On Mon, 17 Dec 2018 16:47:13 +0100 Andrea Righi <righi.and...@gmail.com> wrote:
> On Mon, Dec 17, 2018 at 05:20:25PM +0900, Masami Hiramatsu wrote: > > This is v2 series for showing correct kprobe blacklist in > > debugfs. > > > > v1 is here: > > > > https://lkml.org/lkml/2018/12/7/517 > > > > I splitted the RFC v1 patch into x86 and generic parts, > > also added a patch to remove unneeded arch-specific > > blacklist check function (because those have been added > > to the generic blacklist.) > > > > If this style is good, I will make another series for the > > archs which have own arch_within_kprobe_blacklist(), and > > eventually replace that with arch_populate_kprobe_blacklist() > > so that user can get the correct kprobe blacklist in debugfs. > > > > Thank you, > > Looks good to me. Thanks! > > Tested-by: Andrea Righi <righi.and...@gmail.com> Thank you for testing! > > Side question: there are certain symbols in arch/x86/xen that should be > blacklisted explicitly, because they're non-attachable. > > More exactly, all functions defined in arch/x86/xen/spinlock.c, > arch/x86/xen/time.c and arch/x86/xen/irq.c. > > The reason is that these files are compiled without -pg to allow the > usage of ftrace within a Xen domain apparently (from > arch/x86/xen/Makefile): > > ifdef CONFIG_FUNCTION_TRACER > # Do not profile debug and lowlevel utilities > CFLAGS_REMOVE_spinlock.o = -pg > CFLAGS_REMOVE_time.o = -pg > CFLAGS_REMOVE_irq.o = -pg > endif Actually, the reason why you can not probe those functions via tracing/kprobe_events is just a side effect. You can probe it if you write a kprobe module. Since the kprobe_events depends on some ftrace tracing functions, it sometimes cause a recursive call problem. To avoid this issue, I have introduced a CONFIG_KPROBE_EVENTS_ON_NOTRACE, see commit 45408c4f9250 ("tracing: kprobes: Prohibit probing on notrace function"). If you set CONFIG_KPROBE_EVENTS_ON_NOTRACE=n, you can continue putting probes on Xen spinlock functions too. > Do you see a nice and clean way to blacklist all these functions > (something like arch_populate_kprobe_blacklist()), or should we just > flag all of them explicitly with NOKPROBE_SYMBOL()? As I pointed, you can probe it via your own kprobe module. Like systemtap, you still can probe it. The blacklist is for "kprobes", not for "kprobe_events". (Those are used to same, but since the above commit, those are different now) I think the most sane solution is, identifying which (combination of) functions in ftrace (kernel/trace/*) causes a problem, marking those NOKPROBE_SYMBOL() and removing CONFIG_KPROBE_EVENTS_ON_NOTRACE. Thank you, -- Masami Hiramatsu <mhira...@kernel.org>