[v2] fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free()
| Message ID | 168873859949.156157.13039240432299335849.stgit@devnote2 |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp3322520vqx;
Fri, 7 Jul 2023 07:50:12 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlFDfHSGodpGWQJzMU1jGqNfuO2Sekr/fSEIAL9FDDkhuu0dFGgvsDAi8lJVJwOLhDNrBS+X
X-Received: by 2002:a17:906:8f:b0:992:b370:6994 with SMTP id
15-20020a170906008f00b00992b3706994mr4438469ejc.0.1688741412110;
Fri, 07 Jul 2023 07:50:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688741412; cv=none;
d=google.com; s=arc-20160816;
b=dYApomrN1qtKevq16M8jXvHqOucRYL9dW+e885cAQpXoScZJ5yIQ4n6wF3/wdZdz9Y
ANIOnxIkibl7Q1yKvZZL2fmwpEQiYPcxpdwYLQlSHycOSjyN4MeKFRkPoVRBuqAlEGaI
ac8kN4Bln/Amf0Znaci28VyqzMX9zWwS5EsNmFTYWAgLCW53cEg/ubKeoalY7TUCrGlu
EYBN5IozqIaN4a/9L/vJ8IOV0MR/Ov1Lz3b7qwhRZTbqFhU2bOEk1Yfd11jFLFX3gSm3
eWr59WJtTwT2BMEmvIBY+naeTnx1vtzn644lxLbI3g+SpgZi60xJEAqmusyvb6p/FBnQ
tBtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:user-agent:message-id:date:subject:cc:to:from:dkim-signature;
bh=gcUfnO63duFBSsOZEpf3OSX2FJZ+DLKp/Vw3at8xYy8=;
fh=gIDAbrYgH7zPn/4aLrb6GsQvda7HVGWxIoJD06iw/3A=;
b=ku2mHJpw0dGkE2hNlX2cUnYhA+U7RuV8qKlxwCJmE30gA49RxOOfc5Cc5l3zP6kAY1
DPap0X/jqgfmhiMHs5n7Et/PfFPLSeGB3aLAUjaW3/C4486IbcMSkslAJxXSGZShtoTL
jgp1z/80wCpxNxhbbJ+BVcfOdJ/U45nlw5VSIsXOwEhxh6dPYSpw3ytdODH7t8T0ZnL8
kndA1Q4xcf2KWPRJKcWnkbU6YKd3HA15I4Eq7jotrYo131nHcjo74ettuTzICEMbQta6
nbugNeI4v3rA/0hwxhF0hgPKQqRzNFlFhOZ8hrmxJGkux1URuRlxal6IetFRBA9Ff+Xd
vlmw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BAvfZI7n;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
jt11-20020a170906dfcb00b00992af008f19si2316410ejc.972.2023.07.07.07.49.48;
Fri, 07 Jul 2023 07:50:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BAvfZI7n;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229890AbjGGODa (ORCPT <rfc822;hadasmailinglist@gmail.com>
+ 99 others); Fri, 7 Jul 2023 10:03:30 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38262 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229663AbjGGOD0 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 7 Jul 2023 10:03:26 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org
[IPv6:2604:1380:4641:c500::1])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E13211B6;
Fri, 7 Jul 2023 07:03:25 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by dfw.source.kernel.org (Postfix) with ESMTPS id 77B61619BD;
Fri, 7 Jul 2023 14:03:25 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7BA9C433C7;
Fri, 7 Jul 2023 14:03:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1688738604;
bh=SLinMWnZAVI3P22sgqB7gSLnrZlUscYV51apQlD/gUg=;
h=From:To:Cc:Subject:Date:From;
b=BAvfZI7nJdF1ulD+736MGEirlLTD8Q8+190AmkBIeKfjbjfnWiaAAXKVTji8RTkxc
hFZlcXSoIeZ2NHv0jtJWfqu9p0//gZ5AuXpbqRxik3C6a64ejLnTsmYTJRDz8R6bfw
b6Mat4LeSRyk/LqCZX/BzZmPhIEr2FOg9CHzULyFF8m1Cb4mv6VdLDocbSDtFUqsGc
K3z2yRlGtYvG+A/1F+/RsZywqhE1h97j4l/0ztTQReGwkynq6PV+CPUHZz5+vGNGxb
csIZHj2UStT9nip8BBTszHIFSGbVOY7dTTKosSHoASK43wbOygSIzhQhNWox7jpytS
9dtiab1DLKb+A==
From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
To: Jiri Olsa <jolsa@kernel.org>, Steven Rostedt <rostedt@goodmis.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
lkml <linux-kernel@vger.kernel.org>,
linux-trace-kernel@vger.kernel.org, bpf@vger.kernel.org
Subject: [PATCH v2] fprobe: Ensure running fprobe_exit_handler() finished
before calling rethook_free()
Date: Fri, 7 Jul 2023 23:03:19 +0900
Message-Id: <168873859949.156157.13039240432299335849.stgit@devnote2>
X-Mailer: git-send-email 2.25.1
User-Agent: StGit/0.19
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1770773714943048850?=
X-GMAIL-MSGID: =?utf-8?q?1770773714943048850?=
|
| Series |
[v2] fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free()
|
|
Commit Message
Masami Hiramatsu (Google)
July 7, 2023, 2:03 p.m. UTC
