5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol") which added a new test case to check non-unique symbol. However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series.
The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one.
Build and test case passed. [73] Test failure of registering kprobe on non unique symbol [PASS]
Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well
Francis Laniel (1): tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
Jiri Olsa (2): kallsyms: Make kallsyms_on_each_symbol generally available kallsyms: Make module_kallsyms_on_each_symbol generally available
include/linux/kallsyms.h | 7 +++- include/linux/module.h | 9 +++++ kernel/kallsyms.c | 2 - kernel/module.c | 2 - kernel/trace/trace_kprobe.c | 76 +++++++++++++++++++++++++++++++++++++ kernel/trace/trace_probe.h | 1 + 6 files changed, 92 insertions(+), 5 deletions(-)
From: Jiri Olsa jolsa@kernel.org
[ Upstream commit d721def7392a7348ffb9f3583b264239cbd3702c ]
Making kallsyms_on_each_symbol generally available, so it can be used outside CONFIG_LIVEPATCH option in following changes.
Rather than adding another ifdef option let's make the function generally available (when CONFIG_KALLSYMS option is defined).
Cc: Christoph Hellwig hch@lst.de Reviewed-by: Masami Hiramatsu mhiramat@kernel.org Signed-off-by: Jiri Olsa jolsa@kernel.org Link: https://lore.kernel.org/r/20220510122616.2652285-2-jolsa@kernel.org Signed-off-by: Alexei Starovoitov ast@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org Stable-dep-of: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") Signed-off-by: Sherry Yang sherry.yang@oracle.com --- include/linux/kallsyms.h | 7 ++++++- kernel/kallsyms.c | 2 -- 2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h index 465060acc981..430f1cefbb9e 100644 --- a/include/linux/kallsyms.h +++ b/include/linux/kallsyms.h @@ -71,11 +71,11 @@ static inline void *dereference_symbol_descriptor(void *ptr) return ptr; }
+#ifdef CONFIG_KALLSYMS int kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *, unsigned long), void *data);
-#ifdef CONFIG_KALLSYMS /* Lookup the address for a symbol. Returns 0 if not found. */ unsigned long kallsyms_lookup_name(const char *name);
@@ -155,6 +155,11 @@ static inline bool kallsyms_show_value(const struct cred *cred) return false; }
+static inline int kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *, + unsigned long), void *data) +{ + return -EOPNOTSUPP; +} #endif /*CONFIG_KALLSYMS*/
static inline void print_ip_sym(const char *loglvl, unsigned long ip) diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c index 8043a90aa50e..a0d3f0865916 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -177,7 +177,6 @@ unsigned long kallsyms_lookup_name(const char *name) return module_kallsyms_lookup_name(name); }
-#ifdef CONFIG_LIVEPATCH /* * Iterate over all symbols in vmlinux. For symbols from modules use * module_kallsyms_on_each_symbol instead. @@ -199,7 +198,6 @@ int kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *, } return 0; } -#endif /* CONFIG_LIVEPATCH */
static unsigned long get_symbol_pos(unsigned long addr, unsigned long *symbolsize,
From: Jiri Olsa jolsa@kernel.org
commit 73feb8d5fa3b755bb51077c0aabfb6aa556fd498 upstream.
Making module_kallsyms_on_each_symbol generally available, so it can be used outside CONFIG_LIVEPATCH option in following changes.
Rather than adding another ifdef option let's make the function generally available (when CONFIG_KALLSYMS and CONFIG_MODULES options are defined).
