[for-linus,5/7] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case
Message ID | 20221120201222.492058544@goodmis.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1251971wrr; Sun, 20 Nov 2022 12:14:17 -0800 (PST) X-Google-Smtp-Source: AA0mqf5HgyKHDNNLQD+aF2mtjdlUOCr9HbplX0utbs2AofHIh+DTyTSkaedIRL+xmWXUtAxqCnf+ X-Received: by 2002:a63:ef50:0:b0:476:e813:1ae9 with SMTP id c16-20020a63ef50000000b00476e8131ae9mr97149pgk.305.1668975257470; Sun, 20 Nov 2022 12:14:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668975257; cv=none; d=google.com; s=arc-20160816; b=bartHTFLn5Tmc8ZIvylZxewCPtCDqKrchTSLS6GB5XZsAr5mbzcIEwlcZoyex+B01O IM1r8k/0KYwDd6s/fvF7mI2evbMh2HQTiVkusCzC7BoVvQfzgJhOWotsn5xr9MPEzzEa X423rAN8t2OqDvj9lbNIEYeQwBTZazD5ZiMsvXaiCNQBmlKlVQBwrzZf9K/OeOmo51JG RxPhLWmdUqIM/oolQnTE+uNisY6Mz5ETWvZy4GxJLjy+K5m/Bb5lFAAOBgL8+9fQVicn aYL22bdzuaE0Kz5sqjGzR122i3Qq7UMgTUtWGto3Xfmci+tzoQPq0Ni/iNa5X7LGGJu3 lhJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=Rsae648pEn+RndgKEVi8Schb3nunRno9WYsRDnXDGpQ=; b=BfSBGWJlNRGdjPSzvvYqTMpQzewpRDpbYN/BfQ3bh+tfTg3pOXl6OmEh0Vq3/ynvus dRKDvOBJVm3nfBnC5JpSjrDoPslWQXuG8aBsTObCb/jarCZTKMz1AcRNz3rr9TOS9YsZ u9uYoREODLd0SHB7KOnkA1lfNYBLnr4HQUtuYjLWgPSUEQjBUprsj/khhBSBQ8kVhc0M 0PKC2DEwHi3RPeeT2VmyO41vibxKevfAW9x0XAUwx6pmku+ZLYg65IYJ+hOaL7DQniUZ lZOdpcZ6gM6DbJnboPCm4/SiITQqQZCbmQTE+OIbkgpZQnFemm9q24at6jPfMz11TKnF OXsg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f188-20020a636ac5000000b004493c7cfb5csi9344705pgc.447.2022.11.20.12.14.04; Sun, 20 Nov 2022 12:14:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229680AbiKTUMe (ORCPT <rfc822;leviz.kernel.dev@gmail.com> + 99 others); Sun, 20 Nov 2022 15:12:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229518AbiKTUM3 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Sun, 20 Nov 2022 15:12:29 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CC3027D for <linux-kernel@vger.kernel.org>; Sun, 20 Nov 2022 12:12:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 25D4B60D29 for <linux-kernel@vger.kernel.org>; Sun, 20 Nov 2022 20:12:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7B5C9C4314A; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from <rostedt@goodmis.org>) id 1owqfu-00DiY3-1z; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201222.492058544@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:12:01 -0500 From: Steven Rostedt <rostedt@goodmis.org> To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org>, Andrew Morton <akpm@linux-foundation.org>, Zhao Gongyi <zhaogongyi@huawei.com>, Li Huafei <lihuafei1@huawei.com> Subject: [for-linus][PATCH 5/7] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750047399516475261?= X-GMAIL-MSGID: =?utf-8?q?1750047399516475261?= |
Series |
probes: Fixes for 6.1
|
|
Commit Message
Steven Rostedt
Nov. 20, 2022, 8:12 p.m. UTC
From: Li Huafei <lihuafei1@huawei.com> In __unregister_kprobe_top(), if the currently unregistered probe has post_handler but other child probes of the aggrprobe do not have post_handler, the post_handler of the aggrprobe is cleared. If this is a ftrace-based probe, there is a problem. In later calls to disarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is NULL. But we're armed with kprobe_ipmodify_ops. This triggers a WARN in __disarm_kprobe_ftrace() and may even cause use-after-free: Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2) WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0 Modules linked in: testKprobe_007(-) CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18 [...] Call Trace: <TASK> __disable_kprobe+0xcd/0xe0 __unregister_kprobe_top+0x12/0x150 ? mutex_lock+0xe/0x30 unregister_kprobes.part.23+0x31/0xa0 unregister_kprobe+0x32/0x40 __x64_sys_delete_module+0x15e/0x260 ? do_user_addr_fault+0x2cd/0x6b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] For the kprobe-on-ftrace case, we keep the post_handler setting to identify this aggrprobe armed with kprobe_ipmodify_ops. This way we can disarm it correctly. Link: https://lore.kernel.org/all/20221112070000.35299-1-lihuafei1@huawei.com/ Fixes: 0bc11ed5ab60 ("kprobes: Allow kprobes coexist with livepatch") Reported-by: Zhao Gongyi <zhaogongyi@huawei.com> Suggested-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Li Huafei <lihuafei1@huawei.com> Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> --- kernel/kprobes.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c index cd9f5a66a690..3050631e528d 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1766,7 +1766,13 @@ static int __unregister_kprobe_top(struct kprobe *p) if ((list_p != p) && (list_p->post_handler)) goto noclean; } - ap->post_handler = NULL; + /* + * For the kprobe-on-ftrace case, we keep the + * post_handler setting to identify this aggrprobe + * armed with kprobe_ipmodify_ops. + */ + if (!kprobe_ftrace(ap)) + ap->post_handler = NULL; } noclean: /*