Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[PATCH 0/5] ARM64: Uprobe support added
65 views
Skip to first unread message
Pratyush Anand
Aug 2, 2016, 1:32:39 AM8/2/16
to linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, catalin...@arm.com, will....@arm.com, linux-...@vger.kernel.org, wco...@redhat.com, ol...@redhat.com, dave...@linaro.org, steve....@linaro.org, sri...@linux.vnet.ibm.com, vijaya...@caviumnetworks.com, Pratyush Anand
ARM64 kprobe support is lying in torvalds/linux.git:master now. Therefore
sending my uprobe patches which were dependent on decode-insn code of kprobe
patches.
Unit tests for following have been done so far and they have been found
working.
1. Step-able instructions, like sub, ldr, add etc.
2. Simulation-able like ret, cbnz, cbz etc.
3. uretprobe
4. Reject-able instructions like sev, wfe etc.
5. trapped and abort xol path
6. probe at unaligned user address.
7. longjump test cases
Currently it does not support aarch32 instruction probing.
RFC patches were sent long back, and all review comments for RFCs have been
incorporated. RFCs were here: https://lwn.net/Articles/648514/
Pratyush Anand (5):
arm64: kprobe: protect/rename few definitions to be reused by uprobe
arm64: kgdb_step_brk_fn: ignore other's exception
arm64: Handle TRAP_HWBRKPT for user mode as well
arm64: Handle TRAP_BRKPT for user mode as well
arm64: Add uprobe support
arch/arm64/Kconfig | 3 +
arch/arm64/include/asm/debug-monitors.h | 3 +
arch/arm64/include/asm/probes.h | 23 ++--
arch/arm64/include/asm/ptrace.h | 8 ++
arch/arm64/include/asm/thread_info.h | 5 +-
arch/arm64/include/asm/uprobes.h | 37 ++++++
arch/arm64/kernel/debug-monitors.c | 40 +++---
arch/arm64/kernel/entry.S | 6 +-
arch/arm64/kernel/kgdb.c | 3 +
arch/arm64/kernel/probes/Makefile | 2 +
arch/arm64/kernel/probes/decode-insn.c | 31 ++---
arch/arm64/kernel/probes/decode-insn.h | 8 +-
arch/arm64/kernel/probes/kprobes.c | 36 ++---
arch/arm64/kernel/probes/uprobes.c | 227 ++++++++++++++++++++++++++++++++
arch/arm64/kernel/signal.c | 4 +-
arch/arm64/mm/flush.c | 6 +
16 files changed, 378 insertions(+), 64 deletions(-)
create mode 100644 arch/arm64/include/asm/uprobes.h
create mode 100644 arch/arm64/kernel/probes/uprobes.c
--
2.5.5
sending my uprobe patches which were dependent on decode-insn code of kprobe
patches.
Unit tests for following have been done so far and they have been found
working.
1. Step-able instructions, like sub, ldr, add etc.
2. Simulation-able like ret, cbnz, cbz etc.
3. uretprobe
4. Reject-able instructions like sev, wfe etc.
5. trapped and abort xol path
6. probe at unaligned user address.
7. longjump test cases
Currently it does not support aarch32 instruction probing.
RFC patches were sent long back, and all review comments for RFCs have been
incorporated. RFCs were here: https://lwn.net/Articles/648514/
Pratyush Anand (5):
arm64: kprobe: protect/rename few definitions to be reused by uprobe
arm64: kgdb_step_brk_fn: ignore other's exception
arm64: Handle TRAP_HWBRKPT for user mode as well
arm64: Handle TRAP_BRKPT for user mode as well
arm64: Add uprobe support
arch/arm64/Kconfig | 3 +
arch/arm64/include/asm/debug-monitors.h | 3 +
arch/arm64/include/asm/probes.h | 23 ++--
arch/arm64/include/asm/ptrace.h | 8 ++
arch/arm64/include/asm/thread_info.h | 5 +-
arch/arm64/include/asm/uprobes.h | 37 ++++++
arch/arm64/kernel/debug-monitors.c | 40 +++---
arch/arm64/kernel/entry.S | 6 +-
arch/arm64/kernel/kgdb.c | 3 +
arch/arm64/kernel/probes/Makefile | 2 +
arch/arm64/kernel/probes/decode-insn.c | 31 ++---
arch/arm64/kernel/probes/decode-insn.h | 8 +-
arch/arm64/kernel/probes/kprobes.c | 36 ++---
arch/arm64/kernel/probes/uprobes.c | 227 ++++++++++++++++++++++++++++++++
arch/arm64/kernel/signal.c | 4 +-
arch/arm64/mm/flush.c | 6 +
16 files changed, 378 insertions(+), 64 deletions(-)
create mode 100644 arch/arm64/include/asm/uprobes.h
create mode 100644 arch/arm64/kernel/probes/uprobes.c
--
2.5.5
Oleg Nesterov
Aug 9, 2016, 2:50:04 PM8/9/16
to Pratyush Anand, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, catalin...@arm.com, will....@arm.com, linux-...@vger.kernel.org, wco...@redhat.com, dave...@linaro.org, steve....@linaro.org, sri...@linux.vnet.ibm.com, vijaya...@caviumnetworks.com, Shi Yang, Andre Przywara, Ard Biesheuvel, Ashok Kumar, James Morse, Jungseok Lee, Kirill A. Shutemov, Mark Rutland, Masami Hiramatsu, Robin Murphy, Sandeepa Prabhu, Shaokun Zhang, Suzuki K. Poulose, Vladimir Murzin
On 08/02, Pratyush Anand wrote:
>
> This patch adds support for uprobe on ARM64 architecture.
I know nothing about ARM, so I can't actually review this change.
But it looks good to me ;)
Just one note,
> +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> +{
> + struct uprobe_task *utask = current->utask;
> +
> + /* saved fault code is restored in post_xol */
> + utask->autask.saved_fault_code = current->thread.fault_code;
> +
> + /* An invalid fault code between pre/post xol event */
> + current->thread.fault_code = UPROBE_INV_FAULT_CODE;
> +
> + /* Instruction point to execute ol */
> + instruction_pointer_set(regs, utask->xol_vaddr);
> +
> + user_enable_single_step(current);
I don't think we want user_{enable,disable{_single_step in the long term,
please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
/user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
the same.
However, I agree we can do this later and initial version can use these
ptrace helpers.
Oleg.
>
> This patch adds support for uprobe on ARM64 architecture.
I know nothing about ARM, so I can't actually review this change.
But it looks good to me ;)
Just one note,
> +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> +{
> + struct uprobe_task *utask = current->utask;
> +
> + /* saved fault code is restored in post_xol */
> + utask->autask.saved_fault_code = current->thread.fault_code;
> +
> + /* An invalid fault code between pre/post xol event */
> + current->thread.fault_code = UPROBE_INV_FAULT_CODE;
> +
> + /* Instruction point to execute ol */
> + instruction_pointer_set(regs, utask->xol_vaddr);
> +
> + user_enable_single_step(current);
I don't think we want user_{enable,disable{_single_step in the long term,
please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
/user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
the same.
However, I agree we can do this later and initial version can use these
ptrace helpers.
Oleg.
Pratyush Anand
Aug 24, 2016, 3:13:21 AM8/24/16
to Oleg Nesterov, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, catalin...@arm.com, will....@arm.com, linux-...@vger.kernel.org, wco...@redhat.com, dave...@linaro.org, steve....@linaro.org, sri...@linux.vnet.ibm.com, vijaya...@caviumnetworks.com, Shi Yang, Andre Przywara, Ard Biesheuvel, Ashok Kumar, James Morse, Jungseok Lee, Kirill A. Shutemov, Mark Rutland, Masami Hiramatsu, Robin Murphy, Sandeepa Prabhu, Shaokun Zhang, Suzuki K. Poulose, Vladimir Murzin
Hi Oleg,
Thanks a lot for your review, and sorry for delayed response.
IIUC, then you mean that TIF_SINGLESTEP is a per task flag, while
arch_uprobe_pre/post_xol() should enable/disable single stepping using a per
uprobe_task, and we should have a flag in "struct arch_uprobe_task" to handle
this, right?
>
> However, I agree we can do this later and initial version can use these
> ptrace helpers.
Yes, I would also like to do that change latter, because these set of patches
have already been tested heavily with systemtap, so it would be better to go
with an incremental changes latter on.
~Pratyush
Thanks a lot for your review, and sorry for delayed response.
arch_uprobe_pre/post_xol() should enable/disable single stepping using a per
uprobe_task, and we should have a flag in "struct arch_uprobe_task" to handle
this, right?
>
> However, I agree we can do this later and initial version can use these
> ptrace helpers.
have already been tested heavily with systemtap, so it would be better to go
with an incremental changes latter on.
~Pratyush
Pratyush Anand
Aug 24, 2016, 3:26:36 AM8/24/16
to linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, catalin...@arm.com, will....@arm.com, linux-...@vger.kernel.org, wco...@redhat.com, ol...@redhat.com, dave...@linaro.org, steve....@linaro.org, sri...@linux.vnet.ibm.com, vijaya...@caviumnetworks.com
Hi Will/Catalin,
Do you have any specific comment for this patch set?
~Pratyush
[1] https://lkml.org/lkml/2016/8/22/69
Do you have any specific comment for this patch set?
~Pratyush
[1] https://lkml.org/lkml/2016/8/22/69
Will Deacon
Aug 24, 2016, 11:57:01 AM8/24/16
to Oleg Nesterov
On Wed, Aug 24, 2016 at 05:47:11PM +0200, Oleg Nesterov wrote:
> On 08/24, Pratyush Anand wrote:
> >
> > > I don't think we want user_{enable,disable{_single_step in the long term,
> > > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
> > > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
> > > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
> > > the same.
> >
> > IIUC, then you mean that TIF_SINGLESTEP is a per task flag,
>
> Yes, and nobody but ptrace should use it, otherwise ptrace/uprobes can confuse
> On 08/24, Pratyush Anand wrote:
> >
> > > I don't think we want user_{enable,disable{_single_step in the long term,
> > > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
> > > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
> > > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
> > > the same.
> >
> > IIUC, then you mean that TIF_SINGLESTEP is a per task flag,
>
> each other. And uprobes simply doesn't need to set/clear it.
We're already using it for kprobes, hw_breakpoint and kgdb as well as
ptrace, so I'd rather uprobes either followed existing practice, or we
converted everybody off the current code.
In what way do things get confused?
> > while
> > arch_uprobe_pre/post_xol() should enable/disable single stepping using a per
> > uprobe_task,
>
> X86_EFLAGS_TF, I guess arm needs to modify some register too?
We have {user,kernel}_{enable,disable}_single_step for managing the various
registers controlling the single-step state machine on arm64.
Will
Oleg Nesterov
Aug 24, 2016, 11:57:02 AM8/24/16
to Pratyush Anand, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, catalin...@arm.com, will....@arm.com, linux-...@vger.kernel.org, wco...@redhat.com, dave...@linaro.org, steve....@linaro.org, sri...@linux.vnet.ibm.com, vijaya...@caviumnetworks.com, Shi Yang, Andre Przywara, Ard Biesheuvel, Ashok Kumar, James Morse, Jungseok Lee, Kirill A. Shutemov, Mark Rutland, Masami Hiramatsu, Robin Murphy, Sandeepa Prabhu, Shaokun Zhang, Suzuki K. Poulose, Vladimir Murzin
Hi Pratyush,
On 08/24, Pratyush Anand wrote:
>
was already set by ptrace or something else.
> > However, I agree we can do this later and initial version can use these
> > ptrace helpers.
>
> Yes, I would also like to do that change latter, because these set of patches
> have already been tested heavily with systemtap, so it would be better to go
> with an incremental changes latter on.
Yes, yes, I agree. Let me repeat that this patch looks good to me as initial
version, but obviously I can't really revit it and/or ack.
Oleg.
On 08/24, Pratyush Anand wrote:
>
> > I don't think we want user_{enable,disable{_single_step in the long term,
> > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
> > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
> > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
> > the same.
>
> IIUC, then you mean that TIF_SINGLESTEP is a per task flag,
> > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
> > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
> > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
> > the same.
>
> IIUC, then you mean that TIF_SINGLESTEP is a per task flag,
Yes, and nobody but ptrace should use it, otherwise ptrace/uprobes can confuse
each other. And uprobes simply doesn't need to set/clear it.
each other. And uprobes simply doesn't need to set/clear it.
> while
> arch_uprobe_pre/post_xol() should enable/disable single stepping using a per
> uprobe_task,
> arch_uprobe_pre/post_xol() should enable/disable single stepping using a per
> uprobe_task,
I can't really answer since I know nothing about arm. x86 just needs to set
X86_EFLAGS_TF, I guess arm needs to modify some register too?
X86_EFLAGS_TF, I guess arm needs to modify some register too?
> and we should have a flag in "struct arch_uprobe_task" to handle
> this, right?
Probably yes, because we need to record/restore X86_EFLAGS_TF in case it
> this, right?
was already set by ptrace or something else.
> > However, I agree we can do this later and initial version can use these
> > ptrace helpers.
>
> Yes, I would also like to do that change latter, because these set of patches
> have already been tested heavily with systemtap, so it would be better to go
> with an incremental changes latter on.
version, but obviously I can't really revit it and/or ack.
Oleg.
Oleg Nesterov
Aug 25, 2016, 9:34:03 AM8/25/16
to Will Deacon
On 08/24, Will Deacon wrote:
>
> On Wed, Aug 24, 2016 at 05:47:11PM +0200, Oleg Nesterov wrote:
> > On 08/24, Pratyush Anand wrote:
> > >
> > > > I don't think we want user_{enable,disable{_single_step in the long term,
> > > > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
> > > > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
> > > > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
> > > > the same.
> > >
> > > IIUC, then you mean that TIF_SINGLESTEP is a per task flag,
> >
> > Yes, and nobody but ptrace should use it, otherwise ptrace/uprobes can confuse
> > each other. And uprobes simply doesn't need to set/clear it.
>
> We're already using it for kprobes, hw_breakpoint and kgdb as well as
> ptrace, so I'd rather uprobes either followed existing practice, or we
> converted everybody off the current code.
And perhaps this is fine for arm64, I do not know.
>
> On Wed, Aug 24, 2016 at 05:47:11PM +0200, Oleg Nesterov wrote:
> > On 08/24, Pratyush Anand wrote:
> > >
> > > > I don't think we want user_{enable,disable{_single_step in the long term,
> > > > please look at 9bd1190a11c9d2 "uprobes/x86: Do not (ab)use TIF_SINGLESTEP
> > > > /user_*_single_step() for single-stepping". it seems that ARM64 sets/clears
> > > > TIF_SINGLESTEP. You can also lool at saved_tf logic, probably ARM64 needs
> > > > the same.
> > >
> > > IIUC, then you mean that TIF_SINGLESTEP is a per task flag,
> >
> > Yes, and nobody but ptrace should use it, otherwise ptrace/uprobes can confuse
> > each other. And uprobes simply doesn't need to set/clear it.
>
> We're already using it for kprobes, hw_breakpoint and kgdb as well as
> ptrace, so I'd rather uprobes either followed existing practice, or we
> converted everybody off the current code.
> In what way do things get confused?
this can confuse ptrace if TIF_SINGLESTEP was set by debugger which wants
to step over the probed insn.
> > I can't really answer since I know nothing about arm. x86 just needs to set
> > X86_EFLAGS_TF, I guess arm needs to modify some register too?
>
> We have {user,kernel}_{enable,disable}_single_step for managing the various
> registers controlling the single-step state machine on arm64.
arch/arm64/, but it seems that we only need to ensure that call_step_hook()
will be called even if user_mode() == T, why do we need TIF_SINGLESTEP ?
Nevermind. I can be easily wrong and let me repeat that I agree with
user_{enable,disable}_single_step in the initial version in any case.
Oleg.
Catalin Marinas
Sep 6, 2016, 12:11:52 PM9/6/16
to Pratyush Anand, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, will....@arm.com, Yang Shi, steve....@linaro.org, sri...@linux.vnet.ibm.com, Suzuki K Poulose, vijaya...@caviumnetworks.com, linux-...@vger.kernel.org, ol...@redhat.com, dave...@linaro.org, Sandeepa Prabhu, wco...@redhat.com, Anna-Maria Gleixner
On Tue, Aug 02, 2016 at 11:00:07AM +0530, Pratyush Anand wrote:
> --- a/arch/arm64/kernel/debug-monitors.c
> +++ b/arch/arm64/kernel/debug-monitors.c
> @@ -246,6 +246,8 @@ static void send_user_sigtrap(int si_code)
> static int single_step_handler(unsigned long addr, unsigned int esr,
> struct pt_regs *regs)
> {
> + bool handler_found = false;
> +
> /*
> * If we are stepping a pending breakpoint, call the hw_breakpoint
> * handler first.
> @@ -253,7 +255,14 @@ static int single_step_handler(unsigned long addr, unsigned int esr,
> if (!reinstall_suspended_bps(regs))
> return 0;
>
> - if (user_mode(regs)) {
> +#ifdef CONFIG_KPROBES
> + if (kprobe_single_step_handler(regs, esr) == DBG_HOOK_HANDLED)
> + handler_found = true;
> +#endif
> + if (!handler_found && call_step_hook(regs, esr) == DBG_HOOK_HANDLED)
> + handler_found = true;
> +
> + if (!handler_found && user_mode(regs)) {
> send_user_sigtrap(TRAP_HWBKPT);
Could we register kprobe_single_step_handler() via register_set_hook()
and only invoke call_step_hook() above?
--
Catalin
> --- a/arch/arm64/kernel/debug-monitors.c
> +++ b/arch/arm64/kernel/debug-monitors.c
> @@ -246,6 +246,8 @@ static void send_user_sigtrap(int si_code)
> static int single_step_handler(unsigned long addr, unsigned int esr,
> struct pt_regs *regs)
> {
> + bool handler_found = false;
> +
> /*
> * If we are stepping a pending breakpoint, call the hw_breakpoint
> * handler first.
> @@ -253,7 +255,14 @@ static int single_step_handler(unsigned long addr, unsigned int esr,
> if (!reinstall_suspended_bps(regs))
> return 0;
>
> - if (user_mode(regs)) {
> +#ifdef CONFIG_KPROBES
> + if (kprobe_single_step_handler(regs, esr) == DBG_HOOK_HANDLED)
> + handler_found = true;
> +#endif
> + if (!handler_found && call_step_hook(regs, esr) == DBG_HOOK_HANDLED)
> + handler_found = true;
> +
> + if (!handler_found && user_mode(regs)) {
> send_user_sigtrap(TRAP_HWBKPT);
Could we register kprobe_single_step_handler() via register_set_hook()
and only invoke call_step_hook() above?
--
Catalin
Catalin Marinas
Sep 6, 2016, 12:34:46 PM9/6/16
to Pratyush Anand, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, will....@arm.com, Yang Shi, steve....@linaro.org, sri...@linux.vnet.ibm.com, Suzuki K Poulose, vijaya...@caviumnetworks.com, linux-...@vger.kernel.org, ol...@redhat.com, dave...@linaro.org, Sandeepa Prabhu, wco...@redhat.com
On Tue, Aug 02, 2016 at 11:00:08AM +0530, Pratyush Anand wrote:
> --- a/arch/arm64/kernel/debug-monitors.c
> +++ b/arch/arm64/kernel/debug-monitors.c
> @@ -326,16 +326,20 @@ NOKPROBE_SYMBOL(call_break_hook);
> --- a/arch/arm64/kernel/debug-monitors.c
> +++ b/arch/arm64/kernel/debug-monitors.c
> static int brk_handler(unsigned long addr, unsigned int esr,
> struct pt_regs *regs)
> {
> - if (user_mode(regs)) {
> - send_user_sigtrap(TRAP_BRKPT);
> - }
> + bool handler_found = false;
> +
> #ifdef CONFIG_KPROBES
> +
> - else if ((esr & BRK64_ESR_MASK) == BRK64_ESR_KPROBES) {
> - if (kprobe_breakpoint_handler(regs, esr) != DBG_HOOK_HANDLED)
> - return -EFAULT;
> + if ((esr & BRK64_ESR_MASK) == BRK64_ESR_KPROBES) {
> + if (kprobe_breakpoint_handler(regs, esr) == DBG_HOOK_HANDLED)
> + handler_found = true;
> }
> #endif
> - else if (call_break_hook(regs, esr) != DBG_HOOK_HANDLED) {
> + if (!handler_found && call_break_hook(regs, esr) == DBG_HOOK_HANDLED)
> + handler_found = true;
> +
> + if (!handler_found && user_mode(regs)) {
> + send_user_sigtrap(TRAP_BRKPT);
> +
> + if (!handler_found && user_mode(regs)) {
> + } else if (!handler_found) {
> pr_warn("Unexpected kernel BRK exception at EL1\n");
> return -EFAULT;
> }
I think we could do the same here with a single call_break_hook() and
making sure that the corresponding handlers check the esr for the
corresponding BRK encoding.
