Currently the blacklist is maintained by hand in kprobes.c which is separated from the function definition and is hard to catch up the kernel update.
To solve this issue, I've tried to implement new NOKPROBE_SYMBOL() macro for making kprobe blacklist at build time. Since the NOKPROBE_SYMBOL() macros can be placed right after the function is defined, it is easy to maintain. This series replaces __kprobes with NOKPROBE_SYMBOL() macro or apply __always_inline annotation for some cases, because NOKPROBE_SYMBOL() will inhibit inlining by referring the symbol address. :( In this series, I replaced all __kprobes under kernel/ and arch/x86. For future work, I'd like to replace all the __kprobes annotation for all archs too. But this is just for review the impact of the cleanup. Also, I decided to classify current __kprobes annotation users who misuse it too many. Most of the preparation, registration, optimization functions related to kprobes are not involved in the breakpoint or other exception handling. This means that those never cause problems such as infinite recursion if we put kprobes on it. This also reduces blacklist a lot. For easy to check the blacklist, this series includes a patch which provides debugfs interface for the blacklist. You can see what address region/symbols are not allowed to probe via /sys/kernel/debug/kprobes/blacklist. The blacklist now also support modules. :) kprobes users can make a custom blacklisted functions which will be called from kprobes handlers. Example codes are also updated, so you can see how it works. This series also includes a change which prohibits probing on the address in .entry.text because the code is used for very low-level sensitive interrupt/syscall entries. Probing such code may cause unexpected result (actually most of that area is already in the kprobe blacklist). So I've decide to prohibit probing all of them. After applying this series, I got an empty .kprobes.text :) $ grep kprobes_text System.map ffffffff81604980 T __kprobes_text_end ffffffff81604980 T __kprobes_text_start Thank you, Changes from previous version: - Replace __kprobes with NOKPROBE_SYMBOL() and remove unneeded __kprobes on the files compiled on x86. - Add blacklist on modules support. - Add debugfs interface for blacklist. - Fix indent of the NOKPROBE_SYMBOL() by using tabs. - Fix NOKPROBE_SYMBOL() for expanding nested macro. - Update Documentations/kprobes.txt about blacklist. --- Masami Hiramatsu (22): kprobes: Prohibit probing on .entry.text code kprobes: Introduce NOKPROBE_SYMBOL() macro for blacklist kprobes: Show blacklist entries via debugfs kprobes: Support blacklist functions in module kprobes: Use NOKPROBE_SYMBOL() in sample modules kprobes/x86: Allow probe on some kprobe preparation functions kprobes/x86: Use NOKPROBE_SYMBOL instead of __kprobes kprobes: Allow probe on some kprobe functions kprobes: Use NOKPROBE_SYMBOL macro instead of __kprobes ftrace/kprobes: Allow probing on some preparation functions ftrace/kprobes: Use NOKPROBE_SYMBOL macro in ftrace x86/hw_breakpoint: Use NOKPROBE_SYMBOL macro in hw_breakpoint x86/trap: Use NOKPROBE_SYMBOL macro in trap.c x86/fault: Use NOKPROBE_SYMBOL macro in fault.c x86/alternative: Use NOKPROBE_SYMBOL macro in alternative.c x86/nmi: Use NOKPROBE_SYMBOL macro for nmi handlers x86/kvm: Use NOKPROBE_SYMBOL macro in kvm.c x86/dumpstack: Use NOKPROBE_SYMBOL macro in dumpstack.c [BUGFIX] kprobes/x86: Prohibit probing on debug_stack_* [BUGFIX] kprobes: Prohibit probing on func_ptr_is_kernel_text notifier: Use NOKPROBE_SYMBOL macro in notifier sched: Use NOKPROBE_SYMBOL macro in sched Documentation/kprobes.txt | 24 ++ arch/x86/include/asm/traps.h | 2 arch/x86/kernel/alternative.c | 3 arch/x86/kernel/apic/hw_nmi.c | 3 arch/x86/kernel/cpu/common.c | 4 arch/x86/kernel/cpu/perf_event.c | 3 arch/x86/kernel/cpu/perf_event_amd_ibs.c | 3 arch/x86/kernel/dumpstack.c | 9 - arch/x86/kernel/entry_32.S | 33 -- arch/x86/kernel/entry_64.S | 20 - arch/x86/kernel/hw_breakpoint.c | 6 arch/x86/kernel/kprobes/core.c | 97 ++++--- arch/x86/kernel/kprobes/ftrace.c | 17 + arch/x86/kernel/kprobes/opt.c | 32 +- arch/x86/kernel/kvm.c | 4 arch/x86/kernel/nmi.c | 18 + arch/x86/kernel/paravirt.c | 4 arch/x86/kernel/traps.c | 20 + arch/x86/mm/fault.c | 28 +- include/asm-generic/vmlinux.lds.h | 9 + include/linux/kprobes.h | 20 + include/linux/module.h | 5 kernel/extable.c | 2 kernel/kprobes.c | 415 ++++++++++++++++++------------ kernel/module.c | 6 kernel/notifier.c | 22 +- kernel/sched/core.c | 7 - kernel/trace/trace_event_perf.c | 5 kernel/trace/trace_kprobe.c | 53 ++-- kernel/trace/trace_probe.c | 78 +++--- kernel/trace/trace_probe.h | 4 samples/kprobes/jprobe_example.c | 1 samples/kprobes/kprobe_example.c | 3 samples/kprobes/kretprobe_example.c | 2 34 files changed, 580 insertions(+), 382 deletions(-) -- Masami HIRAMATSU IT Management Research Dept. Linux Technology Center Hitachi, Ltd., Yokohama Research Laboratory E-mail: masami.hiramatsu...@hitachi.com _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization