Re: livepatch/kprobes incompatibility

From: Masami Hiramatsu
Date: Wed Aug 24 2016 - 11:17:11 EST

On Tue, 23 Aug 2016 21:13:00 -0400
Jessica Yu <jeyu@xxxxxxxxxx> wrote:

> Hi Masami, Petr,
> I'm trying to figure out where we are exactly with fixing the problems with
> livepatch + kprobes, and I was wondering if there will be any more updates to
> the ipmodify patchset that was originally merged back in 2014 (See:
> It seems that patch 4/5 ("kprobes: Set
> IPMODIFY flag only if the probe can change regs->ip") wasn't merged due to
> other ongoing work, and this patch in particular was needed to enforce a hard
> conflict between livepatch and jprobes while still enabling livepatch and
> kprobes to co-exist.

Hmm, it seems I have missed to follow it up.
I'll try refresh it for the latest kernel again.

> Currently, it looks like livepatch/kpatch and kprobes are still in direct
> conflict, since both kprobe_ftrace_ops and klp_ops have FTRACE_OPS_FL_IPMODIFY
> set. *But* it seems like this mutual exclusion wasn't 100% implemented; I'm
> not sure if this was intentional, but kprobes registration will still return
> success even when ftrace registration fails due to an ipmodify conflict, and
> instead we just get WARNs (See: arm_kprobe_ftrace()).
> So we still end up with buggy situations like the following:
> (1) livepatch patches meminfo_proc_show [ succeeds ]
> (2) systemtap probes meminfo_proc_show (using kprobes) [ fails ]
> * BUT from the user's perspective, it would look like systemtap succeeded,
> since register_kprobe() returned success, but the handler will never fire
> and only when we look at dmesg do we see that something went wrong
> (i.e. ftrace registration had failed since livepatch already reserved
> ipmodify in step 1).
> From what I understand though, there was work being planned to limit this
> direct conflict to just livepatch and jprobes, since most of the time kprobes
> doesn't change regs->ip. Just wondering what the current state of this work is.

Right, jprobes and livepatch can not work together, but kprobe should be