--
Catalin
David Long
Sep 6, 2016, 5:36:59 PM9/6/16
to Catalin Marinas, Pratyush Anand, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, will....@arm.com, Yang Shi, steve....@linaro.org, sri...@linux.vnet.ibm.com, Suzuki K Poulose, vijaya...@caviumnetworks.com, linux-...@vger.kernel.org, ol...@redhat.com, Sandeepa Prabhu, wco...@redhat.com, Anna-Maria Gleixner
patch of mine. The concern was that it would cause unnecessarily more
kernel functions to be kprobes-blacklisted. Hence the hardcoded check
and call.
-dl
Pratyush Anand
Sep 7, 2016, 12:48:12 AM9/7/16
to David Long, Catalin Marinas, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, will....@arm.com, Yang Shi, steve....@linaro.org, sri...@linux.vnet.ibm.com, Suzuki K Poulose, vijaya...@caviumnetworks.com, linux-...@vger.kernel.org, ol...@redhat.com, Sandeepa Prabhu, wco...@redhat.com, Anna-Maria Gleixner
receive a break/single step exception to the point where it is handled for
kprobe. Therefore we must call kprobe_single_step/breakpoint_handler() before
other handlers. Otherwise, we would not be able to trace other handlers and the
functions called from those handlers.
~Pratyush
Catalin Marinas
Sep 7, 2016, 9:41:38 AM9/7/16
to David Long, Pratyush Anand, Yang Shi, steve....@linaro.org, sri...@linux.vnet.ibm.com, Suzuki K Poulose, vijaya...@caviumnetworks.com, will....@arm.com, linux-...@vger.kernel.org, ol...@redhat.com, Sandeepa Prabhu, li...@arm.linux.org.uk, wco...@redhat.com, Anna-Maria Gleixner, linux-ar...@lists.infradead.org
--
Catalin
Pratyush Anand
Sep 19, 2016, 10:51:14 PM9/19/16
to Catalin Marinas, Will Deacon, open list, Will Cohen, Oleg Nesterov, Dave Long, Steve Capper, sri...@linux.vnet.ibm.com, vijaya...@caviumnetworks.com, linux-arm-kernel, Russell King - ARM Linux
Hi Will/Catalin,
So far there is no comment which would require any modification in
this patch set. However, a rebase would be required, because we have a
fixup "arm64: Improve kprobes test for atomic sequence" in the next
now. Also, since we have "arm64: kprobe: Always clear pstate.D in
breakpoint exception handler" in next, so I can remove __kprobes tag
from uprobe_breakpoint_handler() and uprobe_single_step_handler().
Do you think that these patches are good to be taken for 4.9? If yes,
then I will send a quick V2 with above modifications.
~Pratyush
So far there is no comment which would require any modification in
this patch set. However, a rebase would be required, because we have a
fixup "arm64: Improve kprobes test for atomic sequence" in the next
now. Also, since we have "arm64: kprobe: Always clear pstate.D in
breakpoint exception handler" in next, so I can remove __kprobes tag
from uprobe_breakpoint_handler() and uprobe_single_step_handler().
Do you think that these patches are good to be taken for 4.9? If yes,
then I will send a quick V2 with above modifications.
~Pratyush
Catalin Marinas
Sep 20, 2016, 1:00:03 PM9/20/16
to Pratyush Anand, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, will....@arm.com, Mark Rutland, sri...@linux.vnet.ibm.com, ol...@redhat.com, Jungseok Lee, vijaya...@caviumnetworks.com, dave...@linaro.org, Shi Yang, Vladimir Murzin, steve....@linaro.org, Suzuki K. Poulose, Andre Przywara, Shaokun Zhang, Ashok Kumar, Sandeepa Prabhu, wco...@redhat.com, Ard Biesheuvel, linux-...@vger.kernel.org, James Morse, Masami Hiramatsu, Robin Murphy, Kirill A. Shutemov
Hi Pratyush,
On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote:
> --- a/arch/arm64/include/asm/debug-monitors.h
> +++ b/arch/arm64/include/asm/debug-monitors.h
> @@ -70,6 +70,9 @@
> #define BRK64_ESR_MASK 0xFFFF
> #define BRK64_ESR_KPROBES 0x0004
> #define BRK64_OPCODE_KPROBES (AARCH64_BREAK_MON | (BRK64_ESR_KPROBES << 5))
> +/* uprobes BRK opcodes with ESR encoding */
> +#define BRK64_ESR_UPROBES 0x0008
> +#define BRK64_OPCODE_UPROBES (AARCH64_BREAK_MON | (BRK64_ESR_UPROBES << 5))
You can use 0x0005 as immediate, we don't need individual bits here.
> --- a/arch/arm64/include/asm/probes.h
> +++ b/arch/arm64/include/asm/probes.h
> @@ -35,4 +35,8 @@ struct arch_specific_insn {
> };
> #endif
>
> +#ifdef CONFIG_UPROBES
> +typedef u32 uprobe_opcode_t;
> +#endif
We don't need #ifdef around this typedef. Also, all the other
architectures seem to have this typedef in asm/uprobes.h.
> --- a/arch/arm64/include/asm/ptrace.h
> +++ b/arch/arm64/include/asm/ptrace.h
> @@ -217,6 +217,14 @@ int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task);
>
> #include <asm-generic/ptrace.h>
>
> +#define procedure_link_pointer(regs) ((regs)->regs[30])
> +
> +static inline void procedure_link_pointer_set(struct pt_regs *regs,
> + unsigned long val)
> +{
> + procedure_link_pointer(regs) = val;
> +}
Do you need these macro and function here? It seems that they are only
used in arch_uretprobe_hijack_return_addr(), so you can just expand them
in there, no need for additional definitions.
> --- a/arch/arm64/include/asm/thread_info.h
> +++ b/arch/arm64/include/asm/thread_info.h
> @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void)
> #define TIF_NEED_RESCHED 1
> #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
> #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */
> +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */
Nitpick: you can just use 4 until we cover this gap.
> --- /dev/null
> +++ b/arch/arm64/include/asm/uprobes.h
> @@ -0,0 +1,37 @@
> +/*
> + * Copyright (C) 2014-2015 Pratyush Anand <pan...@redhat.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> +#ifndef _ASM_UPROBES_H
> +#define _ASM_UPROBES_H
> +
> +#include <asm/debug-monitors.h>
> +#include <asm/insn.h>
> +#include <asm/probes.h>
> +
> +#define MAX_UINSN_BYTES AARCH64_INSN_SIZE
> +
> +#define UPROBE_SWBP_INSN BRK64_OPCODE_UPROBES
> +#define UPROBE_SWBP_INSN_SIZE 4
Nitpick: for consistency, just use AARCH64_INSN_SIZE.
> +#define UPROBE_XOL_SLOT_BYTES MAX_UINSN_BYTES
> +
> +struct arch_uprobe_task {
> + unsigned long saved_fault_code;
> +};
> +
> +struct arch_uprobe {
> + union {
> + u8 insn[MAX_UINSN_BYTES];
> + u8 ixol[MAX_UINSN_BYTES];
> + };
> + struct arch_probe_insn api;
> + bool simulate;
> +};
> +
> +extern void flush_uprobe_xol_access(struct page *page, unsigned long uaddr,
> + void *kaddr, unsigned long len);
I don't think we need this. It doesn't seem to be used anywhere other
than the arm64 uprobes.c file. So I would rather expose
sync_icache_aliases(), similarly to __sync_icache_dcache().
> --- a/arch/arm64/kernel/entry.S
> +++ b/arch/arm64/kernel/entry.S
> @@ -688,7 +688,8 @@ ret_fast_syscall:
> ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing
> and x2, x1, #_TIF_SYSCALL_WORK
> cbnz x2, ret_fast_syscall_trace
> - and x2, x1, #_TIF_WORK_MASK
> + mov x2, #_TIF_WORK_MASK
> + and x2, x1, x2
Is this needed because _TIF_WORK_MASK cannot work as an immediate value
to 'and'? We could reorder the TIF bits, they are not exposed to user to
have ABI implications.
> cbnz x2, work_pending
> enable_step_tsk x1, x2
> kernel_exit 0
> @@ -718,7 +719,8 @@ work_resched:
> ret_to_user:
> disable_irq // disable interrupts
> ldr x1, [tsk, #TI_FLAGS]
> - and x2, x1, #_TIF_WORK_MASK
> + mov x2, #_TIF_WORK_MASK
> + and x2, x1, x2
> cbnz x2, work_pending
> enable_step_tsk x1, x2
> kernel_exit 0
Same here.
> --- /dev/null
> +++ b/arch/arm64/kernel/probes/uprobes.c
> @@ -0,0 +1,227 @@
> +/*
> + * Copyright (C) 2014-2015 Pratyush Anand <pan...@redhat.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +#include <linux/highmem.h>
> +#include <linux/ptrace.h>
> +#include <linux/uprobes.h>
> +
> +#include "decode-insn.h"
> +
> +#define UPROBE_INV_FAULT_CODE UINT_MAX
> +
> +void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr,
> + void *src, unsigned long len)
> +{
> + void *xol_page_kaddr = kmap_atomic(page);
> + void *dst = xol_page_kaddr + (vaddr & ~PAGE_MASK);
> +
> + preempt_disable();
kmap_atomic() already disabled preemption.
> +
> + /* Initialize the slot */
> + memcpy(dst, src, len);
> +
> + /* flush caches (dcache/icache) */
> + flush_uprobe_xol_access(page, vaddr, dst, len);
Just use sync_icache_aliases() here (once exposed in an arm64 header).
> +
> + preempt_enable();
> +
> + kunmap_atomic(xol_page_kaddr);
> +}
> +
> +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs)
> +{
> + return instruction_pointer(regs);
> +}
> +
> +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
> + unsigned long addr)
> +{
> + probe_opcode_t insn;
> +
> + /* TODO: Currently we do not support AARCH32 instruction probing */
Is there a way to check (not necessarily in this file) that we don't
probe 32-bit tasks?
> + if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE))
> + return -EINVAL;
> +
> + insn = *(probe_opcode_t *)(&auprobe->insn[0]);
> +
> + switch (arm_probe_decode_insn(insn, &auprobe->api)) {
> + case INSN_REJECTED:
> + return -EINVAL;
> +
> + case INSN_GOOD_NO_SLOT:
> + auprobe->simulate = true;
> + break;
> +
> + case INSN_GOOD:
> + default:
> + break;
Nitpick, we don't need case INSN_GOOD as well since default would cover
it (that's unless you want to change default to BUG()).
