On Fri, 16 Mar 2018 23:01:54 -0400 Steven Rostedt <rost...@goodmis.org> wrote:
> On Sat, 17 Mar 2018 10:22:11 +0900 > Masami Hiramatsu <mhira...@kernel.org> wrote: > > > Or, we can check it by ftrace_location_range() as below patch. > > Cute ;-) > > > > > Note that as a side-effect, we can not trace functions in trace_kprobe.c > > anymore, and this means it is hard to me to make a testcase of kprobe > > events. > > It was the easiest (and maintainable) way to make test cases... sigh. > > > > ----- > > tracing: kprobes: Prohibit probing on notrace function > > > > From: Masami Hiramatsu <mhira...@kernel.org> > > > > Prohibit kprobe-events probing on notrace function. > > Since probing on the notrace function can cause recursive > > event call. In most case those are just skipped, but > > in some case it falls into infinit recursive call. > > > > Signed-off-by: Masami Hiramatsu <mhira...@kernel.org> > > --- > > kernel/trace/trace_kprobe.c | 23 +++++++++++++++++++++++ > > 1 file changed, 23 insertions(+) > > > > diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c > > index 5ce9b8cf7be3..7404b012e51a 100644 > > --- a/kernel/trace/trace_kprobe.c > > +++ b/kernel/trace/trace_kprobe.c > > @@ -487,6 +487,23 @@ disable_trace_kprobe(struct trace_kprobe *tk, struct > > trace_event_file *file) > > return ret; > > } > > > > +#ifdef CONFIG_KPROBES_ON_FTRACE > > +static bool within_notrace_func(struct trace_kprobe *tk) > > +{ > > + unsigned long offset, size, addr; > > + > > + addr = kallsyms_lookup_name(trace_kprobe_symbol(tk)); > > + addr += trace_kprobe_offset(tk); > > + > > + if (!kallsyms_lookup_size_offset(addr, &size, &offset)) > > + return true; /* Out of range. */ > > + > > + return !ftrace_location_range(addr - offset, addr - offset + size); > > +} > > +#else > > +#define within_notrace_func(tk) (false) > > +#endif > > + > > /* Internal register function - just handle k*probes and flags */ > > static int __register_trace_kprobe(struct trace_kprobe *tk) > > { > > @@ -495,6 +512,12 @@ static int __register_trace_kprobe(struct trace_kprobe > > *tk) > > if (trace_probe_is_registered(&tk->tp)) > > return -EINVAL; > > > > + if (within_notrace_func(tk)) { > > + pr_warn("Could not probe notrace function %s\n", > > + trace_kprobe_symbol(tk)); > > + return -EINVAL; > > + } > > This will prevent probing assembly code. Do we want to do that? Or is > kprobes already prohibited from doing so? No, kprobes itself can probe any assembly code except for the area where can cause recursive hit as I explained. So anyway we still need to mark those functions NOKPROBE_SYMBOL. And note that this just prevent to probe those notrace code *via kprobe_events* interface. So pure kprobe user (like systemtap) is not effected by this change. So, maybe we would better to provide another debug knob which skips above check. This is only for non-experienced admins :) Thanks, > > -- Steve > > > > + > > for (i = 0; i < tk->tp.nr_args; i++) > > traceprobe_update_arg(&tk->tp.args[i]); > > > > > -- Masami Hiramatsu <mhira...@kernel.org>