Commit 9ec4b1f356b3bad928ae8e2aa9caebfa737d52df
Committed by
Linus Torvalds
1 parent
d3b8a1a849
Exists in
master
and in
4 other branches
[PATCH] kprobes: fix single-step out of line - take2
Now that PPC64 has no-execute support, here is a second try to fix the single step out of line during kprobe execution. Kprobes on x86_64 already solved this problem by allocating an executable page and using it as the scratch area for stepping out of line. Reuse that. Signed-off-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing 6 changed files with 128 additions and 117 deletions Side-by-side Diff
arch/ppc64/kernel/kprobes.c
... | ... | @@ -36,6 +36,8 @@ |
36 | 36 | #include <asm/kdebug.h> |
37 | 37 | #include <asm/sstep.h> |
38 | 38 | |
39 | +static DECLARE_MUTEX(kprobe_mutex); | |
40 | + | |
39 | 41 | static struct kprobe *current_kprobe; |
40 | 42 | static unsigned long kprobe_status, kprobe_saved_msr; |
41 | 43 | static struct kprobe *kprobe_prev; |
... | ... | @@ -54,6 +56,15 @@ |
54 | 56 | printk("Cannot register a kprobe on rfid or mtmsrd\n"); |
55 | 57 | ret = -EINVAL; |
56 | 58 | } |
59 | + | |
60 | + /* insn must be on a special executable page on ppc64 */ | |
61 | + if (!ret) { | |
62 | + up(&kprobe_mutex); | |
63 | + p->ainsn.insn = get_insn_slot(); | |
64 | + down(&kprobe_mutex); | |
65 | + if (!p->ainsn.insn) | |
66 | + ret = -ENOMEM; | |
67 | + } | |
57 | 68 | return ret; |
58 | 69 | } |
59 | 70 | |
60 | 71 | |
61 | 72 | |
62 | 73 | |
... | ... | @@ -79,16 +90,22 @@ |
79 | 90 | |
80 | 91 | void arch_remove_kprobe(struct kprobe *p) |
81 | 92 | { |
93 | + up(&kprobe_mutex); | |
94 | + free_insn_slot(p->ainsn.insn); | |
95 | + down(&kprobe_mutex); | |
82 | 96 | } |
83 | 97 | |
84 | 98 | static inline void prepare_singlestep(struct kprobe *p, struct pt_regs *regs) |
85 | 99 | { |
100 | + kprobe_opcode_t insn = *p->ainsn.insn; | |
101 | + | |
86 | 102 | regs->msr |= MSR_SE; |
87 | - /*single step inline if it a breakpoint instruction*/ | |
88 | - if (p->opcode == BREAKPOINT_INSTRUCTION) | |
103 | + | |
104 | + /* single step inline if it is a trap variant */ | |
105 | + if (IS_TW(insn) || IS_TD(insn) || IS_TWI(insn) || IS_TDI(insn)) | |
89 | 106 | regs->nip = (unsigned long)p->addr; |
90 | 107 | else |
91 | - regs->nip = (unsigned long)&p->ainsn.insn; | |
108 | + regs->nip = (unsigned long)p->ainsn.insn; | |
92 | 109 | } |
93 | 110 | |
94 | 111 | static inline void save_previous_kprobe(void) |
95 | 112 | |
... | ... | @@ -205,9 +222,10 @@ |
205 | 222 | static void resume_execution(struct kprobe *p, struct pt_regs *regs) |
206 | 223 | { |
207 | 224 | int ret; |
225 | + unsigned int insn = *p->ainsn.insn; | |
208 | 226 | |
209 | 227 | regs->nip = (unsigned long)p->addr; |
210 | - ret = emulate_step(regs, p->ainsn.insn[0]); | |
228 | + ret = emulate_step(regs, insn); | |
211 | 229 | if (ret == 0) |
212 | 230 | regs->nip = (unsigned long)p->addr + 4; |
213 | 231 | } |
arch/x86_64/kernel/kprobes.c
... | ... | @@ -38,7 +38,7 @@ |
38 | 38 | #include <linux/string.h> |
39 | 39 | #include <linux/slab.h> |
40 | 40 | #include <linux/preempt.h> |
41 | -#include <linux/moduleloader.h> | |
41 | + | |
42 | 42 | #include <asm/cacheflush.h> |
43 | 43 | #include <asm/pgtable.h> |
44 | 44 | #include <asm/kdebug.h> |