> + }
> +
> + return 0;
> +}
> +
the arm64 code when delivering a signal to user but I don't think that's
the case here, we are handling a breakpoint instruction and there isn't
anything that set the fault_code.
> +
> + /* An invalid fault code between pre/post xol event */
> + current->thread.fault_code = UPROBE_INV_FAULT_CODE;
> +
> + /* Instruction point to execute ol */
> + instruction_pointer_set(regs, utask->xol_vaddr);
> +
> + user_enable_single_step(current);
> +
> + return 0;
> +}
> +
> +int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> +
> + /* restore fault code */
> + current->thread.fault_code = utask->autask.saved_fault_code;
Same here, I don't think this needs restoring if it wasn't meaningful in
the first place.
--
Catalin
On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote:
> --- a/arch/arm64/include/asm/debug-monitors.h
> +++ b/arch/arm64/include/asm/debug-monitors.h
> @@ -70,6 +70,9 @@
> #define BRK64_ESR_MASK 0xFFFF
> #define BRK64_ESR_KPROBES 0x0004
> #define BRK64_OPCODE_KPROBES (AARCH64_BREAK_MON | (BRK64_ESR_KPROBES << 5))
> +/* uprobes BRK opcodes with ESR encoding */
> +#define BRK64_ESR_UPROBES 0x0008
> +#define BRK64_OPCODE_UPROBES (AARCH64_BREAK_MON | (BRK64_ESR_UPROBES << 5))
You can use 0x0005 as immediate, we don't need individual bits here.
> --- a/arch/arm64/include/asm/probes.h
> +++ b/arch/arm64/include/asm/probes.h
> @@ -35,4 +35,8 @@ struct arch_specific_insn {
> };
> #endif
>
> +#ifdef CONFIG_UPROBES
> +typedef u32 uprobe_opcode_t;
> +#endif
We don't need #ifdef around this typedef. Also, all the other
architectures seem to have this typedef in asm/uprobes.h.
> --- a/arch/arm64/include/asm/ptrace.h
> +++ b/arch/arm64/include/asm/ptrace.h
> @@ -217,6 +217,14 @@ int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task);
>
> #include <asm-generic/ptrace.h>
>
> +#define procedure_link_pointer(regs) ((regs)->regs[30])
> +
> +static inline void procedure_link_pointer_set(struct pt_regs *regs,
> + unsigned long val)
> +{
> + procedure_link_pointer(regs) = val;
> +}
Do you need these macro and function here? It seems that they are only
used in arch_uretprobe_hijack_return_addr(), so you can just expand them
in there, no need for additional definitions.
> --- a/arch/arm64/include/asm/thread_info.h
> +++ b/arch/arm64/include/asm/thread_info.h
> @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void)
> #define TIF_NEED_RESCHED 1
> #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
> #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */
> +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */
Nitpick: you can just use 4 until we cover this gap.
> --- /dev/null
> +++ b/arch/arm64/include/asm/uprobes.h
> @@ -0,0 +1,37 @@
> +/*
> + * Copyright (C) 2014-2015 Pratyush Anand <pan...@redhat.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> +#ifndef _ASM_UPROBES_H
> +#define _ASM_UPROBES_H
> +
> +#include <asm/debug-monitors.h>
> +#include <asm/insn.h>
> +#include <asm/probes.h>
> +
> +#define MAX_UINSN_BYTES AARCH64_INSN_SIZE
> +
> +#define UPROBE_SWBP_INSN BRK64_OPCODE_UPROBES
> +#define UPROBE_SWBP_INSN_SIZE 4
Nitpick: for consistency, just use AARCH64_INSN_SIZE.
> +#define UPROBE_XOL_SLOT_BYTES MAX_UINSN_BYTES
> +
> +struct arch_uprobe_task {
> + unsigned long saved_fault_code;
> +};
> +
> +struct arch_uprobe {
> + union {
> + u8 insn[MAX_UINSN_BYTES];
> + u8 ixol[MAX_UINSN_BYTES];
> + };
> + struct arch_probe_insn api;
> + bool simulate;
> +};
> +
> +extern void flush_uprobe_xol_access(struct page *page, unsigned long uaddr,
> + void *kaddr, unsigned long len);
I don't think we need this. It doesn't seem to be used anywhere other
than the arm64 uprobes.c file. So I would rather expose
sync_icache_aliases(), similarly to __sync_icache_dcache().
> --- a/arch/arm64/kernel/entry.S
> +++ b/arch/arm64/kernel/entry.S
> @@ -688,7 +688,8 @@ ret_fast_syscall:
> ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing
> and x2, x1, #_TIF_SYSCALL_WORK
> cbnz x2, ret_fast_syscall_trace
> - and x2, x1, #_TIF_WORK_MASK
> + mov x2, #_TIF_WORK_MASK
> + and x2, x1, x2
Is this needed because _TIF_WORK_MASK cannot work as an immediate value
to 'and'? We could reorder the TIF bits, they are not exposed to user to
have ABI implications.
> cbnz x2, work_pending
> enable_step_tsk x1, x2
> kernel_exit 0
> @@ -718,7 +719,8 @@ work_resched:
> ret_to_user:
> disable_irq // disable interrupts
> ldr x1, [tsk, #TI_FLAGS]
> - and x2, x1, #_TIF_WORK_MASK
> + mov x2, #_TIF_WORK_MASK
> + and x2, x1, x2
> cbnz x2, work_pending
> enable_step_tsk x1, x2
> kernel_exit 0
Same here.
> --- /dev/null
> +++ b/arch/arm64/kernel/probes/uprobes.c
> @@ -0,0 +1,227 @@
> +/*
> + * Copyright (C) 2014-2015 Pratyush Anand <pan...@redhat.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +#include <linux/highmem.h>
> +#include <linux/ptrace.h>
> +#include <linux/uprobes.h>
> +
> +#include "decode-insn.h"
> +
> +#define UPROBE_INV_FAULT_CODE UINT_MAX
> +
> +void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr,
> + void *src, unsigned long len)
> +{
> + void *xol_page_kaddr = kmap_atomic(page);
> + void *dst = xol_page_kaddr + (vaddr & ~PAGE_MASK);
> +
> + preempt_disable();
kmap_atomic() already disabled preemption.
> +
> + /* Initialize the slot */
> + memcpy(dst, src, len);
> +
> + /* flush caches (dcache/icache) */
> + flush_uprobe_xol_access(page, vaddr, dst, len);
Just use sync_icache_aliases() here (once exposed in an arm64 header).
> +
> + preempt_enable();
> +
> + kunmap_atomic(xol_page_kaddr);
> +}
> +
> +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs)
> +{
> + return instruction_pointer(regs);
> +}
> +
> +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
> + unsigned long addr)
> +{
> + probe_opcode_t insn;
> +
> + /* TODO: Currently we do not support AARCH32 instruction probing */
Is there a way to check (not necessarily in this file) that we don't
probe 32-bit tasks?
> + if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE))
> + return -EINVAL;
> +
> + insn = *(probe_opcode_t *)(&auprobe->insn[0]);
> +
> + switch (arm_probe_decode_insn(insn, &auprobe->api)) {
> + case INSN_REJECTED:
> + return -EINVAL;
> +
> + case INSN_GOOD_NO_SLOT:
> + auprobe->simulate = true;
> + break;
> +
> + case INSN_GOOD:
> + default:
> + break;
Nitpick, we don't need case INSN_GOOD as well since default would cover
it (that's unless you want to change default to BUG()).
> + }
> +
> + return 0;
> +}
> +
> +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> +{
> + struct uprobe_task *utask = current->utask;
> +
> + /* saved fault code is restored in post_xol */
> + utask->autask.saved_fault_code = current->thread.fault_code;
Does the current->thread.fault_code has any meaning here? We use it in
> +{
> + struct uprobe_task *utask = current->utask;
> +
> + /* saved fault code is restored in post_xol */
> + utask->autask.saved_fault_code = current->thread.fault_code;
the arm64 code when delivering a signal to user but I don't think that's
the case here, we are handling a breakpoint instruction and there isn't
anything that set the fault_code.
> +
> + /* An invalid fault code between pre/post xol event */
> + current->thread.fault_code = UPROBE_INV_FAULT_CODE;
> +
> + /* Instruction point to execute ol */
> + instruction_pointer_set(regs, utask->xol_vaddr);
> +
> + user_enable_single_step(current);
> + return 0;
> +}
> +
> +int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> +{
> + struct uprobe_task *utask = current->utask;
> +
> + WARN_ON_ONCE(current->thread.fault_code != UPROBE_INV_FAULT_CODE);
> + struct uprobe_task *utask = current->utask;
> +
> +
> + /* restore fault code */
> + current->thread.fault_code = utask->autask.saved_fault_code;
Same here, I don't think this needs restoring if it wasn't meaningful in
the first place.
--
Catalin
Pratyush Anand
Sep 21, 2016, 7:01:02 AM9/21/16
to Catalin Marinas, Shi Yang, linux-ar...@lists.infradead.org, li...@arm.linux.org.uk, will....@arm.com, Mark Rutland, sri...@linux.vnet.ibm.com, ol...@redhat.com, Jungseok Lee, vijaya...@caviumnetworks.com, dave...@linaro.org, Vladimir Murzin, steve....@linaro.org, Suzuki K. Poulose, Andre Przywara, Shaokun Zhang, Ashok Kumar, Sandeepa Prabhu, wco...@redhat.com, Ard Biesheuvel, linux-...@vger.kernel.org, James Morse, Masami Hiramatsu, Robin Murphy, Kirill A. Shutemov
Hi Catalin,
Thanks for your review.
On 20/09/2016:05:59:46 PM, Catalin Marinas wrote:
> Hi Pratyush,
>
> On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote:
> > --- a/arch/arm64/include/asm/debug-monitors.h
> > +++ b/arch/arm64/include/asm/debug-monitors.h
> > @@ -70,6 +70,9 @@
> > #define BRK64_ESR_MASK 0xFFFF
> > #define BRK64_ESR_KPROBES 0x0004
> > #define BRK64_OPCODE_KPROBES (AARCH64_BREAK_MON | (BRK64_ESR_KPROBES << 5))
> > +/* uprobes BRK opcodes with ESR encoding */
> > +#define BRK64_ESR_UPROBES 0x0008
> > +#define BRK64_OPCODE_UPROBES (AARCH64_BREAK_MON | (BRK64_ESR_UPROBES << 5))
>
> You can use 0x0005 as immediate, we don't need individual bits here.
OK. will define BRK64_ESR_UPROBES as 0x0005
>
> > --- a/arch/arm64/include/asm/probes.h
> > +++ b/arch/arm64/include/asm/probes.h
> > @@ -35,4 +35,8 @@ struct arch_specific_insn {
> > };
> > #endif
> >
> > +#ifdef CONFIG_UPROBES
> > +typedef u32 uprobe_opcode_t;
> > +#endif
>
> We don't need #ifdef around this typedef. Also, all the other
> architectures seem to have this typedef in asm/uprobes.h.
kprobe_opcode_t was defined here, so I defined it here as well. But yes, it
would be good to move it to asm/uprobes.h to keep in sync with other arch.
>
> > --- a/arch/arm64/include/asm/ptrace.h
> > +++ b/arch/arm64/include/asm/ptrace.h
> > @@ -217,6 +217,14 @@ int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task);
> >
> > #include <asm-generic/ptrace.h>
> >
> > +#define procedure_link_pointer(regs) ((regs)->regs[30])
> > +
> > +static inline void procedure_link_pointer_set(struct pt_regs *regs,
> > + unsigned long val)
> > +{
> > + procedure_link_pointer(regs) = val;
> > +}
>
> Do you need these macro and function here? It seems that they are only
> used in arch_uretprobe_hijack_return_addr(), so you can just expand them
> in there, no need for additional definitions.
I introduced it to keep sync with other register usage like
instruction_pointer_set().
I have used it in uprobe code only, but I think, we can have a patch to modify
following code, which can use them as well.
arch/arm64/kernel/probes/kprobes.c: ri->ret_addr = (kprobe_opcode_t *)regs->regs[30];
arch/arm64/kernel/probes/kprobes.c: regs->regs[30] = (long)&kretprobe_trampoline;
arch/arm64/kernel/process.c: lr = regs->regs[30];
arch/arm64/kernel/signal.c: __put_user_error(regs->regs[30], &sf->lr, err);
arch/arm64/kernel/signal.c: regs->regs[30] = (unsigned long)sigtramp;
>
> > --- a/arch/arm64/include/asm/thread_info.h
> > +++ b/arch/arm64/include/asm/thread_info.h
> > @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void)
> > #define TIF_NEED_RESCHED 1
> > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
> > #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */
> > +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */
>
> Nitpick: you can just use 4 until we cover this gap.
Hummm..as stated in commit log, Shi Yang suggested to define TIF_UPROBE as 5 in
stead of 4, since 4 has already been used in -rt kernel. May be, I can put a
comment in code as well.
Or, keep it 4 and -rt kernel will change their definitions. I am OK with both.
let me know.
>
> > --- /dev/null
> > +++ b/arch/arm64/include/asm/uprobes.h
> > @@ -0,0 +1,37 @@
> > +/*
> > + * Copyright (C) 2014-2015 Pratyush Anand <pan...@redhat.com>
> > + *
> > + * This program is free software; you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License version 2 as
> > + * published by the Free Software Foundation.
> > + */
> > +
> > +#ifndef _ASM_UPROBES_H
> > +#define _ASM_UPROBES_H
> > +
> > +#include <asm/debug-monitors.h>
> > +#include <asm/insn.h>
> > +#include <asm/probes.h>
> > +
> > +#define MAX_UINSN_BYTES AARCH64_INSN_SIZE
> > +
> > +#define UPROBE_SWBP_INSN BRK64_OPCODE_UPROBES
> > +#define UPROBE_SWBP_INSN_SIZE 4
>
> Nitpick: for consistency, just use AARCH64_INSN_SIZE.
OK
>
> > +#define UPROBE_XOL_SLOT_BYTES MAX_UINSN_BYTES
> > +
> > +struct arch_uprobe_task {
> > + unsigned long saved_fault_code;
> > +};
> > +
> > +struct arch_uprobe {
> > + union {
> > + u8 insn[MAX_UINSN_BYTES];
> > + u8 ixol[MAX_UINSN_BYTES];
> > + };
> > + struct arch_probe_insn api;
> > + bool simulate;
> > +};
> > +
> > +extern void flush_uprobe_xol_access(struct page *page, unsigned long uaddr,
> > + void *kaddr, unsigned long len);
>
> I don't think we need this. It doesn't seem to be used anywhere other
> than the arm64 uprobes.c file. So I would rather expose
> sync_icache_aliases(), similarly to __sync_icache_dcache().
OK.
>
> > --- a/arch/arm64/kernel/entry.S
> > +++ b/arch/arm64/kernel/entry.S
> > @@ -688,7 +688,8 @@ ret_fast_syscall:
> > ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing
> > and x2, x1, #_TIF_SYSCALL_WORK
> > cbnz x2, ret_fast_syscall_trace
> > - and x2, x1, #_TIF_WORK_MASK
> > + mov x2, #_TIF_WORK_MASK
> > + and x2, x1, x2
>
> Is this needed because _TIF_WORK_MASK cannot work as an immediate value
> to 'and'? We could reorder the TIF bits, they are not exposed to user to
> have ABI implications.
_TIF_WORK_MASK is defined as follows:
#define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \
_TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \
_TIF_UPROBE)
Re-ordering will not help, because 0-3 have already been used by previous
definitions. Only way to use immediate value could be if, TIF_UPROBE is defined
as 4.
Yes..will remove.
>
> > +
> > + /* Initialize the slot */
> > + memcpy(dst, src, len);
> > +
> > + /* flush caches (dcache/icache) */
> > + flush_uprobe_xol_access(page, vaddr, dst, len);
>
> Just use sync_icache_aliases() here (once exposed in an arm64 header).
OK.
>
> > +
> > + preempt_enable();
> > +
> > + kunmap_atomic(xol_page_kaddr);
> > +}
> > +
> > +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs)
> > +{
> > + return instruction_pointer(regs);
> > +}
> > +
> > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
> > + unsigned long addr)
> > +{
> > + probe_opcode_t insn;
> > +
> > + /* TODO: Currently we do not support AARCH32 instruction probing */
>
> Is there a way to check (not necessarily in this file) that we don't
> probe 32-bit tasks?
- Well, I do not have complete idea about it that, how it can be done. I think
we can not check that just by looking a single bit in an instruction.
My understanding is that, we can only know about it when we are executing the
instruction, by reading pstate, but that would not be useful for uprobe
instruction analysis.
I hope, instruction encoding for aarch32 and aarch64 are different, and by
analyzing for all types of aarch32 instructions, we will be able to decide
that whether instruction is 32 bit trace-able or not. Accordingly, we can use
either BRK or BKPT instruction for breakpoint generation.
>
> > + if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE))
> > + return -EINVAL;
> > +
> > + insn = *(probe_opcode_t *)(&auprobe->insn[0]);
> > +
> > + switch (arm_probe_decode_insn(insn, &auprobe->api)) {
> > + case INSN_REJECTED:
> > + return -EINVAL;
> > +
> > + case INSN_GOOD_NO_SLOT:
> > + auprobe->simulate = true;
> > + break;
> > +
> > + case INSN_GOOD:
> > + default:
> > + break;
>
> Nitpick, we don't need case INSN_GOOD as well since default would cover
> it (that's unless you want to change default to BUG()).
we will not have other than these 3, so need to introduce BUG(). I will remove
INSN_GOOD.
>
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> > +{
> > + struct uprobe_task *utask = current->utask;
> > +
> > + /* saved fault code is restored in post_xol */
> > + utask->autask.saved_fault_code = current->thread.fault_code;
>
> Does the current->thread.fault_code has any meaning here? We use it in
> the arm64 code when delivering a signal to user but I don't think that's
> the case here, we are handling a breakpoint instruction and there isn't
> anything that set the fault_code.
Correct, they will just having garbage values. will remove.
>
> > +
> > + /* An invalid fault code between pre/post xol event */
> > + current->thread.fault_code = UPROBE_INV_FAULT_CODE;
> > +
> > + /* Instruction point to execute ol */
> > + instruction_pointer_set(regs, utask->xol_vaddr);
> > +
> > + user_enable_single_step(current);
> > +
> > + return 0;
> > +}
> > +
> > +int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> > +{
> > + struct uprobe_task *utask = current->utask;
> > +
> > + WARN_ON_ONCE(current->thread.fault_code != UPROBE_INV_FAULT_CODE);
> > +
> > + /* restore fault code */
> > + current->thread.fault_code = utask->autask.saved_fault_code;
>
> Same here, I don't think this needs restoring if it wasn't meaningful in
> the first place.
OK.
~Pratyush
Thanks for your review.
On 20/09/2016:05:59:46 PM, Catalin Marinas wrote:
> Hi Pratyush,
>
> On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote:
> > --- a/arch/arm64/include/asm/debug-monitors.h
> > +++ b/arch/arm64/include/asm/debug-monitors.h
> > @@ -70,6 +70,9 @@
> > #define BRK64_ESR_MASK 0xFFFF
> > #define BRK64_ESR_KPROBES 0x0004
> > #define BRK64_OPCODE_KPROBES (AARCH64_BREAK_MON | (BRK64_ESR_KPROBES << 5))
> > +/* uprobes BRK opcodes with ESR encoding */
> > +#define BRK64_ESR_UPROBES 0x0008
> > +#define BRK64_OPCODE_UPROBES (AARCH64_BREAK_MON | (BRK64_ESR_UPROBES << 5))
>
> You can use 0x0005 as immediate, we don't need individual bits here.
>
> > --- a/arch/arm64/include/asm/probes.h
> > +++ b/arch/arm64/include/asm/probes.h
> > @@ -35,4 +35,8 @@ struct arch_specific_insn {
> > };
> > #endif
> >
> > +#ifdef CONFIG_UPROBES
> > +typedef u32 uprobe_opcode_t;
> > +#endif
>
> We don't need #ifdef around this typedef. Also, all the other
> architectures seem to have this typedef in asm/uprobes.h.
would be good to move it to asm/uprobes.h to keep in sync with other arch.
>
> > --- a/arch/arm64/include/asm/ptrace.h
> > +++ b/arch/arm64/include/asm/ptrace.h
> > @@ -217,6 +217,14 @@ int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task);
> >
> > #include <asm-generic/ptrace.h>
> >
> > +#define procedure_link_pointer(regs) ((regs)->regs[30])
> > +
> > +static inline void procedure_link_pointer_set(struct pt_regs *regs,
> > + unsigned long val)
> > +{
> > + procedure_link_pointer(regs) = val;
> > +}
>
> Do you need these macro and function here? It seems that they are only
> used in arch_uretprobe_hijack_return_addr(), so you can just expand them
> in there, no need for additional definitions.
instruction_pointer_set().
