Re: [PATCH 2/2] kprobes/x86: Use 16 bytes for each instruction slot again

[Masami Hiramatsu]

On 2015/06/02 6:57, Andy Lutomirski wrote:
> On Mon, Jun 1, 2015 at 2:49 PM, Masami Hiramatsu
> <masami.hiramatsu.pt@xxxxxxxxxxx> wrote:
>> On 2015/06/02 2:04, Andy Lutomirski wrote:
>>> On Mon, Jun 1, 2015 at 9:32 AM, Eugene Shatokhin
>>> <eugene.shatokhin@xxxxxxxxxx> wrote:
>>>> Commit 91e5ed49fca0 ("x86/asm/decoder: Fix and enforce max instruction
>>>> size in the insn decoder") has changed MAX_INSN_SIZE from 16 to 15 bytes
>>>> on x86.
>>>>
>>>> As a side effect, the slots Kprobes use to store the instructions became
>>>> 1 byte shorter. This is unfortunate because, for example, the Kprobes'
>>>> "boost" feature can not be used now for the instructions of length 11,
>>>> like a quite common kind of MOV:
>>>> * movq $0xffffffffffffffff,-0x3fe8(%rax) (48 c7 80 18 c0 ff ff ff ff ff ff)
>>>> * movq $0x0,0x88(%rdi)                   (48 c7 87 88 00 00 00 00 00 00 00)
>>>> and so on.
>>>>
>>>> This patch makes the insn slots 16 bytes long, like they were before while
>>>> keeping MAX_INSN_SIZE intact.
>>>>
>>>> Other tools may benefit from this change as well.
>>>
>>> What is a "slot" and why does this patch make sense?  Naively, I'd
>>> expect that the check you're patching is entirely unnecessary -- I
>>> don't see what the size of the instruction being probed has to do with
>>> the safety of executing it out of line and then jumping back.
>>>
>>> Is there another magic 16 somewhere that this is enforcing that we
>>> don't overrun?
>>
>> The kprobe-"booster" adds a jump back code (jmp <probed address + insn length>)
>> right after the instruction in the out-of-code buffer(slot). So we need at least
>> the insn-length + 5 bytes for the slot, it's the trick of the magic :)
> 
> This still doesn't explain what a "slot" is.
> 
> I broke (?) something because I didn't see anything that looked
> relevant that I was changing.  But now I see it:
> 
> -       .insn_size = MAX_INSN_SIZE,
> +       .insn_size = KPROBE_INSN_SLOT_SIZE,
> 
> Would it make sense to clean this up?  insn_size isn't the size of an
> instruction at all -- it's the size of a kprobe jump target in units
> of sizeof(kprobe_opcode_t).
> 
> How about renaming insn_size to something sensible (and maybe
> specifying the size in *bytes*)?

Ah, I see what you meant. Indeed, ".insn_size" is very easy to mislead, which
is the size of code buffer. At least it should be "insn_slot_size".
Since the code on the buffer(slot) must be executable, we need to use
module_alloc. That is why I introduced new allocation logic, and named it
"slot" for each part of the buffer, since module_alloc allocates pages not
a slab object.

Anyway, I'll rename it.

Thank you!

-- 
Masami HIRAMATSU
Linux Technology Research Center, System Productivity Research Dept.
Center for Technology Innovation - Systems Engineering
Hitachi, Ltd., Research & Development Group
E-mail: masami.hiramatsu.pt@xxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/