Cc: Christoph Hellwig hch@lst.de Acked-by: Song Liu song@kernel.org Signed-off-by: Jiri Olsa jolsa@kernel.org Link: https://lore.kernel.org/r/20221025134148.3300700-2-jolsa@kernel.org Signed-off-by: Alexei Starovoitov ast@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Stable-dep-of: 926fe783c8a6 ("tracing/kprobes: Fix symbol counting logic by looking at modules as well") Signed-off-by: Markus Boehme markubo@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Stable-dep-of: 329197033bb0 ("tracing/kprobes: Fix symbol counting logic by looking at modules as well") Signed-off-by: Sherry Yang sherry.yang@oracle.com --- include/linux/module.h | 9 +++++++++ kernel/module.c | 2 -- 2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/include/linux/module.h b/include/linux/module.h index a55a40c28568..63fe94e6ae6f 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -875,8 +875,17 @@ static inline bool module_sig_ok(struct module *module) } #endif /* CONFIG_MODULE_SIG */
+#if defined(CONFIG_MODULES) && defined(CONFIG_KALLSYMS) int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *, unsigned long), void *data); +#else +static inline int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *, + struct module *, unsigned long), + void *data) +{ + return -EOPNOTSUPP; +} +#endif /* CONFIG_MODULES && CONFIG_KALLSYMS */
#endif /* _LINUX_MODULE_H */ diff --git a/kernel/module.c b/kernel/module.c index edc7b99cb16f..7f3ba597af6c 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -4444,7 +4444,6 @@ unsigned long module_kallsyms_lookup_name(const char *name) return ret; }
-#ifdef CONFIG_LIVEPATCH int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *, unsigned long), void *data) @@ -4475,7 +4474,6 @@ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *, mutex_unlock(&module_mutex); return ret; } -#endif /* CONFIG_LIVEPATCH */ #endif /* CONFIG_KALLSYMS */
/* Maximum number of characters written by module_flags() */
From: Francis Laniel flaniel@linux.microsoft.com
commit b022f0c7e404887a7c5229788fc99eff9f9a80d5 upstream.
When a kprobe is attached to a function that's name is not unique (is static and shares the name with other functions in the kernel), the kprobe is attached to the first function it finds. This is a bug as the function that it is attaching to is not necessarily the one that the user wants to attach to.
Instead of blindly picking a function to attach to what is ambiguous, error with EADDRNOTAVAIL to let the user know that this function is not unique, and that the user must use another unique function with an address offset to get to the function they want to attach to.
Link: https://lore.kernel.org/all/20231020104250.9537-2-flaniel@linux.microsoft.co...
Cc: stable@vger.kernel.org Fixes: 413d37d1eb69 ("tracing: Add kprobe-based event tracer") Suggested-by: Masami Hiramatsu mhiramat@kernel.org Signed-off-by: Francis Laniel flaniel@linux.microsoft.com Link: https://lore.kernel.org/lkml/20230819101105.b0c104ae4494a7d1f2eea742@kernel.... Acked-by: Masami Hiramatsu (Google) mhiramat@kernel.org Signed-off-by: Masami Hiramatsu (Google) mhiramat@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org [Sherry: 5.10.y added a new kselftest kprobe_non_uniq_symbol.tc by backporting commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol"). However, 5.10.y didn't backport this commit which provides unique symbol check suppport from kernel side. Minor conflicts due to context change, ignore context change] Signed-off-by: Sherry Yang sherry.yang@oracle.com --- kernel/trace/trace_kprobe.c | 74 +++++++++++++++++++++++++++++++++++++ kernel/trace/trace_probe.h | 1 + 2 files changed, 75 insertions(+)
diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 5453af26ff76..91dfe8cf1ce8 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -715,6 +715,36 @@ static inline void sanitize_event_name(char *name) *name = '_'; }
+struct count_symbols_struct { + const char *func_name; + unsigned int count; +}; + +static int count_symbols(void *data, const char *name, struct module *unused0, + unsigned long unused1) +{ + struct count_symbols_struct *args = data; + + if (strcmp(args->func_name, name)) + return 0; + + args->count++; + + return 0; +} + +static unsigned int number_of_same_symbols(char *func_name) +{ + struct count_symbols_struct args = { + .func_name = func_name, + .count = 0, + }; + + kallsyms_on_each_symbol(count_symbols, &args); + + return args.count; +} + static int trace_kprobe_create(int argc, const char *argv[]) { /* @@ -842,6 +872,31 @@ static int trace_kprobe_create(int argc, const char *argv[]) } }
