From patchwork Wed Apr 13 20:23:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 8828281 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 6F137C0553 for ; Wed, 13 Apr 2016 20:25:49 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 6C4FA20379 for ; Wed, 13 Apr 2016 20:25:48 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7213C20374 for ; Wed, 13 Apr 2016 20:25:47 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1aqRKs-0005md-0G; Wed, 13 Apr 2016 20:24:26 +0000 Received: from mail-qk0-x22c.google.com ([2607:f8b0:400d:c09::22c]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1aqRKm-0005dU-OR for linux-arm-kernel@lists.infradead.org; Wed, 13 Apr 2016 20:24:22 +0000 Received: by mail-qk0-x22c.google.com with SMTP id r184so23686986qkc.1 for ; Wed, 13 Apr 2016 13:24:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=eFsAf/joGE/xRCScBQtI+7CAAYp83w7I2WEjdaKNpCo=; b=aBGP5KW03mZfzepkccnmWo0Vq9Gpl6RgBsEXVRez8EPHMINxu9lKYQ4IRzSCrN4emi BJBjfbIDNKD2O6ba2z0fulhwG55An6IqEjGs3H1mdAEUvIKU6SuWgrGd+If2OUodmwXz J/vUpkzb32JPf4OMClT69IrpXyACXBcYXIuJQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=eFsAf/joGE/xRCScBQtI+7CAAYp83w7I2WEjdaKNpCo=; b=JoFrBqQyv23dhCUBMWuIZBmKRJHEYnG2/qdOEa1MtXiz9pwB6Rd3E3rykN1l47uCXL iZaYT2dBbB3SYv8SHn7LJR0USFf7HNwEugJmpP5OGPyX5P89wxgo3zCtpLLOorNl6Iam d0sMFFvR2vG/Al8Nw9gUmeMGBziigTAV967iC0KGhICLYAE7r8OvD8k+pux4lwA2bAqQ o6cGzbSqHifRJumtkjen/yIycrrtmkBmjzbF63M6WDBHn6uVkKDlNeSODjlZky/fpZnJ zmWuW+IvvUtUnTA0XtITNnbT9lwqXlziyZ2iKv9PaEOtRlDE2ge4Tbaz8tbhllF+qtmF rjkA== X-Gm-Message-State: AOPr4FXTuJN7YPkfFzmzRvvPO+ejXN21SdwlYE5AUQgpfKFn4XeraasBQX7jjfQuai3tfj6p X-Received: by 10.55.204.197 with SMTP id n66mr13980166qkl.95.1460579039439; Wed, 13 Apr 2016 13:23:59 -0700 (PDT) Received: from ?IPv6:2601:191:8000:f700:20d4:cdd9:f353:3ca3? ([2601:191:8000:f700:20d4:cdd9:f353:3ca3]) by smtp.googlemail.com with ESMTPSA id q10sm16501016qha.25.2016.04.13.13.23.58 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 13 Apr 2016 13:23:58 -0700 (PDT) Subject: Re: [BUG] arm64 kprobe: Allow probing at rodata To: "Wangnan (F)" , sandeepa.s.prabhu@gmail.com, wcohen@redhat.com, panand@redhat.com, Will Deacon , catalin.marinas@arm.com References: <570659E7.3040408@huawei.com> From: David Long Message-ID: <570EAADD.3050805@linaro.org> Date: Wed, 13 Apr 2016 16:23:57 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <570659E7.3040408@huawei.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160413_132421_322090_59CA1512 X-CRM114-Status: GOOD ( 19.64 ) X-Spam-Score: -2.7 (--) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On 04/07/2016 09:00 AM, Wangnan (F) wrote: > Hi, > > When testing kprobe v12 we find a bug > > # echo 'p:kprobes/mykprobe1 ftrace_enable_fops' > > /sys/kernel/debug/tracing/kprobe_events > # echo 1 > /sys/kernel/debug/tracing/events/kprobes/mykprobe1/enable > > Unable to handle kernel paging request at virtual address d42003f0 > pgd = ffffffc009f64000 > [d42003f0] *pgd=0000000000000000, *pud=0000000000000000 > Internal error: Oops: 94000005 [#1] SMP > Modules linked in: > ... > > ftrace_enable_fops resides in rodata section, kprobe should not > allow user to put probe point on it. > > It seems arm64 intentionally puts rodata between _stext and _etext in > arch/arm64/kernel/vmlinux.lds.S, so I think we should introduce a symbol > before rodata and extra verification in kprobe on arm64. > > Thank you. > > Full output: > > # echo 'p:kprobes/mykprobe1 ftrace_enable_fops' > > /sys/kernel/debug/tracing/kprobe_events > # echo 1 > /sys/kernel/debug/tracing/events/kprobes/mykprobe1/enable > > Unable to handle kernel paging request at virtual address d42003f0 > pgd = ffffffc009f64000 > [d42003f0] *pgd=0000000000000000, *pud=0000000000000000 > Internal error: Oops: 94000005 [#1] SMP > Modules linked in: > CPU: 0 PID: 99 Comm: sh Not tainted 4.5.0+ #105 > Hardware name: linux,dummy-virt (DT) > task: ffffffc009fdc800 ti: ffffffc009ff4000 task.ti: ffffffc009ff4000 > PC is at module_put+0x38/0x218 > LR is at __fput+0xd4/0x1f4 > pc : [] lr : [] pstate: 20000145 > sp : ffffffc009ff7db0 > x29: ffffffc009ff7db0 x28: ffffffc009ff4000 > x27: ffffffc00053c000 x26: 0000000000000018 > x25: ffffffc00a01c610 x24: ffffffc0755a4f60 > x23: ffffffc075569500 x22: ffffffc0001d4c14 > x21: ffffffc0755a4f60 x20: 0000000000000008 > x19: 00000000d4200080 x18: 0000007ffdfbc7f0 > x17: 0000007fa78e3340 x16: ffffffc0001f4b84 > x15: 0000007fa796b598 x14: 000000000000024e > x13: 000000001b670000 x12: 0000000000000008 > x11: 0101010101010101 x10: ffffffc000fbdc88 > x9 : 0000000000000001 x8 : 0000000000001ffe > x7 : ffffffc009fdcfc8 x6 : 0000000000000015 > x5 : 0000000000000000 x4 : 0000000000000000 > x3 : 0000000000000001 x2 : 0000000000000000 > x1 : ffffffc009ff4000 x0 : 0000000000000001 > > Process sh (pid: 99, stack limit = 0xffffffc009ff4020) > Stack: (0xffffffc009ff7db0 to 0xffffffc009ff8000) > 7da0: ffffffc009ff7df0 ffffffc0001d4c14 > 7dc0: ffffffc00a01c600 0000000000000008 ffffffc0755a4f60 ffffffc0795f4c60 > 7de0: ffffffc075569500 ffffffc0755a4f60 ffffffc009ff7e50 ffffffc0001d4da8 > 7e00: ffffffc00a01c600 ffffffc009fdce68 ffffffc009fdc800 ffffffc0006614b0 > 7e20: ffffffc0009b3000 0000000000000015 000000000000011e 0000000000000000 > 7e40: 0000000000000058 0000000000000000 ffffffc009ff7e70 ffffffc0000ba5e0 > 7e60: 0000000000000000 ffffffc0001f4ca8 ffffffc009ff7eb0 ffffffc00008929c > 7e80: 0000000000000004 ffffffc009ff4000 ffffffffffffffff 0000007fa78e336c > 7ea0: 0000000020000000 0000000000000015 0000000000000000 ffffffc000085a9c > 7ec0: 0000000000000000 000000001b679560 0000000000000001 0000000000000001 > 7ee0: 0000000000000000 0000000000000000 000000001b67c970 0000000000000000 > 7f00: 0000000000000010 fefefefefefefefe 0000000000000018 fefefeff1a65ff30 > 7f20: 7f7f7f7f7f7f7f7f 0101010101010101 0000000000000008 000000001b670000 > 7f40: 0000000000000000 0000007fa796b598 00000000004aeb48 0000007fa78e3340 > 7f60: 0000007ffdfbc7f0 000000000000000b 000000001b679560 000000001b67c890 > 7f80: 0000000000000000 0000000000000000 0000000000000000 0000000000000002 > 7fa0: 000000001b679468 000000001b679430 000000000047edf0 0000007ffdfbca10 > 7fc0: 000000000042f770 0000007ffdfbca10 0000007fa78e336c 0000000020000000 > 7fe0: 000000000000000b 0000000000000018 0000000000000000 0000000000000000 > Call trace: > Exception stack(0xffffffc009ff7bf0 to 0xffffffc009ff7d10) > 7be0: 0000000000000000 0000000000000008 > 7c00: ffffffc009ff7db0 ffffffc000121760 ffffffc00a01c600 0000000000000015 > 7c20: ffffffc009ff7c50 ffffffc0000e7540 ffffffc0005319a8 ffffffc009fdc800 > 7c40: 0000000000000001 ffffffc0016a8000 ffffffc009ff7c90 ffffffc0000e73a4 > 7c60: ffffffc009ff7ca0 ffffffc0000e9e38 ffffffc009ff7ca0 ffffffc0000e9f70 > 7c80: 000000000000024d ffffffc009fdcf90 0000000000000001 ffffffc009ff4000 > 7ca0: 0000000000000000 0000000000000001 0000000000000000 0000000000000000 > 7cc0: 0000000000000015 ffffffc009fdcfc8 0000000000001ffe 0000000000000001 > 7ce0: ffffffc000fbdc88 0101010101010101 0000000000000008 000000001b670000 > 7d00: 000000000000024e 0000007fa796b598 > [] module_put+0x38/0x218 > [] __fput+0xd4/0x1f4 > [] ____fput+0x20/0x2c > [] task_work_run+0xb8/0xec > [] do_notify_resume+0x5c/0x70 > [] work_pending+0x10/0x14 > Code: d5384101 b9401820 11000400 b9001820 (b9437263) > ---[ end trace adc71e553dfc48ff ]--- > note: sh[99] exited with preempt_count 1 > Thanks for the bug report. Symbols already exist bracketing rodata. I have made the following change and it seems to achieve the desired affect. Unless I hear objections I will add this to the v12 changes when I post them (soon): switch (arm_kprobe_decode_insn(p->addr, &p->ainsn)) { diff --git a/arch/arm64/kernel/kprobes.c b/arch/arm64/kernel/kprobes.c index 13d3333..6b6ec28 100644 --- a/arch/arm64/kernel/kprobes.c +++ b/arch/arm64/kernel/kprobes.c @@ -81,12 +81,17 @@ static void __kprobes arch_simulate_insn(struct kprobe *p, struct pt_regs *regs) int __kprobes arch_prepare_kprobe(struct kprobe *p) { unsigned long probe_addr = (unsigned long)p->addr; + extern char __start_rodata[]; + extern char __end_rodata[]; /* copy instruction */ p->opcode = le32_to_cpu(*p->addr); if (in_exception_text(probe_addr)) return -EINVAL; + if (probe_addr >= (unsigned long) __start_rodata && + probe_addr <= (unsigned long) __end_rodata) + return -EINVAL; /* decode instruction */