Re: kprobes broken since 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
From: Masami Hiramatsu
Date: Wed Feb 03 2021 - 08:36:45 EST
On Tue, 2 Feb 2021 16:05:13 -0500
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> On Tue, 2 Feb 2021 19:30:34 +0100
> Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> > That does mean that kprobes are then fundamentally running from
> > in_nmi(), which is what started all this.
>
> I just thought about the fact that tracing records the context of the
> function it is called in. If you set "in_nmi()" for all ftrace handlers,
> then all functions will look like they are in an NMI context during tracing.
>
> That is, the preempt count is checked to fill in the flags in the ring
> buffer that denotes what context the event (in this case the function) was
> called in.
Ah, that is what I worried about. ftrace and kprobes handler usually want to
know "what is the actual status of the system where the probe hits".
If the new kernel_exception_enter() for ftrace/kprobes or any other kernel
instrumention does
__preempt_count_add(KEX_OFFSET + NMI_OFFSET + HARDIRQ_OFFSET);
And we can distinguish the KEX from NMI, and get the original status of the context.
What would you think about?
Thank you,
--
Masami Hiramatsu <mhiramat@xxxxxxxxxx>