+ if (symbol && !strchr(symbol, ':')) { + unsigned int count; + + count = number_of_same_symbols(symbol); + if (count > 1) { + /* + * Users should use ADDR to remove the ambiguity of + * using KSYM only. + */ + trace_probe_log_err(0, NON_UNIQ_SYMBOL); + ret = -EADDRNOTAVAIL; + + goto error; + } else if (count == 0) { + /* + * We can return ENOENT earlier than when register the + * kprobe. + */ + trace_probe_log_err(0, BAD_PROBE_ADDR); + ret = -ENOENT; + + goto error; + } + } + trace_probe_log_set_index(0); if (event) { ret = traceprobe_parse_event_name(&event, &group, buf, @@ -1805,6 +1860,7 @@ static int unregister_kprobe_event(struct trace_kprobe *tk) }
#ifdef CONFIG_PERF_EVENTS + /* create a trace_kprobe, but don't add it to global lists */ struct trace_event_call * create_local_trace_kprobe(char *func, void *addr, unsigned long offs, @@ -1814,6 +1870,24 @@ create_local_trace_kprobe(char *func, void *addr, unsigned long offs, int ret; char *event;
+ if (func) { + unsigned int count; + + count = number_of_same_symbols(func); + if (count > 1) + /* + * Users should use addr to remove the ambiguity of + * using func only. + */ + return ERR_PTR(-EADDRNOTAVAIL); + else if (count == 0) + /* + * We can return ENOENT earlier than when register the + * kprobe. + */ + return ERR_PTR(-ENOENT); + } + /* * local trace_kprobes are not added to dyn_event, so they are never * searched in find_trace_kprobe(). Therefore, there is no concern of diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index d4a69b83902e..22c05ca97758 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -390,6 +390,7 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call, C(BAD_MAXACT, "Invalid maxactive number"), \ C(MAXACT_TOO_BIG, "Maxactive is too big"), \ C(BAD_PROBE_ADDR, "Invalid probed address or symbol"), \ + C(NON_UNIQ_SYMBOL, "The symbol is not unique"), \ C(BAD_RETPROBE, "Retprobe address must be an function entry"), \ C(BAD_ADDR_SUFFIX, "Invalid probed address suffix"), \ C(NO_GROUP_NAME, "Group name is not specified"), \
From: Andrii Nakryiko andrii@kernel.org
commit 926fe783c8a64b33997fec405cf1af3e61aed441 upstream.
Recent changes to count number of matching symbols when creating a kprobe event failed to take into account kernel modules. As such, it breaks kprobes on kernel module symbols, by assuming there is no match.
Fix this my calling module_kallsyms_on_each_symbol() in addition to kallsyms_on_each_match_symbol() to perform a proper counting.
Link: https://lore.kernel.org/all/20231027233126.2073148-1-andrii@kernel.org/
Cc: Francis Laniel flaniel@linux.microsoft.com Cc: stable@vger.kernel.org Cc: Masami Hiramatsu mhiramat@kernel.org Cc: Steven Rostedt rostedt@goodmis.org Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") Signed-off-by: Andrii Nakryiko andrii@kernel.org Acked-by: Song Liu song@kernel.org Signed-off-by: Masami Hiramatsu (Google) mhiramat@kernel.org Signed-off-by: Markus Boehme markubo@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org [Sherry: It's a fix for previous backport, thus backport together] Signed-off-by: Sherry Yang sherry.yang@oracle.com --- kernel/trace/trace_kprobe.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 91dfe8cf1ce8..ae059345ddf4 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -742,6 +742,8 @@ static unsigned int number_of_same_symbols(char *func_name)
kallsyms_on_each_symbol(count_symbols, &args);
+ module_kallsyms_on_each_symbol(count_symbols, &args); + return args.count; }
On Tue, Oct 08, 2024 at 03:29:44PM -0700, Sherry Yang wrote:
5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol") which added a new test case to check non-unique symbol. However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series.
The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one.
Should we just revert the selftest test instead? That seems simpler instead of adding a new feature to this old and obsolete kernel tree, right?
thanks,
greg k-h
On Wed, 9 Oct 2024 15:36:42 +0200 Greg KH gregkh@linuxfoundation.org wrote:
On Tue, Oct 08, 2024 at 03:29:44PM -0700, Sherry Yang wrote:
5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol") which added a new test case to check non-unique symbol. However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series.
The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one.
Should we just revert the selftest test instead? That seems simpler instead of adding a new feature to this old and obsolete kernel tree, right?
