLAGS] > > - and x2, x1, #_TIF_WORK_MASK > > + mov x2, #_TIF_WORK_MASK > > + and x2, x1, x2 > > cbnz x2, work_pending > > enable_step_tsk x1, x2 > > kernel_exit 0 > > Same here. > > > --- /dev/null > > +++ b/arch/arm64/kernel/probes/uprobes.c > > @@ -0,0 +1,227 @@ > > +/* > > + * Copyright (C) 2014-2015 Pratyush Anand <panand@redhat.com> > > + * > > + * This program is free software; you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License version 2 as > > + * published by the Free Software Foundation. > > + */ > > +#include <linux/highmem.h> > > +#include <linux/ptrace.h> > > +#include <linux/uprobes.h> > > + > > +#include "decode-insn.h" > > + > > +#define UPROBE_INV_FAULT_CODE UINT_MAX > > + > > +void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, > > + void *src, unsigned long len) > > +{ > > + void *xol_page_kaddr = kmap_atomic(page); > > + void *dst = xol_page_kaddr + (vaddr & ~PAGE_MASK); > > + > > + preempt_disable(); > > kmap_atomic() already disabled preemption. Yes..will remove. > > > + > > + /* Initialize the slot */ > > + memcpy(dst, src, len); > > + > > + /* flush caches (dcache/icache) */ > > + flush_uprobe_xol_access(page, vaddr, dst, len); > > Just use sync_icache_aliases() here (once exposed in an arm64 header). OK. > > > + > > + preempt_enable(); > > + > > + kunmap_atomic(xol_page_kaddr); > > +} > > + > > +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs) > > +{ > > + return instruction_pointer(regs); > > +} > > + > > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, > > + unsigned long addr) > > +{ > > + probe_opcode_t insn; > > + > > + /* TODO: Currently we do not support AARCH32 instruction probing */ > > Is there a way to check (not necessarily in this file) that we don't > probe 32-bit tasks? - Well, I do not have complete idea about it that, how it can be done. I think we can not check that just by looking a single bit in an instruction. My understanding is that, we can only know about it when we are executing the instruction, by reading pstate, but that would not be useful for uprobe instruction analysis. I hope, instruction encoding for aarch32 and aarch64 are different, and by analyzing for all types of aarch32 instructions, we will be able to decide that whether instruction is 32 bit trace-able or not. Accordingly, we can use either BRK or BKPT instruction for breakpoint generation. > > > + if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE)) > > + return -EINVAL; > > + > > + insn = *(probe_opcode_t *)(&auprobe->insn[0]); > > + > > + switch (arm_probe_decode_insn(insn, &auprobe->api)) { > > + case INSN_REJECTED: > > + return -EINVAL; > > + > > + case INSN_GOOD_NO_SLOT: > > + auprobe->simulate = true; > > + break; > > + > > + case INSN_GOOD: > > + default: > > + break; > > Nitpick, we don't need case INSN_GOOD as well since default would cover > it (that's unless you want to change default to BUG()). we will not have other than these 3, so need to introduce BUG(). I will remove INSN_GOOD. > > > + } > > + > > + return 0; > > +} > > + > > +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) > > +{ > > + struct uprobe_task *utask = current->utask; > > + > > + /* saved fault code is restored in post_xol */ > > + utask->autask.saved_fault_code = current->thread.fault_code; > > Does the current->thread.fault_code has any meaning here? We use it in > the arm64 code when delivering a signal to user but I don't think that's > the case here, we are handling a breakpoint instruction and there isn't > anything that set the fault_code. Correct, they will just having garbage values. will remove. > > > + > > + /* An invalid fault code between pre/post xol event */ > > + current->thread.fault_code = UPROBE_INV_FAULT_CODE; > > + > > + /* Instruction point to execute ol */ > > + instruction_pointer_set(regs, utask->xol_vaddr); > > + > > + user_enable_single_step(current); > > + > > + return 0; > > +} > > + > > +int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) > > +{ > > + struct uprobe_task *utask = current->utask; > > + > > + WARN_ON_ONCE(current->thread.fault_code != UPROBE_INV_FAULT_CODE); > > + > > + /* restore fault code */ > > + current->thread.fault_code = utask->autask.saved_fault_code; > > Same here, I don't think this needs restoring if it wasn't meaningful in > the first place. OK. ~Pratyush
On Wed, Sep 21, 2016 at 04:30:47PM +0530, Pratyush Anand wrote: > On 20/09/2016:05:59:46 PM, Catalin Marinas wrote: > > On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote: > > > --- a/arch/arm64/include/asm/thread_info.h > > > +++ b/arch/arm64/include/asm/thread_info.h > > > @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void) > > > #define TIF_NEED_RESCHED 1 > > > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ > > > #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */ > > > +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */ > > > > Nitpick: you can just use 4 until we cover this gap. > > Hummm..as stated in commit log, Shi Yang suggested to define TIF_UPROBE as 5 in > stead of 4, since 4 has already been used in -rt kernel. May be, I can put a > comment in code as well. > Or, keep it 4 and -rt kernel will change their definitions. I am OK with both. > let me know. I forgot about the -rt kernel. I guess the -rt guys need to rebase the patches anyway on top of mainline, so it's just a matter of sorting out a minor conflict (as I already said, these bits are internal to the kernel, so no ABI affected). For now, just use 4 so that we avoid additional asm changes. > > > --- a/arch/arm64/kernel/entry.S > > > +++ b/arch/arm64/kernel/entry.S > > > @@ -688,7 +688,8 @@ ret_fast_syscall: > > > ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing > > > and x2, x1, #_TIF_SYSCALL_WORK > > > cbnz x2, ret_fast_syscall_trace > > > - and x2, x1, #_TIF_WORK_MASK > > > + mov x2, #_TIF_WORK_MASK > > > + and x2, x1, x2 > > > > Is this needed because _TIF_WORK_MASK cannot work as an immediate value > > to 'and'? We could reorder the TIF bits, they are not exposed to user to > > have ABI implications. > > _TIF_WORK_MASK is defined as follows: > > #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ > _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \ > _TIF_UPROBE) > Re-ordering will not help, because 0-3 have already been used by previous > definitions. Only way to use immediate value could be if, TIF_UPROBE is defined > as 4. Yes, see above. > > > +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs) > > > +{ > > > + return instruction_pointer(regs); > > > +} > > > + > > > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, > > > + unsigned long addr) > > > +{ > > > + probe_opcode_t insn; > > > + > > > + /* TODO: Currently we do not support AARCH32 instruction probing */ > > > > Is there a way to check (not necessarily in this file) that we don't > > probe 32-bit tasks? > > - Well, I do not have complete idea about it that, how it can be done. I think > we can not check that just by looking a single bit in an instruction. > My understanding is that, we can only know about it when we are executing the > instruction, by reading pstate, but that would not be useful for uprobe > instruction analysis. > > I hope, instruction encoding for aarch32 and aarch64 are different, and by > analyzing for all types of aarch32 instructions, we will be able to decide > that whether instruction is 32 bit trace-able or not. Accordingly, we can use > either BRK or BKPT instruction for breakpoint generation. We may have some unrelated instruction encoding overlapping but I haven't checked. I was more thinking about whether we know which task is being probed and check is_compat_task() or maybe using compat_user_mode(regs).