... | ... | @@ -51,8 +51,6 @@ |
51 | 51 | static unsigned long kprobe_status_prev, kprobe_old_rflags_prev, kprobe_saved_rflags_prev; |
52 | 52 | static struct pt_regs jprobe_saved_regs; |
53 | 53 | static long *jprobe_saved_rsp; |
54 | -static kprobe_opcode_t *get_insn_slot(void); | |
55 | -static void free_insn_slot(kprobe_opcode_t *slot); | |
56 | 54 | void jprobe_return_end(void); |
57 | 55 | |
58 | 56 | /* copy of the kernel stack at the probe fire time */ |
... | ... | @@ -680,114 +678,5 @@ |
680 | 678 | return 1; |
681 | 679 | } |
682 | 680 | return 0; |
683 | -} | |
684 | - | |
685 | -/* | |
686 | - * kprobe->ainsn.insn points to the copy of the instruction to be single-stepped. | |
687 | - * By default on x86_64, pages we get from kmalloc or vmalloc are not | |
688 | - * executable. Single-stepping an instruction on such a page yields an | |
689 | - * oops. So instead of storing the instruction copies in their respective | |
690 | - * kprobe objects, we allocate a page, map it executable, and store all the | |
691 | - * instruction copies there. (We can allocate additional pages if somebody | |
692 | - * inserts a huge number of probes.) Each page can hold up to INSNS_PER_PAGE | |
693 | - * instruction slots, each of which is MAX_INSN_SIZE*sizeof(kprobe_opcode_t) | |
694 | - * bytes. | |
695 | - */ | |
696 | -#define INSNS_PER_PAGE (PAGE_SIZE/(MAX_INSN_SIZE*sizeof(kprobe_opcode_t))) | |
697 | -struct kprobe_insn_page { | |
698 | - struct hlist_node hlist; | |
699 | - kprobe_opcode_t *insns; /* page of instruction slots */ | |
700 | - char slot_used[INSNS_PER_PAGE]; | |
701 | - int nused; | |
702 | -}; | |
703 | - | |
704 | -static struct hlist_head kprobe_insn_pages; | |
705 | - | |
706 | -/** | |
707 | - * get_insn_slot() - Find a slot on an executable page for an instruction. | |
708 | - * We allocate an executable page if there's no room on existing ones. | |
709 | - */ | |
710 | -static kprobe_opcode_t *get_insn_slot(void) | |
711 | -{ | |
712 | - struct kprobe_insn_page *kip; | |
713 | - struct hlist_node *pos; | |
714 | - | |
715 | - hlist_for_each(pos, &kprobe_insn_pages) { | |
716 | - kip = hlist_entry(pos, struct kprobe_insn_page, hlist); | |
717 | - if (kip->nused < INSNS_PER_PAGE) { | |
718 | - int i; | |
719 | - for (i = 0; i < INSNS_PER_PAGE; i++) { | |
720 | - if (!kip->slot_used[i]) { | |
721 | - kip->slot_used[i] = 1; | |
722 | - kip->nused++; | |
723 | - return kip->insns + (i*MAX_INSN_SIZE); | |
724 | - } | |
725 | - } | |
726 | - /* Surprise! No unused slots. Fix kip->nused. */ | |
727 | - kip->nused = INSNS_PER_PAGE; | |
728 | - } | |
729 | - } | |
730 | - | |
731 | - /* All out of space. Need to allocate a new page. Use slot 0.*/ | |
732 | - kip = kmalloc(sizeof(struct kprobe_insn_page), GFP_KERNEL); | |
733 | - if (!kip) { | |
734 | - return NULL; | |
735 | - } | |
736 | - | |
737 | - /* | |
738 | - * For the %rip-relative displacement fixups to be doable, we | |
739 | - * need our instruction copy to be within +/- 2GB of any data it | |
740 | - * might access via %rip. That is, within 2GB of where the | |
741 | - * kernel image and loaded module images reside. So we allocate | |
742 | - * a page in the module loading area. | |
743 | - */ | |