I have used it in uprobe code only, but I think, we can have a patch to modify
following code, which can use them as well.
arch/arm64/kernel/probes/kprobes.c: ri->ret_addr = (kprobe_opcode_t *)regs->regs[30];
arch/arm64/kernel/probes/kprobes.c: regs->regs[30] = (long)&kretprobe_trampoline;
arch/arm64/kernel/process.c: lr = regs->regs[30];
arch/arm64/kernel/signal.c: __put_user_error(regs->regs[30], &sf->lr, err);
arch/arm64/kernel/signal.c: regs->regs[30] = (unsigned long)sigtramp;
>
> > --- a/arch/arm64/include/asm/thread_info.h
> > +++ b/arch/arm64/include/asm/thread_info.h
> > @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void)
> > #define TIF_NEED_RESCHED 1
> > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
> > #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */
> > +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */
>
> Nitpick: you can just use 4 until we cover this gap.
stead of 4, since 4 has already been used in -rt kernel. May be, I can put a
comment in code as well.
Or, keep it 4 and -rt kernel will change their definitions. I am OK with both.
let me know.
>
> > --- /dev/null
> > +++ b/arch/arm64/include/asm/uprobes.h
> > @@ -0,0 +1,37 @@
> > +/*
> > + * Copyright (C) 2014-2015 Pratyush Anand <pan...@redhat.com>
> > + *
> > + * This program is free software; you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License version 2 as
> > + * published by the Free Software Foundation.
> > + */
> > +
> > +#ifndef _ASM_UPROBES_H
> > +#define _ASM_UPROBES_H
> > +
> > +#include <asm/debug-monitors.h>
> > +#include <asm/insn.h>
> > +#include <asm/probes.h>
> > +
> > +#define MAX_UINSN_BYTES AARCH64_INSN_SIZE
> > +
> > +#define UPROBE_SWBP_INSN BRK64_OPCODE_UPROBES
> > +#define UPROBE_SWBP_INSN_SIZE 4
>
> Nitpick: for consistency, just use AARCH64_INSN_SIZE.
>
> > +#define UPROBE_XOL_SLOT_BYTES MAX_UINSN_BYTES
> > +
> > +struct arch_uprobe_task {
> > + unsigned long saved_fault_code;
> > +};
> > +
> > +struct arch_uprobe {
> > + union {
> > + u8 insn[MAX_UINSN_BYTES];
> > + u8 ixol[MAX_UINSN_BYTES];
> > + };
> > + struct arch_probe_insn api;
> > + bool simulate;
> > +};
> > +
> > +extern void flush_uprobe_xol_access(struct page *page, unsigned long uaddr,
> > + void *kaddr, unsigned long len);
>
> I don't think we need this. It doesn't seem to be used anywhere other
> than the arm64 uprobes.c file. So I would rather expose
> sync_icache_aliases(), similarly to __sync_icache_dcache().
>
> > --- a/arch/arm64/kernel/entry.S
> > +++ b/arch/arm64/kernel/entry.S
> > @@ -688,7 +688,8 @@ ret_fast_syscall:
> > ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing
> > and x2, x1, #_TIF_SYSCALL_WORK
> > cbnz x2, ret_fast_syscall_trace
> > - and x2, x1, #_TIF_WORK_MASK
> > + mov x2, #_TIF_WORK_MASK
> > + and x2, x1, x2
>
> Is this needed because _TIF_WORK_MASK cannot work as an immediate value
> to 'and'? We could reorder the TIF bits, they are not exposed to user to
> have ABI implications.
#define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \
_TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \
_TIF_UPROBE)
Re-ordering will not help, because 0-3 have already been used by previous
definitions. Only way to use immediate value could be if, TIF_UPROBE is defined
as 4.
>
> > +
> > + /* Initialize the slot */
> > + memcpy(dst, src, len);
> > +
> > + /* flush caches (dcache/icache) */
> > + flush_uprobe_xol_access(page, vaddr, dst, len);
>
> Just use sync_icache_aliases() here (once exposed in an arm64 header).
>
> > +
> > + preempt_enable();
> > +
> > + kunmap_atomic(xol_page_kaddr);
> > +}
> > +
> > +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs)
> > +{
> > + return instruction_pointer(regs);
> > +}
> > +
> > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
> > + unsigned long addr)
> > +{
> > + probe_opcode_t insn;
> > +
> > + /* TODO: Currently we do not support AARCH32 instruction probing */
>
> Is there a way to check (not necessarily in this file) that we don't
> probe 32-bit tasks?
we can not check that just by looking a single bit in an instruction.
My understanding is that, we can only know about it when we are executing the
instruction, by reading pstate, but that would not be useful for uprobe
instruction analysis.
I hope, instruction encoding for aarch32 and aarch64 are different, and by
analyzing for all types of aarch32 instructions, we will be able to decide
that whether instruction is 32 bit trace-able or not. Accordingly, we can use
either BRK or BKPT instruction for breakpoint generation.
>
> > + if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE))
> > + return -EINVAL;
> > +
> > + insn = *(probe_opcode_t *)(&auprobe->insn[0]);
> > +
> > + switch (arm_probe_decode_insn(insn, &auprobe->api)) {
> > + case INSN_REJECTED:
> > + return -EINVAL;
> > +
> > + case INSN_GOOD_NO_SLOT:
> > + auprobe->simulate = true;
> > + break;
> > +
> > + case INSN_GOOD:
> > + default:
> > + break;
>
> Nitpick, we don't need case INSN_GOOD as well since default would cover
> it (that's unless you want to change default to BUG()).
INSN_GOOD.
>
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> > +{
> > + struct uprobe_task *utask = current->utask;
> > +
> > + /* saved fault code is restored in post_xol */
> > + utask->autask.saved_fault_code = current->thread.fault_code;
>
> Does the current->thread.fault_code has any meaning here? We use it in
> the arm64 code when delivering a signal to user but I don't think that's
> the case here, we are handling a breakpoint instruction and there isn't
> anything that set the fault_code.
>
> > +
> > + /* An invalid fault code between pre/post xol event */
> > + current->thread.fault_code = UPROBE_INV_FAULT_CODE;
> > +
> > + /* Instruction point to execute ol */
> > + instruction_pointer_set(regs, utask->xol_vaddr);
> > +
> > + user_enable_single_step(current);
> > +
> > + return 0;
> > +}
> > +
> > +int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
> > +{
> > + struct uprobe_task *utask = current->utask;
> > +
> > + WARN_ON_ONCE(current->thread.fault_code != UPROBE_INV_FAULT_CODE);
> > +
> > + /* restore fault code */
> > + current->thread.fault_code = utask->autask.saved_fault_code;
>
> Same here, I don't think this needs restoring if it wasn't meaningful in
> the first place.
~Pratyush
Catalin Marinas
Sep 21, 2016, 1:04:26 PM9/21/16
to Pratyush Anand, Shi Yang, Mark Rutland, sri...@linux.vnet.ibm.com, will....@arm.com, linux-...@vger.kernel.org, Vladimir Murzin, li...@arm.linux.org.uk, vijaya...@caviumnetworks.com, dave...@linaro.org, Jungseok Lee, steve....@linaro.org, Suzuki K. Poulose, Andre Przywara, Shaokun Zhang, Ashok Kumar, Sandeepa Prabhu, wco...@redhat.com, linux-ar...@lists.infradead.org, Ard Biesheuvel, ol...@redhat.com, James Morse, Masami Hiramatsu, Robin Murphy, Kirill A. Shutemov
On Wed, Sep 21, 2016 at 04:30:47PM +0530, Pratyush Anand wrote:
> On 20/09/2016:05:59:46 PM, Catalin Marinas wrote:
> > On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote:
> > > --- a/arch/arm64/include/asm/thread_info.h
> > > +++ b/arch/arm64/include/asm/thread_info.h
> > > @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void)
> > > #define TIF_NEED_RESCHED 1
> > > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
> > > #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */
> > > +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */
> >
> > Nitpick: you can just use 4 until we cover this gap.
>
> Hummm..as stated in commit log, Shi Yang suggested to define TIF_UPROBE as 5 in
> stead of 4, since 4 has already been used in -rt kernel. May be, I can put a
> comment in code as well.
> Or, keep it 4 and -rt kernel will change their definitions. I am OK with both.
> let me know.
I forgot about the -rt kernel. I guess the -rt guys need to rebase the
> On 20/09/2016:05:59:46 PM, Catalin Marinas wrote:
> > On Tue, Aug 02, 2016 at 11:00:09AM +0530, Pratyush Anand wrote:
> > > --- a/arch/arm64/include/asm/thread_info.h
> > > +++ b/arch/arm64/include/asm/thread_info.h
> > > @@ -109,6 +109,7 @@ static inline struct thread_info *current_thread_info(void)
> > > #define TIF_NEED_RESCHED 1
> > > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
> > > #define TIF_FOREIGN_FPSTATE 3 /* CPU's FP state is not current's */
> > > +#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */
> >
> > Nitpick: you can just use 4 until we cover this gap.
>
> Hummm..as stated in commit log, Shi Yang suggested to define TIF_UPROBE as 5 in
> stead of 4, since 4 has already been used in -rt kernel. May be, I can put a
> comment in code as well.
> Or, keep it 4 and -rt kernel will change their definitions. I am OK with both.
> let me know.
patches anyway on top of mainline, so it's just a matter of sorting out
a minor conflict (as I already said, these bits are internal to the
kernel, so no ABI affected). For now, just use 4 so that we avoid
additional asm changes.
> > > --- a/arch/arm64/kernel/entry.S
> > > +++ b/arch/arm64/kernel/entry.S
> > > @@ -688,7 +688,8 @@ ret_fast_syscall:
> > > ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing
> > > and x2, x1, #_TIF_SYSCALL_WORK
> > > cbnz x2, ret_fast_syscall_trace
> > > - and x2, x1, #_TIF_WORK_MASK
> > > + mov x2, #_TIF_WORK_MASK
> > > + and x2, x1, x2
> >
> > Is this needed because _TIF_WORK_MASK cannot work as an immediate value
> > to 'and'? We could reorder the TIF bits, they are not exposed to user to
> > have ABI implications.
>
> _TIF_WORK_MASK is defined as follows:
>
> #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \
> _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \
> _TIF_UPROBE)
> Re-ordering will not help, because 0-3 have already been used by previous
> definitions. Only way to use immediate value could be if, TIF_UPROBE is defined
> as 4.
> > > +unsigned long uprobe_get_swbp_addr(struct pt_regs *regs)
> > > +{
> > > + return instruction_pointer(regs);
> > > +}
> > > +
> > > +int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
> > > + unsigned long addr)
> > > +{
> > > + probe_opcode_t insn;
> > > +
> > > + /* TODO: Currently we do not support AARCH32 instruction probing */
> >
> > Is there a way to check (not necessarily in this file) that we don't
> > probe 32-bit tasks?