On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: > On Wed, Sep 21, 2016 at 04:30:47PM +0530, Pratyush Anand wrote: > > On 20/09/2016:05:59:46 PM, Catalin Marinas wrote: > > > > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, > > > > + unsigned long addr) > > > > +{ > > > > + probe_opcode_t insn; > > > > + > > > > + /* TODO: Currently we do not support AARCH32 instruction probing */ > > > > > > Is there a way to check (not necessarily in this file) that we don't > > > probe 32-bit tasks? > > > > - Well, I do not have complete idea about it that, how it can be done. I think > > we can not check that just by looking a single bit in an instruction. > > My understanding is that, we can only know about it when we are executing the > > instruction, by reading pstate, but that would not be useful for uprobe > > instruction analysis. > > > > I hope, instruction encoding for aarch32 and aarch64 are different, and by > > analyzing for all types of aarch32 instructions, we will be able to decide > > that whether instruction is 32 bit trace-able or not. Accordingly, we can use > > either BRK or BKPT instruction for breakpoint generation. > > We may have some unrelated instruction encoding overlapping but I > haven't checked. I was more thinking about whether we know which task is > being probed and check is_compat_task() or maybe using > compat_user_mode(regs). I had thought of this, but problem is that we might not have task in existence when we enable uprobes. For example: Lets say we are inserting a trace probe at offset 0x690 in a executable binary. echo "p test:0x690" > /sys/kernel/debug/tracing/uprobe_events echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable In the 'enable' step, it is decided that whether instruction is traceable or not. (1) But at this point 'test' executable might not be running. (2) Even if it is running, is_compat_task() or compat_user_mode() might not be usable, as they work with 'current' task. What I was thinking that, let it go with 'TODO' as of now. Later on, we propose some changes in core layer, so that we can read the elf headers of executable binary. ELFCLASS will be able to tell us, whether its a 32 bit or 64 bit executable. I think, moving "struct uprobe" from kernel/events/uprobes.c to a include/linux header file will do the job. "struct arch_uprobe" is part of "struct uprobe". "struct arch_uprobe" is passed in arch_uprobe_analyze_insn(). So, we can access struct uprobe's "inode" element with this change. ~Pratyush
On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote: > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: > > On Wed, Sep 21, 2016 at 04:30:47PM +0530, Pratyush Anand wrote: > > > On 20/09/2016:05:59:46 PM, Catalin Marinas wrote: > > > > > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, > > > > > + unsigned long addr) > > > > > +{ > > > > > + probe_opcode_t insn; > > > > > + > > > > > + /* TODO: Currently we do not support AARCH32 instruction probing */ > > > > > > > > Is there a way to check (not necessarily in this file) that we don't > > > > probe 32-bit tasks? > > > > > > - Well, I do not have complete idea about it that, how it can be done. I think > > > we can not check that just by looking a single bit in an instruction. > > > My understanding is that, we can only know about it when we are executing the > > > instruction, by reading pstate, but that would not be useful for uprobe > > > instruction analysis. > > > > > > I hope, instruction encoding for aarch32 and aarch64 are different, and by > > > analyzing for all types of aarch32 instructions, we will be able to decide > > > that whether instruction is 32 bit trace-able or not. Accordingly, we can use > > > either BRK or BKPT instruction for breakpoint generation. > > > > We may have some unrelated instruction encoding overlapping but I > > haven't checked. I was more thinking about whether we know which task is > > being probed and check is_compat_task() or maybe using > > compat_user_mode(regs). > > I had thought of this, but problem is that we might not have task in existence > when we enable uprobes. For example: Lets say we are inserting a trace probe at > offset 0x690 in a executable binary. > > echo "p test:0x690" > /sys/kernel/debug/tracing/uprobe_events > echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable > > In the 'enable' step, it is decided that whether instruction is traceable or > not. > > (1) But at this point 'test' executable might not be running. > (2) Even if it is running, is_compat_task() or compat_user_mode() might not be > usable, as they work with 'current' task. What I find strange is that uprobes allows you to insert a breakpoint instruction that's not even compatible with the task (so it would SIGILL rather than generate a debug exception). > What I was thinking that, let it go with 'TODO' as of now. Only that I don't have any guarantee that someone is going to fix it ;). As a quick workaround you could check mm->task_size > TASK_SIZE_32 in the arch_uprobe_analyze_insn() function. > Later on, we propose some changes in core layer, so that we can read the elf > headers of executable binary. ELFCLASS will be able to tell us, whether its a 32 > bit or 64 bit executable. I think, moving "struct uprobe" from > kernel/events/uprobes.c to a include/linux header file will do the job. "struct > arch_uprobe" is part of "struct uprobe". "struct arch_uprobe" is passed in > arch_uprobe_analyze_insn(). So, we can access struct uprobe's "inode" element > with this change. You can get access to struct linux_binfmt via mm_struct but it doesn't currently help much since all the members of this structure point to static functions. Maybe an enum in struct linux_binfmt with format types exposed to the rest of the kernel?