The selftest is just testing to see if the kernel has the bug. The bug is that if there's more than one function with the same name, and someone attaches a kprobe to one of them, the user doesn't know which function it is attaching to, and the kernel doesn't tell the user that it's picking some random function. This can have undesirable results.
I don't know how much this kernel is still used. But if it's supported and still taking fixes, I would consider this a fix and not a feature.
-- Steve
On Wed, Oct 09, 2024 at 03:36:42PM +0200, Greg KH wrote:
On Tue, Oct 08, 2024 at 03:29:44PM -0700, Sherry Yang wrote:
5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol") which added a new test case to check non-unique symbol. However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series.
The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one.
Should we just revert the selftest test instead? That seems simpler instead of adding a new feature to this old and obsolete kernel tree, right?
Greg, I read the cover letter the same way and asked myself the same question, but looking at the patches it's actually a fix for something that's broken on 5.10 and was just uncovered by the selftest.
I think we should take it.
On Oct 9, 2024, at 6:36 AM, Greg KH gregkh@linuxfoundation.org wrote:
On Tue, Oct 08, 2024 at 03:29:44PM -0700, Sherry Yang wrote:
5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol") which added a new test case to check non-unique symbol. However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series.
The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one.
Should we just revert the selftest test instead? That seems simpler instead of adding a new feature to this old and obsolete kernel tree, right?
Sorry about the confusion. If kprobe attaches a function which is not the user wants to attach to, I would say it’s a bug. The test case uncovers the bug, so it’s a fix.
Sherry
Hi!
Le jeudi 10 octobre 2024, 18:11:51 CEST Sherry Yang a écrit :
On Oct 9, 2024, at 6:36 AM, Greg KH gregkh@linuxfoundation.org wrote:
On Tue, Oct 08, 2024 at 03:29:44PM -0700, Sherry Yang wrote:
5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol")
which added a new test case to check non-unique symbol.
However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series.
The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one.
Should we just revert the selftest test instead? That seems simpler instead of adding a new feature to this old and obsolete kernel tree, right?
Sorry about the confusion. If kprobe attaches a function which is not the user wants to attach to, I would say it’s a bug. The test case uncovers the bug, so it’s a fix.
Sherry
Let me add a bit of context as I wrote the third patch of this set.
It all started with a problem I had when trying to trace symbol names corresponding to different functions [1]. The patch was accepted to upstream and I wanted to backport it to stables. Sadly, the patch itself was relying on other patches which were not present in some stable kernels, which leaded to various problems while releasing the new stable kernels (once again: sorry about having caused troubles here) [2]...
The current series seems to hold all the patches for the third one to work, so I guess we can now have it merged to stable without problems.
Best regards. --- [1]: https://lore.kernel.org/all/20231018130042.3430f000@gandalf.local.home/T/ [2]: https://lore.kernel.org/all/2024010402-commerce-variably-ef86@gregkh/
On Fri, Oct 11, 2024 at 01:30:28PM +0200, Francis Laniel wrote:
Hi!
Le jeudi 10 octobre 2024, 18:11:51 CEST Sherry Yang a écrit :
On Oct 9, 2024, at 6:36 AM, Greg KH gregkh@linuxfoundation.org wrote:
On Tue, Oct 08, 2024 at 03:29:44PM -0700, Sherry Yang wrote:
5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol")
which added a new test case to check non-unique symbol.
However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series.
The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one.
Should we just revert the selftest test instead? That seems simpler instead of adding a new feature to this old and obsolete kernel tree, right?
Sorry about the confusion. If kprobe attaches a function which is not the user wants to attach to, I would say it’s a bug. The test case uncovers the bug, so it’s a fix.
Sherry
Let me add a bit of context as I wrote the third patch of this set.
It all started with a problem I had when trying to trace symbol names corresponding to different functions [1]. The patch was accepted to upstream and I wanted to backport it to stables. Sadly, the patch itself was relying on other patches which were not present in some stable kernels, which leaded to various problems while releasing the new stable kernels (once again: sorry about having caused troubles here) [2]...
The current series seems to hold all the patches for the third one to work, so I guess we can now have it merged to stable without problems.
Queued up, thanks!
linux-stable-mirror@lists.linaro.org
-
Francis Laniel -
Greg KH -
Sasha Levin -
Sherry Yang -
Steven Rostedt