>
> - Well, I do not have complete idea about it that, how it can be done. I think
> we can not check that just by looking a single bit in an instruction.
> My understanding is that, we can only know about it when we are executing the
> instruction, by reading pstate, but that would not be useful for uprobe
> instruction analysis.
>
> I hope, instruction encoding for aarch32 and aarch64 are different, and by
> analyzing for all types of aarch32 instructions, we will be able to decide
> that whether instruction is 32 bit trace-able or not. Accordingly, we can use
> either BRK or BKPT instruction for breakpoint generation.
haven't checked. I was more thinking about whether we know which task is
being probed and check is_compat_task() or maybe using
compat_user_mode(regs).
--
Catalin
Pratyush Anand
Sep 21, 2016, 11:23:40 PM9/21/16
to Catalin Marinas, Shi Yang, Mark Rutland, sri...@linux.vnet.ibm.com, will....@arm.com, linux-...@vger.kernel.org, Vladimir Murzin, li...@arm.linux.org.uk, vijaya...@caviumnetworks.com, dave...@linaro.org, Jungseok Lee, steve....@linaro.org, Suzuki K. Poulose, Andre Przywara, Shaokun Zhang, Ashok Kumar, Sandeepa Prabhu, wco...@redhat.com, linux-ar...@lists.infradead.org, Ard Biesheuvel, ol...@redhat.com, James Morse, Masami Hiramatsu, Robin Murphy, Kirill A. Shutemov
when we enable uprobes. For example: Lets say we are inserting a trace probe at
offset 0x690 in a executable binary.
echo "p test:0x690" > /sys/kernel/debug/tracing/uprobe_events
echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable
In the 'enable' step, it is decided that whether instruction is traceable or
not.
(1) But at this point 'test' executable might not be running.
(2) Even if it is running, is_compat_task() or compat_user_mode() might not be
usable, as they work with 'current' task.
What I was thinking that, let it go with 'TODO' as of now.
Later on, we propose some changes in core layer, so that we can read the elf
headers of executable binary. ELFCLASS will be able to tell us, whether its a 32
bit or 64 bit executable. I think, moving "struct uprobe" from
kernel/events/uprobes.c to a include/linux header file will do the job. "struct
arch_uprobe" is part of "struct uprobe". "struct arch_uprobe" is passed in
arch_uprobe_analyze_insn(). So, we can access struct uprobe's "inode" element
with this change.
~Pratyush
Catalin Marinas
Sep 22, 2016, 12:50:46 PM9/22/16
to Pratyush Anand, Mark Rutland, sri...@linux.vnet.ibm.com, will....@arm.com, ol...@redhat.com, Jungseok Lee, li...@arm.linux.org.uk, vijaya...@caviumnetworks.com, dave...@linaro.org, Shi Yang, Vladimir Murzin, steve....@linaro.org, Suzuki K. Poulose, Andre Przywara, Shaokun Zhang, Ashok Kumar, Sandeepa Prabhu, wco...@redhat.com, linux-ar...@lists.infradead.org, Ard Biesheuvel, linux-...@vger.kernel.org, James Morse, Masami Hiramatsu, Robin Murphy, Kirill A. Shutemov
instruction that's not even compatible with the task (so it would
SIGILL rather than generate a debug exception).
> What I was thinking that, let it go with 'TODO' as of now.
As a quick workaround you could check mm->task_size > TASK_SIZE_32 in
the arch_uprobe_analyze_insn() function.
> Later on, we propose some changes in core layer, so that we can read the elf
> headers of executable binary. ELFCLASS will be able to tell us, whether its a 32
> bit or 64 bit executable. I think, moving "struct uprobe" from
> kernel/events/uprobes.c to a include/linux header file will do the job. "struct
> arch_uprobe" is part of "struct uprobe". "struct arch_uprobe" is passed in
> arch_uprobe_analyze_insn(). So, we can access struct uprobe's "inode" element
> with this change.
currently help much since all the members of this structure point to
static functions. Maybe an enum in struct linux_binfmt with format types
exposed to the rest of the kernel?
--
Catalin
Pratyush Anand
Sep 23, 2016, 12:12:51 AM9/23/16
to Catalin Marinas, Mark Rutland, sri...@linux.vnet.ibm.com, will....@arm.com, ol...@redhat.com, Jungseok Lee, li...@arm.linux.org.uk, vijaya...@caviumnetworks.com, dave...@linaro.org, Shi Yang, Vladimir Murzin, steve....@linaro.org, Suzuki K. Poulose, Andre Przywara, Shaokun Zhang, Ashok Kumar, Sandeepa Prabhu, wco...@redhat.com, linux-ar...@lists.infradead.org, Ard Biesheuvel, linux-...@vger.kernel.org, James Morse, Masami Hiramatsu, Robin Murphy, Kirill A. Shutemov
arch_uprobe_analyze_insn() is not called while uprobes enabling (ie writing '1'
to 'enable'). In that case, it is called when binary is executed and task is
created.
> > (2) Even if it is running, is_compat_task() or compat_user_mode() might not be
> > usable, as they work with 'current' task.
>
> What I find strange is that uprobes allows you to insert a breakpoint
> instruction that's not even compatible with the task (so it would
> SIGILL rather than generate a debug exception).
>
> > What I was thinking that, let it go with 'TODO' as of now.
>
> Only that I don't have any guarantee that someone is going to fix it ;).
>
> As a quick workaround you could check mm->task_size > TASK_SIZE_32 in
> the arch_uprobe_analyze_insn() function.
return -EINVAL when mm->task_size < TASK_SIZE_64.
Thanks for your input.
~Pratyush
Catalin Marinas
Sep 23, 2016, 9:06:59 AM9/23/16
to Pratyush Anand, Mark Rutland, sri...@linux.vnet.ibm.com, will....@arm.com, linux-...@vger.kernel.org, Vladimir Murzin, li...@arm.linux.org.uk, vijaya...@caviumnetworks.com, dave...@linaro.org, Shi Yang, Jungseok Lee, steve....@linaro.org, Suzuki K. Poulose, Andre Przywara, Shaokun Zhang, Ashok Kumar, Sandeepa Prabhu, wco...@redhat.com, linux-ar...@lists.infradead.org, Ard Biesheuvel, ol...@redhat.com, James Morse, Masami Hiramatsu, Robin Murphy, Kirill A. Shutemov
instruction from memory, so that won't be possible until at least the
executable file has an address_space in the kernel. What's not clear to
me is how early this is done, do we have the mm_struct fully populated?
> > > (2) Even if it is running, is_compat_task() or compat_user_mode() might not be
> > > usable, as they work with 'current' task.
> >
> > What I find strange is that uprobes allows you to insert a breakpoint
> > instruction that's not even compatible with the task (so it would
> > SIGILL rather than generate a debug exception).
> >
> > > What I was thinking that, let it go with 'TODO' as of now.
> >
> > Only that I don't have any guarantee that someone is going to fix it ;).
> >
> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in
> > the arch_uprobe_analyze_insn() function.
>
> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can
> return -EINVAL when mm->task_size < TASK_SIZE_64.
would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32).
Looking at prepare_uprobe(), we have a weak is_trap_insn() function.
This check is meaningless without knowing which instruction set we
target. A false positive here, however, is not that bad as we wouldn't
end up inserting the wrong breakpoint in the executable. But it looks to
me like the core uprobe code needs to pass some additional information
like the type of task or ELF format to the arch code to make a useful
choice of breakpoint type.
--
Catalin
Pratyush Anand
Sep 25, 2016, 1:03:11 PM9/25/16
to Catalin Marinas
On Fri, Sep 23, 2016 at 6:35 PM, Catalin Marinas
<catalin...@arm.com> wrote:
> On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote:
>> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote:
>> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote:
>> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote:
>> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in
>> > the arch_uprobe_analyze_insn() function.
>>
>> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can
>> return -EINVAL when mm->task_size < TASK_SIZE_64.
>
> That's just a temporary workaround. If we ever merge ILP32, this test
> would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32).
OK.. So what about doing something similar what x86 is doing.
<catalin...@arm.com> wrote:
> On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote:
>> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote:
>> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote:
>> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote:
>> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in
>> > the arch_uprobe_analyze_insn() function.
>>
>> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can
>> return -EINVAL when mm->task_size < TASK_SIZE_64.
>
> That's just a temporary workaround. If we ever merge ILP32, this test
> would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32).
We can have a flag for task Type in arch specific mm_context_t. We
also set this flag in COMPAT_SET_PERSONALITY() along with setting
thread_info flag, and we clear them in SET_PERSONALITY().
>
> Looking at prepare_uprobe(), we have a weak is_trap_insn() function.
> This check is meaningless without knowing which instruction set we
> target. A false positive here, however, is not that bad as we wouldn't
> end up inserting the wrong breakpoint in the executable. But it looks to
> me like the core uprobe code needs to pass some additional information
> like the type of task or ELF format to the arch code to make a useful
> choice of breakpoint type.
aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too
seems a bad instruction. So, may be we can use still weak
is_trap_insn().
~Pratyush
Catalin Marinas
Sep 26, 2016, 7:02:19 AM9/26/16
to Pratyush Anand
On Sun, Sep 25, 2016 at 10:32:28PM +0530, Pratyush Anand wrote:
> On Fri, Sep 23, 2016 at 6:35 PM, Catalin Marinas
> <catalin...@arm.com> wrote:
> > On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote:
> >> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote:
> >> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote:
> >> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote:
>
> >> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in
> >> > the arch_uprobe_analyze_insn() function.
> >>
> >> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can
> >> return -EINVAL when mm->task_size < TASK_SIZE_64.
> >
> > That's just a temporary workaround. If we ever merge ILP32, this test
> > would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32).
>
> OK.. So what about doing something similar what x86 is doing.
> We can have a flag for task Type in arch specific mm_context_t. We
> also set this flag in COMPAT_SET_PERSONALITY() along with setting
> thread_info flag, and we clear them in SET_PERSONALITY().
This looks like a better approach.
> On Fri, Sep 23, 2016 at 6:35 PM, Catalin Marinas
> <catalin...@arm.com> wrote:
> > On Fri, Sep 23, 2016 at 09:42:30AM +0530, Pratyush Anand wrote:
> >> On 22/09/2016:05:50:30 PM, Catalin Marinas wrote:
> >> > On Thu, Sep 22, 2016 at 08:53:28AM +0530, Pratyush Anand wrote:
> >> > > On 21/09/2016:06:04:04 PM, Catalin Marinas wrote:
>
> >> > As a quick workaround you could check mm->task_size > TASK_SIZE_32 in
> >> > the arch_uprobe_analyze_insn() function.