744 | - kip->insns = module_alloc(PAGE_SIZE); | |
745 | - if (!kip->insns) { | |
746 | - kfree(kip); | |
747 | - return NULL; | |
748 | - } | |
749 | - INIT_HLIST_NODE(&kip->hlist); | |
750 | - hlist_add_head(&kip->hlist, &kprobe_insn_pages); | |
751 | - memset(kip->slot_used, 0, INSNS_PER_PAGE); | |
752 | - kip->slot_used[0] = 1; | |
753 | - kip->nused = 1; | |
754 | - return kip->insns; | |
755 | -} | |
756 | - | |
757 | -/** | |
758 | - * free_insn_slot() - Free instruction slot obtained from get_insn_slot(). | |
759 | - */ | |
760 | -static void free_insn_slot(kprobe_opcode_t *slot) | |
761 | -{ | |
762 | - struct kprobe_insn_page *kip; | |
763 | - struct hlist_node *pos; | |
764 | - | |
765 | - hlist_for_each(pos, &kprobe_insn_pages) { | |
766 | - kip = hlist_entry(pos, struct kprobe_insn_page, hlist); | |
767 | - if (kip->insns <= slot | |
768 | - && slot < kip->insns+(INSNS_PER_PAGE*MAX_INSN_SIZE)) { | |
769 | - int i = (slot - kip->insns) / MAX_INSN_SIZE; | |
770 | - kip->slot_used[i] = 0; | |
771 | - kip->nused--; | |
772 | - if (kip->nused == 0) { | |
773 | - /* | |
774 | - * Page is no longer in use. Free it unless | |
775 | - * it's the last one. We keep the last one | |
776 | - * so as not to have to set it up again the | |
777 | - * next time somebody inserts a probe. | |
778 | - */ | |
779 | - hlist_del(&kip->hlist); | |
780 | - if (hlist_empty(&kprobe_insn_pages)) { | |
781 | - INIT_HLIST_NODE(&kip->hlist); | |
782 | - hlist_add_head(&kip->hlist, | |
783 | - &kprobe_insn_pages); | |
784 | - } else { | |
785 | - module_free(NULL, kip->insns); | |
786 | - kfree(kip); | |
787 | - } | |
788 | - } | |
789 | - return; | |
790 | - } | |
791 | - } | |
792 | 681 | } |
include/asm-ia64/kprobes.h
include/asm-ppc64/kprobes.h
include/linux/kprobes.h
... | ... | @@ -177,6 +177,8 @@ |
177 | 177 | extern void arch_disarm_kprobe(struct kprobe *p); |
178 | 178 | extern void arch_remove_kprobe(struct kprobe *p); |
179 | 179 | extern void show_registers(struct pt_regs *regs); |
180 | +extern kprobe_opcode_t *get_insn_slot(void); | |
181 | +extern void free_insn_slot(kprobe_opcode_t *slot); | |
180 | 182 | |
181 | 183 | /* Get the kprobe at this addr (if any). Must have called lock_kprobes */ |
182 | 184 | struct kprobe *get_kprobe(void *addr); |
kernel/kprobes.c
... | ... | @@ -36,6 +36,7 @@ |
36 | 36 | #include <linux/hash.h> |
37 | 37 | #include <linux/init.h> |
38 | 38 | #include <linux/module.h> |
39 | +#include <linux/moduleloader.h> | |
39 | 40 | #include <asm/cacheflush.h> |
40 | 41 | #include <asm/errno.h> |
41 | 42 | #include <asm/kdebug.h> |
... | ... | @@ -49,6 +50,106 @@ |
49 | 50 | unsigned int kprobe_cpu = NR_CPUS; |
50 | 51 | static DEFINE_SPINLOCK(kprobe_lock); |
51 | 52 | static struct kprobe *curr_kprobe; |
53 | + | |
54 | +/* | |
55 | + * kprobe->ainsn.insn points to the copy of the instruction to be | |
56 | + * single-stepped. x86_64, POWER4 and above have no-exec support and | |
57 | + * stepping on the instruction on a vmalloced/kmalloced/data page | |
58 | + * is a recipe for disaster | |
59 | + */ | |
60 | +#define INSNS_PER_PAGE (PAGE_SIZE/(MAX_INSN_SIZE * sizeof(kprobe_opcode_t))) | |
61 | + | |
62 | +struct kprobe_insn_page { | |
63 | + struct hlist_node hlist; | |