On 22/09/2016:05:50:30 PM, Catalin Marinas wrote: > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote: > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: > > > On Wed, Sep 21, 2016 at 04:30:47PM +0530, Pratyush Anand wrote: > > > > On 20/09/2016:05:59:46 PM, Catalin Marinas wrote: > > > > > > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, > > > > > > + unsigned long addr) > > > > > > +{ > > > > > > + probe_opcode_t insn; > > > > > > + > > > > > > + /* TODO: Currently we do not support AARCH32 instruction probing */ > > > > > > > > > > Is there a way to check (not necessarily in this file) that we don't > > > > > probe 32-bit tasks? > > > > > > > > - Well, I do not have complete idea about it that, how it can be done. I think > > > > we can not check that just by looking a single bit in an instruction. > > > > My understanding is that, we can only know about it when we are executing the > > > > instruction, by reading pstate, but that would not be useful for uprobe > > > > instruction analysis. > > > > > > > > I hope, instruction encoding for aarch32 and aarch64 are different, and by > > > > analyzing for all types of aarch32 instructions, we will be able to decide > > > > that whether instruction is 32 bit trace-able or not. Accordingly, we can use > > > > either BRK or BKPT instruction for breakpoint generation. > > > > > > We may have some unrelated instruction encoding overlapping but I > > > haven't checked. I was more thinking about whether we know which task is > > > being probed and check is_compat_task() or maybe using > > > compat_user_mode(regs). > > > > I had thought of this, but problem is that we might not have task in existence > > when we enable uprobes. For example: Lets say we are inserting a trace probe at > > offset 0x690 in a executable binary. > > > > echo "p test:0x690" > /sys/kernel/debug/tracing/uprobe_events > > echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable > > > > In the 'enable' step, it is decided that whether instruction is traceable or > > not. > > > > (1) But at this point 'test' executable might not be running. Let me correct myself first here. When executable is not running, then, arch_uprobe_analyze_insn() is not called while uprobes enabling (ie writing '1' to 'enable'). In that case, it is called when binary is executed and task is created. > > (2) Even if it is running, is_compat_task() or compat_user_mode() might not be > > usable, as they work with 'current' task. > > What I find strange is that uprobes allows you to insert a breakpoint > instruction that's not even compatible with the task (so it would > SIGILL rather than generate a debug exception). > > > What I was thinking that, let it go with 'TODO' as of now. > > Only that I don't have any guarantee that someone is going to fix it ;). > > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in > the arch_uprobe_analyze_insn() function. It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can return -EINVAL when mm->task_size < TASK_SIZE_64. Thanks for your input. ~Pratyush
On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote: > On 22/09/2016:05:50:30 PM, Catalin Marinas wrote: > > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote: > > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: > > > > On Wed, Sep 21, 2016 at 04:30:47PM +0530, Pratyush Anand wrote: > > > > > On 20/09/2016:05:59:46 PM, Catalin Marinas wrote: > > > > > > > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, > > > > > > > + unsigned long addr) > > > > > > > +{ > > > > > > > + probe_opcode_t insn; > > > > > > > + > > > > > > > + /* TODO: Currently we do not support AARCH32 instruction probing */ > > > > > > > > > > > > Is there a way to check (not necessarily in this file) that we don't > > > > > > probe 32-bit tasks? > > > > > > > > > > - Well, I do not have complete idea about it that, how it can be done. I think > > > > > we can not check that just by looking a single bit in an instruction. > > > > > My understanding is that, we can only know about it when we are executing the > > > > > instruction, by reading pstate, but that would not be useful for uprobe > > > > > instruction analysis. > > > > > > > > > > I hope, instruction encoding for aarch32 and aarch64 are different, and by > > > > > analyzing for all types of aarch32 instructions, we will be able to decide > > > > > that whether instruction is 32 bit trace-able or not. Accordingly, we can use > > > > > either BRK or BKPT instruction for breakpoint generation. > > > > > > > > We may have some unrelated instruction encoding overlapping but I > > > > haven't checked. I was more thinking about whether we know which task is > > > > being probed and check is_compat_task() or maybe using > > > > compat_user_mode(regs). > > > > > > I had thought of this, but problem is that we might not have task in existence > > > when we enable uprobes. For example: Lets say we are inserting a trace probe at > > > offset 0x690 in a executable binary. > > > > > > echo "p test:0x690" > /sys/kernel/debug/tracing/uprobe_events > > > echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable > > > > > > In the 'enable' step, it is decided that whether instruction is traceable or > > > not. > > > > > > (1) But at this point 'test' executable might not be running. > > Let me correct myself first here. When executable is not running, then, > arch_uprobe_analyze_insn() is