Re: [PATCH] bpf: reject blacklisted symbols in kprobe_multi to avoid recursive trap

From: Google
Date: Tue May 16 2023 - 01:10:41 EST


On Tue, 16 May 2023 13:31:53 +0900
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx> wrote:

> On Sat, 13 May 2023 00:17:57 -0400
> Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
>
> > On Fri, 12 May 2023 07:29:02 -0700
> > Yonghong Song <yhs@xxxxxxxx> wrote:
> >
> > > A fprobe_blacklist might make sense indeed as fprobe and kprobe are
> > > quite different... Thanks for working on this.
> >
> > Hmm, I think I see the problem:
> >
> > fprobe_kprobe_handler() {
> > kprobe_busy_begin() {
> > preempt_disable() {
> > preempt_count_add() { <-- trace
> > fprobe_kprobe_handler() {
> > [ wash, rinse, repeat, CRASH!!! ]
> >
> > Either the kprobe_busy_begin() needs to use preempt_disable_notrace()
> > versions, or fprobe_kprobe_handle() needs a
> > ftrace_test_recursion_trylock() call.
>
> Oops, I got it. Is preempt_count_add() tracable? If so, kprobe_busy_begin()
> should be updated.

OK, preempt_count_add() is NOKPROBE_SYMBOL() so kprobe_busy_begin() should
be safe. The problem is in fprobe_kprobe_handler() then.

Thanks!

>
> Thanks,
>
> >
> > -- Steve
>
>
> --
> Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>


--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>