> >>
> >> It would be doable. TASK_SIZE_32 is defined only for COMPAT. So, may be I can
> >> return -EINVAL when mm->task_size < TASK_SIZE_64.
> >
> > That's just a temporary workaround. If we ever merge ILP32, this test
> > would no longer be enough (as the ISA is AArch64 but with TASK_SIZE_32).
>
> OK.. So what about doing something similar what x86 is doing.
> We can have a flag for task Type in arch specific mm_context_t. We
> also set this flag in COMPAT_SET_PERSONALITY() along with setting
> thread_info flag, and we clear them in SET_PERSONALITY().
> > Looking at prepare_uprobe(), we have a weak is_trap_insn() function.
> > This check is meaningless without knowing which instruction set we
> > target. A false positive here, however, is not that bad as we wouldn't
> > end up inserting the wrong breakpoint in the executable. But it looks to
> > me like the core uprobe code needs to pass some additional information
> > like the type of task or ELF format to the arch code to make a useful
> > choice of breakpoint type.
>
> It seems that 'strtle r0, [r0], #160' would have the closest matching
> aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too
> seems a bad instruction. So, may be we can use still weak
> is_trap_insn().
arch_uprobe_analyze_insn() immediately after based on the mm type check,
so not too bad.
If we add support for probing 32-bit tasks, I would rather have
is_trap_insn() take the mm_struct as argument so that a non-weak
implementation can check for the correct encoding.
--
Catalin
Pratyush Anand
Sep 26, 2016, 9:04:13 AM9/26/16
to Catalin Marinas
>
> If we add support for probing 32-bit tasks, I would rather have
> is_trap_insn() take the mm_struct as argument so that a non-weak
> implementation can check for the correct encoding.
in is_swbp_insn(). We would also need to have arm64 specific set_swbp().
Thanks for all your input. It was helpful. I will send V2 soon.
~Pratyush
Pratyush Anand
Sep 27, 2016, 3:44:07 AM9/27/16
to linux-ar...@lists.infradead.org, catalin...@arm.com, li...@arm.linux.org.uk, will....@arm.com, linux-...@vger.kernel.org, wco...@redhat.com, ol...@redhat.com, dave...@redhat.com, steve....@linaro.org, sri...@linux.vnet.ibm.com, vijaya...@caviumnetworks.com, pan...@redhat.com
Changes since v1:
* Exposed sync_icache_aliases() and used that in stead of flush_uprobe_xol_access()
* Assigned 0x0005 to BRK64_ESR_UPROBES in stead of 0x0008
* moved uprobe_opcode_t from probes.h to uprobes.h
* Assigned 4 to TIF_UPROBE instead of 5
* Assigned AARCH64_INSN_SIZE to UPROBE_SWBP_INSN_SIZE instead of hard code 4.
* Removed saved_fault_code from struct arch_uprobe_task
* Removed preempt_dis(en)able() from arch_uprobe_copy_ixol()
* Removed case INSN_GOOD from arch_uprobe_analyze_insn()
* Now we do check that probe point is not for a 32 bit task.
* Return a false positive from is_tarp_insn()
* Changes for rebase conflict resolution
V1 was here: https://lkml.org/lkml/2016/8/2/29
Patches have been rebased on next-20160927, so that there would be no
conflicts with other arm64/for-next/core patches.
Patches have been tested for following:
Pratyush Anand (6):
arch/arm64/include/asm/debug-monitors.h | 3 +
arch/arm64/include/asm/elf.h | 12 +-
arch/arm64/include/asm/mmu.h | 1 +
arch/arm64/include/asm/probes.h | 19 +--
arch/arm64/kernel/debug-monitors.c | 40 +++---
arch/arm64/kernel/probes/decode-insn.h | 8 +-
arch/arm64/kernel/probes/kprobes.c | 36 +++---
arch/arm64/kernel/probes/uprobes.c | 221 ++++++++++++++++++++++++++++++++
arch/arm64/kernel/signal.c | 3 +
arch/arm64/mm/flush.c | 2 +-
18 files changed, 371 insertions(+), 64 deletions(-)
* Exposed sync_icache_aliases() and used that in stead of flush_uprobe_xol_access()
* Assigned 0x0005 to BRK64_ESR_UPROBES in stead of 0x0008
* moved uprobe_opcode_t from probes.h to uprobes.h
* Assigned 4 to TIF_UPROBE instead of 5
* Assigned AARCH64_INSN_SIZE to UPROBE_SWBP_INSN_SIZE instead of hard code 4.
* Removed saved_fault_code from struct arch_uprobe_task
* Removed preempt_dis(en)able() from arch_uprobe_copy_ixol()
* Removed case INSN_GOOD from arch_uprobe_analyze_insn()
* Now we do check that probe point is not for a 32 bit task.
* Return a false positive from is_tarp_insn()
* Changes for rebase conflict resolution
V1 was here: https://lkml.org/lkml/2016/8/2/29
Patches have been rebased on next-20160927, so that there would be no
conflicts with other arm64/for-next/core patches.
Patches have been tested for following:
1. Step-able instructions, like sub, ldr, add etc.
2. Simulation-able like ret, cbnz, cbz etc.
3. uretprobe
4. Reject-able instructions like sev, wfe etc.
5. trapped and abort xol path
6. probe at unaligned user address.
7. longjump test cases
aarch32 task probing is not yet supported.
2. Simulation-able like ret, cbnz, cbz etc.
3. uretprobe
4. Reject-able instructions like sev, wfe etc.
5. trapped and abort xol path
6. probe at unaligned user address.
7. longjump test cases
Pratyush Anand (6):
arm64: kprobe: protect/rename few definitions to be reused by uprobe
arm64: kgdb_step_brk_fn: ignore other's exception
arm64: Handle TRAP_TRACE for user mode as well
arm64: kgdb_step_brk_fn: ignore other's exception
arm64: Handle TRAP_BRKPT for user mode as well
arm64: introduce mm context flag to keep 32 bit task information
arm64: Add uprobe support
arch/arm64/Kconfig | 3 +
arch/arm64/include/asm/cacheflush.h | 1 +
arch/arm64/Kconfig | 3 +
arch/arm64/include/asm/debug-monitors.h | 3 +
arch/arm64/include/asm/elf.h | 12 +-
arch/arm64/include/asm/mmu.h | 1 +
arch/arm64/include/asm/probes.h | 19 +--
arch/arm64/include/asm/ptrace.h | 8 ++
arch/arm64/include/asm/thread_info.h | 5 +-
arch/arm64/include/asm/uprobes.h | 36 ++++++
arch/arm64/include/asm/thread_info.h | 5 +-
arch/arm64/kernel/debug-monitors.c | 40 +++---
arch/arm64/kernel/kgdb.c | 3 +
arch/arm64/kernel/probes/Makefile | 2 +
arch/arm64/kernel/probes/decode-insn.c | 32 ++---
arch/arm64/kernel/probes/Makefile | 2 +
arch/arm64/kernel/probes/decode-insn.h | 8 +-
arch/arm64/kernel/probes/kprobes.c | 36 +++---
arch/arm64/kernel/probes/uprobes.c | 221 ++++++++++++++++++++++++++++++++
arch/arm64/kernel/signal.c | 3 +
arch/arm64/mm/flush.c | 2 +-
18 files changed, 371 insertions(+), 64 deletions(-)
create mode 100644 arch/arm64/include/asm/uprobes.h
create mode 100644 arch/arm64/kernel/probes/uprobes.c
--
2.7.4
create mode 100644 arch/arm64/kernel/probes/uprobes.c
--
Catalin Marinas
Sep 27, 2016, 9:51:53 AM9/27/16
to Pratyush Anand
useful on arm64. The problem gets trickier when we add AArch32 support
as it may return 'true' on an AArch32 instruction that matches the
AArch64 BRK (or vice-versa). That's when we need to either pass the mm
to is_trap_insn() or simply return false and always perform the check in
the arch_uprobe_analyze_insn() (which should, in addition, check for the
trap instruction).
There is also the is_trap_at_addr() function which uses is_trap_insn().
I haven't checked the call paths here, are there any implications if
is_trap_insn() always returns false?
--
Catalin
Pratyush Anand
Sep 27, 2016, 11:04:23 AM9/27/16
to Catalin Marinas
On Tuesday 27 September 2016 07:21 PM, Catalin Marinas wrote:
>>>>> Looking at prepare_uprobe(), we have a weak is_trap_insn() function.
>>>>> > > > > This check is meaningless without knowing which instruction set we
>>>>> > > > > target. A false positive here, however, is not that bad as we wouldn't
>>>>> > > > > end up inserting the wrong breakpoint in the executable. But it looks to
>>>>> > > > > me like the core uprobe code needs to pass some additional information
>>>>> > > > > like the type of task or ELF format to the arch code to make a useful
>>>>> > > > > choice of breakpoint type.
>>>> > > >
>>>> > > > It seems that 'strtle r0, [r0], #160' would have the closest matching
>>>> > > > aarch32 instruction wrt BRK64_OPCODE_UPROBES(0xd42000A0). But that too
>>>> > > > seems a bad instruction. So, may be we can use still weak
>>>> > > > is_trap_insn().
>>> > >
>>> > > Even if the is_trap_insn() check passes, we would reject the probe in
>>> > > arch_uprobe_analyze_insn() immediately after based on the mm type check,
>>> > > so not too bad.
>> >
>> > OK..I will have an always returning false from arm64 is_trap_insn() in v2.
> For the time being, I think the default is_trap_insn() check is still
> useful on arm64.
> The problem gets trickier when we add AArch32 support
> as it may return 'true' on an AArch32 instruction that matches the
> AArch64 BRK (or vice-versa). That's when we need to either pass the mm
> to is_trap_insn() or simply return false and always perform the check in
> the arch_uprobe_analyze_insn() (which should, in addition, check for the
> trap instruction).
aarch32 task tracing.
>
> There is also the is_trap_at_addr() function which uses is_trap_insn().
> I haven't checked the call paths here, are there any implications if
> is_trap_insn() always returns false?
having a same instruction as that of "uprobe break instruction" ie "BRK
#0x5" is rejected. So, I think a false positive return from
is_tarp_insn() is still OK.
~Pratyush
Catalin Marinas
Sep 28, 2016, 1:12:30 PM9/28/16
to Pratyush Anand
a valid uprobe, this function currently sends a SIGTRAP. But if
is_trap_insn() returns false always, is_trap_at_addr() would return 0 in
this case so the SIGTRAP is never issued.
--
Catalin
0 new messages