not called while uprobes enabling (ie writing '1' > to 'enable'). In that case, it is called when binary is executed and task is > created. I kind of figured this out. This function needs to read the actual instruction from memory, so that won't be possible until at least the executable file has an address_space in the kernel. What's not clear to me is how early this is done, do we have the mm_struct fully populated? > > > (2) Even if it is running, is_compat_task() or compat_user_mode() might not be > > > usable, as they work with 'current' task. > > > > What I find strange is that uprobes allows you to insert a breakpoint > > instruction that's not even compatible with the task (so it would > > SIGILL rather than generate a debug exception). > > > > > What I was thinking that, let it go with 'TODO' as of now. > > > > Only that I don't have any guarantee that someone is going to fix it ;). > > > > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in > > the arch_uprobe_analyze_insn() function. > > It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can > return -EINVAL when mm->task_size < TASK_SIZE_64. That's just a temporary workaround. If we ever merge ILP32, this test would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32). Looking at prepare_uprobe(), we have a weak is_trap_insn() function. This check is meaningless without knowing which instruction set we target. A false positive here, however, is not that bad as we wouldn't end up inserting the wrong breakpoint in the executable. But it looks to me like the core uprobe code needs to pass some additional information like the type of task or ELF format to the arch code to make a useful choice of breakpoint type.
On Fri, Sep 23, 2016 at 6:35 PM, Catalin Marinas <catalin.marinas@arm.com> wrote: > On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote: >> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote: >> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote: >> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: >> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in >> > the arch_uprobe_analyze_insn() function. >> >> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can >> return -EINVAL when mm->task_size < TASK_SIZE_64. > > That's just a temporary workaround. If we ever merge ILP32, this test > would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32). OK.. So what about doing something similar what x86 is doing. We can have a flag for task Type in arch specific mm_context_t. We also set this flag in COMPAT_SET_PERSONALITY() along with setting thread_info flag, and we clear them in SET_PERSONALITY(). > > Looking at prepare_uprobe(), we have a weak is_trap_insn() function. > This check is meaningless without knowing which instruction set we > target. A false positive here, however, is not that bad as we wouldn't > end up inserting the wrong breakpoint in the executable. But it looks to > me like the core uprobe code needs to pass some additional information > like the type of task or ELF format to the arch code to make a useful > choice of breakpoint type. It seems that 'strtle r0, [r0], #160' would have the closest matching aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too seems a bad instruction. So, may be we can use still weak is_trap_insn(). ~Pratyush
On Sun, Sep 25, 2016 at 10:32:28PM +0530, Pratyush Anand wrote: > On Fri, Sep 23, 2016 at 6:35 PM, Catalin Marinas > <catalin.marinas@arm.com> wrote: > > On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote: > >> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote: > >> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote: > >> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: > > >> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in > >> > the arch_uprobe_analyze_insn() function. > >> > >> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can > >> return -EINVAL when mm->task_size < TASK_SIZE_64. > > > > That's just a temporary workaround. If we ever merge ILP32, this test > > would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32). > > OK.. So what about doing something similar what x86 is doing. > We can have a flag for task Type in arch specific mm_context_t. We > also set this flag in COMPAT_SET_PERSONALITY() along with setting > thread_info flag, and we clear them in SET_PERSONALITY(). This looks like a better approach. > > Looking at prepare_uprobe(), we have a weak is_trap_insn() function. > > This check is meaningless without knowing which instruction set we > > target. A false positive here, however, is not that bad as we wouldn't > > end up inserting the wrong breakpoint in the executable. But it looks to > > me like the core uprobe code needs to pass some additional information > > like the type of task or ELF format to the arch code to make a useful > > choice of breakpoint type. > > It seems that 'strtle r0, [r0], #160' would have the closest matching > aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too > seems a bad instruction. So, may be we can use still weak > is_trap_insn(). Even if the is_trap_insn() check passes, we would reject the probe in arch_uprobe_analyze_insn() immediately after based on the mm type check, so not too bad. If we add support for probing 32-bit tasks, I would rather have is_trap_insn() take the mm_struct as argument so that a non-weak implementation can check for the correct encoding.