64 | + kprobe_opcode_t *insns; /* Page of instruction slots */ | |
65 | + char slot_used[INSNS_PER_PAGE]; | |
66 | + int nused; | |
67 | +}; | |
68 | + | |
69 | +static struct hlist_head kprobe_insn_pages; | |
70 | + | |
71 | +/** | |
72 | + * get_insn_slot() - Find a slot on an executable page for an instruction. | |
73 | + * We allocate an executable page if there's no room on existing ones. | |
74 | + */ | |
75 | +kprobe_opcode_t *get_insn_slot(void) | |
76 | +{ | |
77 | + struct kprobe_insn_page *kip; | |
78 | + struct hlist_node *pos; | |
79 | + | |
80 | + hlist_for_each(pos, &kprobe_insn_pages) { | |
81 | + kip = hlist_entry(pos, struct kprobe_insn_page, hlist); | |
82 | + if (kip->nused < INSNS_PER_PAGE) { | |
83 | + int i; | |
84 | + for (i = 0; i < INSNS_PER_PAGE; i++) { | |
85 | + if (!kip->slot_used[i]) { | |
86 | + kip->slot_used[i] = 1; | |
87 | + kip->nused++; | |
88 | + return kip->insns + (i * MAX_INSN_SIZE); | |
89 | + } | |
90 | + } | |
91 | + /* Surprise! No unused slots. Fix kip->nused. */ | |
92 | + kip->nused = INSNS_PER_PAGE; | |
93 | + } | |
94 | + } | |
95 | + | |
96 | + /* All out of space. Need to allocate a new page. Use slot 0.*/ | |
97 | + kip = kmalloc(sizeof(struct kprobe_insn_page), GFP_KERNEL); | |
98 | + if (!kip) { | |
99 | + return NULL; | |
100 | + } | |
101 | + | |
102 | + /* | |
103 | + * Use module_alloc so this page is within +/- 2GB of where the | |
104 | + * kernel image and loaded module images reside. This is required | |
105 | + * so x86_64 can correctly handle the %rip-relative fixups. | |
106 | + */ | |
107 | + kip->insns = module_alloc(PAGE_SIZE); | |
108 | + if (!kip->insns) { | |
109 | + kfree(kip); | |
110 | + return NULL; | |
111 | + } | |
112 | + INIT_HLIST_NODE(&kip->hlist); | |
113 | + hlist_add_head(&kip->hlist, &kprobe_insn_pages); | |
114 | + memset(kip->slot_used, 0, INSNS_PER_PAGE); | |
115 | + kip->slot_used[0] = 1; | |
116 | + kip->nused = 1; | |
117 | + return kip->insns; | |
118 | +} | |
119 | + | |
120 | +void free_insn_slot(kprobe_opcode_t *slot) | |
121 | +{ | |
122 | + struct kprobe_insn_page *kip; | |
123 | + struct hlist_node *pos; | |
124 | + | |
125 | + hlist_for_each(pos, &kprobe_insn_pages) { | |
126 | + kip = hlist_entry(pos, struct kprobe_insn_page, hlist); | |
127 | + if (kip->insns <= slot && | |
128 | + slot < kip->insns + (INSNS_PER_PAGE * MAX_INSN_SIZE)) { | |
129 | + int i = (slot - kip->insns) / MAX_INSN_SIZE; | |
130 | + kip->slot_used[i] = 0; | |
131 | + kip->nused--; | |
132 | + if (kip->nused == 0) { | |
133 | + /* | |
134 | + * Page is no longer in use. Free it unless | |
135 | + * it's the last one. We keep the last one | |
136 | + * so as not to have to set it up again the | |
137 | + * next time somebody inserts a probe. | |
138 | + */ | |
139 | + hlist_del(&kip->hlist); | |
140 | + if (hlist_empty(&kprobe_insn_pages)) { | |
141 | + INIT_HLIST_NODE(&kip->hlist); | |
142 | + hlist_add_head(&kip->hlist, | |
143 | + &kprobe_insn_pages); | |
144 | + } else { | |
145 | + module_free(NULL, kip->insns); | |
146 | + kfree(kip); | |
147 | + } | |
148 | + } | |
149 | + return; | |
150 | + } | |
151 | + } | |
152 | +} | |
52 | 153 | |
53 | 154 | /* Locks kprobe: irqs must be disabled */ |
54 | 155 | void lock_kprobes(void) |