From: Masami Hiramatsu (Google) <mhiramat@kernel.org> Ensure running fprobe_exit_handler() has finished before calling rethook_free() in the unregister_fprobe() so that caller can free the fprobe right after unregister_fprobe(). unregister_fprobe() ensured that all running fprobe_entry/exit_handler() have finished by calling unregister_ftrace_function() which synchronizes RCU. But commit 5f81018753df ("fprobe: Release rethook after the ftrace_ops is unregistered") changed to call rethook_free() after unregister_ftrace_function(). So call rethook_stop() to make rethook disabled before unregister_ftrace_function() and ensure it again. Here is the possible code flow that can call the exit handler after unregister_fprobe(). ------ CPU1 CPU2 call unregister_fprobe(fp) ... __fprobe_handler() rethook_hook() on probed function unregister_ftrace_function() return from probed function rethook hooks find rh->handler == fprobe_exit_handler call fprobe_exit_handler() rethook_free(): set rh->handler = NULL; return from unreigster_fprobe; call fp->exit_handler() <- (*) ------ (*) At this point, the exit handler is called after returning from unregister_fprobe(). This fixes it as following; ------ CPU1 CPU2 call unregister_fprobe() ... rethook_stop(): set rh->handler = NULL; __fprobe_handler() rethook_hook() on probed function unregister_ftrace_function() return from probed function rethook hooks find rh->handler == NULL return from rethook rethook_free() return from unreigster_fprobe; ------ Fixes: 5f81018753df ("fprobe: Release rethook after the ftrace_ops is unregistered") Cc: stable@vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> --- Changes in v2: - Update changelog to add a problematic code flow. --- include/linux/rethook.h | 1 + kernel/trace/fprobe.c | 3 +++ kernel/trace/rethook.c | 13 +++++++++++++ 3 files changed, 17 insertions(+)
Comments
On Fri, 7 Jul 2023 23:03:19 +0900 "Masami Hiramatsu (Google)" <mhiramat@kernel.org> wrote: > From: Masami Hiramatsu (Google) <mhiramat@kernel.org> > > Ensure running fprobe_exit_handler() has finished before > calling rethook_free() in the unregister_fprobe() so that caller can free > the fprobe right after unregister_fprobe(). > > unregister_fprobe() ensured that all running fprobe_entry/exit_handler() > have finished by calling unregister_ftrace_function() which synchronizes > RCU. But commit 5f81018753df ("fprobe: Release rethook after the ftrace_ops > is unregistered") changed to call rethook_free() after > unregister_ftrace_function(). So call rethook_stop() to make rethook > disabled before unregister_ftrace_function() and ensure it again. > > Here is the possible code flow that can call the exit handler after > unregister_fprobe(). > > ------ > CPU1 CPU2 > call unregister_fprobe(fp) > ... > __fprobe_handler() > rethook_hook() on probed function > unregister_ftrace_function() > return from probed function > rethook hooks > find rh->handler == fprobe_exit_handler > call fprobe_exit_handler() > rethook_free(): > set rh->handler = NULL; > return from unreigster_fprobe; > call fp->exit_handler() <- (*) > ------ > > (*) At this point, the exit handler is called after returning from > unregister_fprobe(). > > This fixes it as following; > ------ > CPU1 CPU2 > call unregister_fprobe() > ... > rethook_stop(): > set rh->handler = NULL; > __fprobe_handler() > rethook_hook() on probed function > unregister_ftrace_function() > return from probed function > rethook hooks > find rh->handler == NULL > return from rethook > rethook_free() > return from unreigster_fprobe; > ------ > > > Fixes: 5f81018753df ("fprobe: Release rethook after the ftrace_ops is unregistered") > Cc: stable@vger.kernel.org > Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Looks good. Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org> > --- > Changes in v2: > - Update changelog to add a problematic code flow. Nit, for making forensic analysis easier in the future, I now always add a link to the previous version. That is: Changes since v1: https://lore.kernel.org/linux-trace-kernel/168796344232.46347.7947681068822514750.stgit@devnote2/ - Update changelog to add a problematic code flow. -- Steve > --- > include/linux/rethook.h | 1 + > kernel/trace/fprobe.c | 3 +++ > kernel/trace/rethook.c | 13 +++++++++++++ > 3 files changed, 17 insertions(+) >