On 26/09/2016:12:01:59 PM, Catalin Marinas wrote: > On Sun, Sep 25, 2016 at 10:32:28PM +0530, Pratyush Anand wrote: > > On Fri, Sep 23, 2016 at 6:35 PM, Catalin Marinas > > <catalin.marinas@arm.com> wrote: > > > On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote: > > >> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote: > > >> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote: > > >> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: > > > > >> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in > > >> > the arch_uprobe_analyze_insn() function. > > >> > > >> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can > > >> return -EINVAL when mm->task_size < TASK_SIZE_64. > > > > > > That's just a temporary workaround. If we ever merge ILP32, this test > > > would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32). > > > > OK.. So what about doing something similar what x86 is doing. > > We can have a flag for task Type in arch specific mm_context_t. We > > also set this flag in COMPAT_SET_PERSONALITY() along with setting > > thread_info flag, and we clear them in SET_PERSONALITY(). > > This looks like a better approach. > > > > Looking at prepare_uprobe(), we have a weak is_trap_insn() function. > > > This check is meaningless without knowing which instruction set we > > > target. A false positive here, however, is not that bad as we wouldn't > > > end up inserting the wrong breakpoint in the executable. But it looks to > > > me like the core uprobe code needs to pass some additional information > > > like the type of task or ELF format to the arch code to make a useful > > > choice of breakpoint type. > > > > It seems that 'strtle r0, [r0], #160' would have the closest matching > > aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too > > seems a bad instruction. So, may be we can use still weak > > is_trap_insn(). > > Even if the is_trap_insn() check passes, we would reject the probe in > arch_uprobe_analyze_insn() immediately after based on the mm type check, > so not too bad. OK..I will have an always returning false from arm64 is_trap_insn() in v2. > > If we add support for probing 32-bit tasks, I would rather have > is_trap_insn() take the mm_struct as argument so that a non-weak > implementation can check for the correct encoding. Yes, for 32 bit task we would need mm_struct as arg in is_trap_insn() as well as in is_swbp_insn(). We would also need to have arm64 specific set_swbp(). Thanks for all your input. It was helpful. I will send V2 soon. ~Pratyush
On Mon, Sep 26, 2016 at 06:33:59PM +0530, Pratyush Anand wrote: > On 26/09/2016:12:01:59 PM, Catalin Marinas wrote: > > On Sun, Sep 25, 2016 at 10:32:28PM +0530, Pratyush Anand wrote: > > > On Fri, Sep 23, 2016 at 6:35 PM, Catalin Marinas > > > <catalin.marinas@arm.com> wrote: > > > > On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote: > > > >> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote: > > > >> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote: > > > >> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote: > > > > > > >> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in > > > >> > the arch_uprobe_analyze_insn() function. > > > >> > > > >> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can > > > >> return -EINVAL when mm->task_size < TASK_SIZE_64. > > > > > > > > That's just a temporary workaround. If we ever merge ILP32, this test > > > > would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32). > > > > > > OK.. So what about doing something similar what x86 is doing. > > > We can have a flag for task Type in arch specific mm_context_t. We > > > also set this flag in COMPAT_SET_PERSONALITY() along with setting > > > thread_info flag, and we clear them in SET_PERSONALITY(). > > > > This looks like a better approach. > > > > > > Looking at prepare_uprobe(), we have a weak is_trap_insn() function. > > > > This check is meaningless without knowing which instruction set we > > > > target. A false positive here, however, is not that bad as we wouldn't > > > > end up inserting the wrong breakpoint in the executable. But it looks to > > > > me like the core uprobe code needs to pass some additional information > > > > like the type of task or ELF format to the arch code to make a useful > > > > choice of breakpoint type. > > > > > > It seems that 'strtle r0, [r0], #160' would have the closest matching > > > aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too > > > seems a bad instruction. So, may be we can use still weak > > > is_trap_insn(). > > > > Even if the is_trap_insn() check passes, we would reject the probe in > > arch_uprobe_analyze_insn() immediately after based on the mm type check, > > so not too bad. > > OK..I will have an always returning false from arm64 is_trap_insn() in v2. For the time being, I think the default is_trap_insn() check is still useful on arm64. The problem gets trickier when we add AArch32 support as it may return 'true' on an AArch32 instruction that matches the AArch64 BRK (or vice-versa). That's when we need to either pass the mm to is_trap_insn() or simply return false and always perform the check in the arch_uprobe_analyze_insn() (which should, in addition, check for the trap instruction). There is also the is_trap_at_addr() function which uses is_trap_insn(). I haven't checked the call paths here, are there any implications if is_trap_insn() always returns false?
On Tuesday 27 September 2016 07:21 PM, Catalin Marinas wrote: >>>>> Looking at prepare_uprobe(), we have a weak is_trap_insn() function. >>>>> > > > > This check is meaningless without knowing which instruction set we >>>>> > > > > target. A false positive here, however, is not that bad as we wouldn't >>>>> > > > > end up inserting the wrong breakpoint in the executable. But it looks to >>>>> > > > > me like the core uprobe code needs to pass some additional information >>>>> > > > > like the type of task or ELF format to the arch code to make a useful >>>>> > > > > choice of breakpoint type. >>>> > > > >>>> > > > It seems that 'strtle r0, [r0], #160' would have the closest matching >>>> > > > aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too >>>> > > > seems a bad instruction. So, may be we can use still weak >>>> > > > is_trap_insn(). >>> > > >>> > > Even if the is_trap_insn() check passes, we would reject the probe in >>> > > arch_uprobe_analyze_insn() immediately after based on the mm type check, >>> > > so not too bad. >> > >> > OK..I will have an always returning false from arm64 is_trap_insn() in v2. > For the time being, I think the default is_trap_insn() check is still > useful on arm64. I have already sent V2 with arm64 is_trap_insn() :( > The problem gets trickier when we add AArch32 support > as it may return 'true' on an AArch32 instruction that matches the > AArch64 BRK (or vice-versa). That's when we need to either pass the mm > to is_trap_insn() or simply return false and always perform the check in > the arch_uprobe_analyze_insn() (which should, in addition, check for the > trap instruction). Yes, I agree that we will have to modify is_trap_insn() for supporting aarch32 task tracing. > > There is also the is_trap_at_addr() function which uses is_trap_insn(). > I haven't checked the call paths here, are there any implications if > is_trap_insn() always returns false? I had looked into it and also tested that a tracepoint at an application having a same instruction as that of "uprobe break instruction" ie "BRK #0x5" is rejected. So, I think a false positive return from is_tarp_insn() is still OK. ~Pratyush
On Tue, Sep 27, 2016 at 08:33:25PM +0530, Pratyush Anand wrote: > On Tuesday 27 September 2016 07:21 PM, Catalin Marinas wrote: > >There is also the is_trap_at_addr() function which uses is_trap_insn(). > >I haven't checked the call paths here, are there any implications if > >is_trap_insn() always returns false? > > I had looked into it and also tested that a tracepoint at an application > having a same instruction as that of "uprobe break instruction" ie "BRK > #0x5" is rejected. So, I think a false positive return from is_tarp_insn() > is still OK. Looking at handle_swbp(), if we hit a breakpoint for which we don't have a valid uprobe, this function currently sends a SIGTRAP. But if is_trap_insn() returns false always, is_trap_at_addr() would return 0 in this case so the SIGTRAP is never issued.
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 9f8b99e20557..77be79cb123b 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -232,6 +232,9 @@ config PGTABLE_LEVELS default 3 if ARM64_16K_PAGES && ARM64_VA_BITS_47 default 4 if !ARM64_64K_PAGES && ARM64_VA_BITS_48 +config ARCH_SUPPORTS_UPROBES + def_bool y + source "init/Kconfig" source "kernel/Kconfig.freezer" diff --git a/arch/arm64/include/asm/debug-monitors.h b/arch/arm64/include/asm/debug-monitors.h index 4b6b3f72a215..d04248b749a8 100644 --- a/arch/arm64/include/asm/debug-monitors.h +++ b/arch/arm64/include/asm/debug-monitors.h @@ -70,6 +70,9 @@ #define BRK64_ESR_MASK 0xFFFF #define BRK64_ESR_KPROBES 0x0004 #define BRK64_OPCODE_KPROBES (AARCH64_BREAK_MON | (BRK64_ESR_KPROBES << 5)) +/* uprobes BRK opcodes with ESR encoding */ +#define BRK64_ESR_UPROBES 0x0008 +#define BRK64_OPCODE_UPROBES (AARCH64_BREAK_MON | (BRK64_ESR_UPROBES << 5)) /* AArch32 */ #define DBG_ESR_EVT_BKPT 0x4 diff --git a/arch/arm64/include/asm/probes.h b/arch/arm64/include/asm/probes.h index e175a825b187..3d8fbca3f556 100644 --- a/arch/arm64/include/asm/probes.h +++ b/arch/arm64/include/asm/probes.h @@ -35,4 +35,8 @@ struct arch_specific_insn { }; #endif +#ifdef CONFIG_UPROBES +typedef u32 uprobe_opcode_t; +#endif + #endif diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h index ada08b5b036d..513daf050e84 100644 --- a/arch/arm64/include/asm/ptrace.h +++ b/arch/arm64/include/asm/ptrace.h @@ -217,6 +217,14 @@ int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task); #include <asm-generic/ptrace.h> +#define procedure_link_pointer(regs) ((regs)->regs[30]) + +static inline void procedure_link_pointer_set(struct pt_regs *regs, + unsigned long val) +{ + procedure_link_pointer(regs) = val; +} + #undef profile_pc extern unsigned long profile_pc(struct pt_regs *regs); diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h index abd64bd1f6d9..d5ebf2ee5024 100644 --- a/arch/arm64/include/asm/thread_info.h +++ b/arch/arm64/include/asm/thread_info.h @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void) #define TIF_NEED_RESCHED 1 #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */ +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */ #define TIF_NOHZ 7 #define TIF_SYSCALL_TRACE 8 #define TIF_SYSCALL_AUDIT 9 @@ -129,10 +130,12 @@ static inline struct thread_info *current_thread_info(void) #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) +#define _TIF_UPROBE (1 << TIF_UPROBE) #define _TIF_32BIT (1 << TIF_32BIT) #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ - _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE) + _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \ + _TIF_UPROBE) #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \ diff --git a/arch/arm64/include/asm/uprobes.h b/arch/arm64/include/asm/uprobes.h new file mode 100644 index 000000000000..434a3afebcd1 --- /dev/null +++ b/arch/arm64/include/asm/uprobes.