On Mon, 10 Jul 2023 18:04:22 -0400 Steven Rostedt <rostedt@goodmis.org> wrote: > On Fri, 7 Jul 2023 23:03:19 +0900 > "Masami Hiramatsu (Google)" <mhiramat@kernel.org> wrote: > > > From: Masami Hiramatsu (Google) <mhiramat@kernel.org> > > > > Ensure running fprobe_exit_handler() has finished before > > calling rethook_free() in the unregister_fprobe() so that caller can free > > the fprobe right after unregister_fprobe(). > > > > unregister_fprobe() ensured that all running fprobe_entry/exit_handler() > > have finished by calling unregister_ftrace_function() which synchronizes > > RCU. But commit 5f81018753df ("fprobe: Release rethook after the ftrace_ops > > is unregistered") changed to call rethook_free() after > > unregister_ftrace_function(). So call rethook_stop() to make rethook > > disabled before unregister_ftrace_function() and ensure it again. > > > > Here is the possible code flow that can call the exit handler after > > unregister_fprobe(). > > > > ------ > > CPU1 CPU2 > > call unregister_fprobe(fp) > > ... > > __fprobe_handler() > > rethook_hook() on probed function > > unregister_ftrace_function() > > return from probed function > > rethook hooks > > find rh->handler == fprobe_exit_handler > > call fprobe_exit_handler() > > rethook_free(): > > set rh->handler = NULL; > > return from unreigster_fprobe; > > call fp->exit_handler() <- (*) > > ------ > > > > (*) At this point, the exit handler is called after returning from > > unregister_fprobe(). > > > > This fixes it as following; > > ------ > > CPU1 CPU2 > > call unregister_fprobe() > > ... > > rethook_stop(): > > set rh->handler = NULL; > > __fprobe_handler() > > rethook_hook() on probed function > > unregister_ftrace_function() > > return from probed function > > rethook hooks > > find rh->handler == NULL > > return from rethook > > rethook_free() > > return from unreigster_fprobe; > > ------ > > > > > > Fixes: 5f81018753df ("fprobe: Release rethook after the ftrace_ops is unregistered") > > Cc: stable@vger.kernel.org > > Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> > > Looks good. > > Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org> Thank you :) > > > > --- > > Changes in v2: > > - Update changelog to add a problematic code flow. > > Nit, for making forensic analysis easier in the future, I now always add a > link to the previous version. That is: > > Changes since v1: https://lore.kernel.org/linux-trace-kernel/168796344232.46347.7947681068822514750.stgit@devnote2/ > - Update changelog to add a problematic code flow. OK, I'll add it for an isolated patch too. Thanks! > > -- Steve > > > > --- > > include/linux/rethook.h | 1 + > > kernel/trace/fprobe.c | 3 +++ > > kernel/trace/rethook.c | 13 +++++++++++++ > > 3 files changed, 17 insertions(+) > >
diff --git a/include/linux/rethook.h b/include/linux/rethook.h index c8ac1e5afcd1..bdbe6717f45a 100644 --- a/include/linux/rethook.h +++ b/include/linux/rethook.h @@ -59,6 +59,7 @@ struct rethook_node { }; struct rethook *rethook_alloc(void *data, rethook_handler_t handler); +void rethook_stop(struct rethook *rh); void rethook_free(struct rethook *rh); void rethook_add_node(struct rethook *rh, struct rethook_node *node); struct rethook_node *rethook_try_get(struct rethook *rh); diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 0121e8c0d54e..75517667b54f 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -364,6 +364,9 @@ int unregister_fprobe(struct fprobe *fp) fp->ops.saved_func != fprobe_kprobe_handler)) return -EINVAL; + if (fp->rethook) + rethook_stop(fp->rethook); + ret = unregister_ftrace_function(&fp->ops); if (ret < 0) return ret; diff --git a/kernel/trace/rethook.c b/kernel/trace/rethook.c index 60f6cb2b486b..468006cce7ca 100644 --- a/kernel/trace/rethook.c +++ b/kernel/trace/rethook.c @@ -53,6 +53,19 @@ static void rethook_free_rcu(struct rcu_head *head) kfree(rh); } +/** + * rethook_stop() - Stop using a rethook. + * @rh: the struct rethook to stop. + * + * Stop using a rethook to prepare for freeing it. If you want to wait for + * all running rethook handler before calling rethook_free(), you need to + * call this first and wait RCU, and call rethook_free(). + */ +void rethook_stop(struct rethook *rh) +{ + WRITE_ONCE(rh->handler, NULL); +} + /** * rethook_free() - Free struct rethook. * @rh: the struct rethook to be freed.