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2014-2015 Pratyush Anand <panand@redhat.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#ifndef _ASM_UPROBES_H +#define _ASM_UPROBES_H + +#include <asm/debug-monitors.h> +#include <asm/insn.h> +#include <asm/probes.h> + +#define MAX_UINSN_BYTES AARCH64_INSN_SIZE + +#define UPROBE_SWBP_INSN BRK64_OPCODE_UPROBES +#define UPROBE_SWBP_INSN_SIZE 4 +#define UPROBE_XOL_SLOT_BYTES MAX_UINSN_BYTES + +struct arch_uprobe_task { + unsigned long saved_fault_code; +}; + +struct arch_uprobe { + union { + u8 insn[MAX_UINSN_BYTES]; + u8 ixol[MAX_UINSN_BYTES]; + }; + struct arch_probe_insn api; + bool simulate; +}; + +extern void flush_uprobe_xol_access(struct page *page, unsigned long uaddr, + void *kaddr, unsigned long len); +#endif diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 96e4a2b64cc1..801b9064b89a 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -688,7 +688,8 @@ ret_fast_syscall: ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing and x2, x1, #_TIF_SYSCALL_WORK cbnz x2, ret_fast_syscall_trace - and x2, x1, #_TIF_WORK_MASK + mov x2, #_TIF_WORK_MASK + and x2, x1, x2 cbnz x2, work_pending enable_step_tsk x1, x2 kernel_exit 0 @@ -718,7 +719,8 @@ work_resched: ret_to_user: disable_irq // disable interrupts ldr x1, [tsk, #TI_FLAGS] - and x2, x1, #_TIF_WORK_MASK + mov x2, #_TIF_WORK_MASK + and x2, x1, x2 cbnz x2, work_pending enable_step_tsk x1, x2 kernel_exit 0 diff --git a/arch/arm64/kernel/probes/Makefile b/arch/arm64/kernel/probes/Makefile index ce06312e3d34..89b6df613dde 100644 --- a/arch/arm64/kernel/probes/Makefile +++ b/arch/arm64/kernel/probes/Makefile @@ -1,3 +1,5 @@ obj-$(CONFIG_KPROBES) += kprobes.o decode-insn.o \ kprobes_trampoline.o \ simulate-insn.o +obj-$(CONFIG_UPROBES) += uprobes.o decode-insn.o \ + simulate-insn.o diff --git a/arch/arm64/kernel/probes/uprobes.c b/arch/arm64/kernel/probes/uprobes.c new file mode 100644 index 000000000000..4d9d21f6e22e --- /dev/null +++ b/arch/arm64/kernel/probes/uprobes.c @@ -0,0 +1,227 @@ +/* + * Copyright (C) 2014-2015 Pratyush Anand <panand@redhat.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ +#include <linux/highmem.h> +#include <linux/ptrace.h> +#include <linux/uprobes.h> + +#include "decode-insn.h" + +#define UPROBE_INV_FAULT_CODE UINT_MAX + +void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, + void *src, unsigned long len) +{ + void *xol_page_kaddr = kmap_atomic(page); + void *dst = xol_page_kaddr + (vaddr & ~PAGE_MASK); + + preempt_disable(); + + /* Initialize the slot */ + memcpy(dst, src, len); + + /* flush caches (dcache/icache) */ + flush_uprobe_xol_access(page, vaddr, dst, len); + + preempt_enable(); + + kunmap_atomic(xol_page_kaddr); +} + +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs) +{ + return instruction_pointer(regs); +} + +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, + unsigned long addr) +{ + probe_opcode_t insn; + + /* TODO: Currently we do not support AARCH32 instruction probing */ + + if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE)) + return -EINVAL; + + insn = *(probe_opcode_t *)(&auprobe->insn[0]); + + switch (arm_probe_decode_insn(insn, &auprobe->api)) { + case INSN_REJECTED: + return -EINVAL; + + case INSN_GOOD_NO_SLOT: + auprobe->simulate = true; + break; + + case INSN_GOOD: + default: + break; + } + + return 0; +} + +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) +{ + struct uprobe_task *utask = current->utask; + + /* saved fault code is restored in post_xol */ + utask->autask.saved_fault_code = current->thread.fault_code; + + /* An invalid fault code between pre/post xol event */ + current->thread.fault_code = UPROBE_INV_FAULT_CODE; + + /* Instruction point to execute ol */ + instruction_pointer_set(regs, utask->xol_vaddr); + + user_enable_single_step(current); + + return 0; +} + +int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) +{ + struct uprobe_task *utask = current->utask; + + WARN_ON_ONCE(current->thread.fault_code != UPROBE_INV_FAULT_CODE); + + /* restore fault code */ + current->thread.fault_code = utask->autask.saved_fault_code; + + /* Instruction point to execute next to breakpoint address */ + instruction_pointer_set(regs, utask->vaddr + 4); + + user_disable_single_step(current); + + return 0; +} +bool arch_uprobe_xol_was_trapped(struct task_struct *t) +{ + /* + * Between arch_uprobe_pre_xol and arch_uprobe_post_xol, if an xol + * insn itself is trapped, then detect the case with the help of + * invalid fault code which is being set in arch_uprobe_pre_xol and + * restored in arch_uprobe_post_xol. + */ + if (t->thread.fault_code != UPROBE_INV_FAULT_CODE) + return true; + + return false; +} + +bool arch_uprobe_skip_sstep(struct arch_uprobe *auprobe, struct pt_regs *regs) +{ + probe_opcode_t insn; + unsigned long addr; + + if (!auprobe->simulate) + return false; + + insn = *(probe_opcode_t *)(&auprobe->insn[0]); + addr = instruction_pointer(regs); + + if (auprobe->api.handler) + auprobe->api.handler(insn, addr, regs); + + return true; +} + +void arch_uprobe_abort_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) +{ + struct uprobe_task *utask = current->utask; + + current->thread.fault_code = utask->autask.saved_fault_code; + /* + * Task has received a fatal signal, so reset back to probbed + * address. + */ + instruction_pointer_set(regs, utask->vaddr); + + user_disable_single_step(current); +} + +bool arch_uretprobe_is_alive(struct return_instance *ret, enum rp_check ctx, + struct pt_regs *regs) +{ + /* + * If a simple branch instruction (B) was called for retprobed + * assembly label then return true even when regs->sp and ret->stack + * are same. It will insure that cleanup and reporting of return + * instances corresponding to callee label is done when + * handle_trampoline for called function is executed. + */ + if (ctx == RP_CHECK_CHAIN_CALL) + return regs->sp <= ret->stack; + else + return regs->sp < ret->stack; +} + +unsigned long +arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, + struct pt_regs *regs) +{ + unsigned long orig_ret_vaddr; + + orig_ret_vaddr = procedure_link_pointer(regs); + /* Replace the return addr with trampoline addr */ + procedure_link_pointer_set(regs, trampoline_vaddr); + + return orig_ret_vaddr; +} + +int arch_uprobe_exception_notify(struct notifier_block *self, + unsigned long val, void *data) +{ + return NOTIFY_DONE; +} + +static int __kprobes uprobe_breakpoint_handler(struct pt_regs *regs, + unsigned int esr) +{ + if (user_mode(regs) && uprobe_pre_sstep_notifier(regs)) + return DBG_HOOK_HANDLED; + + return DBG_HOOK_ERROR; +} + +static int __kprobes uprobe_single_step_handler(struct pt_regs *regs, + unsigned int esr) +{ + struct uprobe_task *utask = current->utask; + + if (user_mode(regs)) { + WARN_ON(utask && + (instruction_pointer(regs) != utask->xol_vaddr + 4)); + + if (uprobe_post_sstep_notifier(regs)) + return DBG_HOOK_HANDLED; + } + + return DBG_HOOK_ERROR; +} + +/* uprobe breakpoint handler hook */ +static struct break_hook uprobes_break_hook = { + .esr_mask = BRK64_ESR_MASK, + .esr_val = BRK64_ESR_UPROBES, + .fn = uprobe_breakpoint_handler, +}; + +/* uprobe single step handler hook */ +static struct step_hook uprobes_step_hook = { + .fn = uprobe_single_step_handler, +}; + +static int __init arch_init_uprobes(void) +{ + register_break_hook(&uprobes_break_hook); + register_step_hook(&uprobes_step_hook); + + return 0; +} + +device_initcall(arch_init_uprobes); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index a8eafdbc7cb8..0ff1208929c0 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -402,6 +402,9 @@ static void do_signal(struct pt_regs *regs) asmlinkage void do_notify_resume(struct pt_regs *regs, unsigned int thread_flags) { + if (thread_flags & _TIF_UPROBE) + uprobe_notify_resume(regs); + if (thread_flags & _TIF_SIGPENDING) do_signal(regs); @@ -412,5 +415,4 @@ asmlinkage void do_notify_resume(struct pt_regs *regs, if (thread_flags & _TIF_FOREIGN_FPSTATE) fpsimd_restore_current_state(); - } diff --git a/arch/arm64/mm/flush.c b/arch/arm64/mm/flush.c index 43a76b07eb32..179587614756 100644 --- a/arch/arm64/mm/flush.c +++ b/arch/arm64/mm/flush.c @@ -54,6 +54,12 @@ static void flush_ptrace_access(struct vm_area_struct *vma, struct page *page, sync_icache_aliases(kaddr, len); } +void flush_uprobe_xol_access(struct page *page, unsigned long uaddr, + void *kaddr, unsigned long len) +{ + sync_icache_aliases(kaddr, len); +} + /* * Copy user data from/to a page which is mapped into a different processes * address space. Really, we want to allow our "user space" model to handle
This patch adds support for uprobe on ARM64 architecture. Unit test for following has been done so far and they have been found working 1. Step-able instructions, like sub, ldr, add etc. 2. Simulation-able like ret, cbnz, cbz etc. 3. uretprobe 4. Reject-able instructions like sev, wfe etc. 5. trapped and abort xol path 6. probe at unaligned user address. 7. longjump test cases Currently it does not support aarch32 instruction probing. Thanks to Shi Yang <yang.shi@linaro.org, for suggesting to define TIF_UPROBE as 5 in stead of 4, since 4 has already been used in -rt kernel. Signed-off-by: Pratyush Anand <panand@redhat.com> Cc: Shi Yang <yang.shi@linaro.org> --- arch/arm64/Kconfig | 3 + arch/arm64/include/asm/debug-monitors.h | 3 + arch/arm64/include/asm/probes.h | 4 + arch/arm64/include/asm/ptrace.h | 8 ++ arch/arm64/include/asm/thread_info.h | 5 +- arch/arm64/include/asm/uprobes.h | 37 ++++++ arch/arm64/kernel/entry.S | 6 +- arch/arm64/kernel/probes/Makefile | 2 + arch/arm64/kernel/probes/uprobes.c | 227 ++++++++++++++++++++++++++++++++ arch/arm64/kernel/signal.c | 4 +- arch/arm64/mm/flush.c | 6 + 11 files changed, 301 insertions(+), 4 deletions(-) create mode 100644 arch/arm64/include/asm/uprobes.h create mode 100644 arch/arm64/kernel/probes/uprobes.c