* RE: [Bug translator/1276] support more timer varieties
@ 2005-12-08 2:40 Stone, Joshua I
2005-12-15 8:21 ` kretprobes vs __switch_to Roland McGrath
0 siblings, 1 reply; 2+ messages in thread
From: Stone, Joshua I @ 2005-12-08 2:40 UTC (permalink / raw)
To: systemtap
Stone, Joshua I wrote:
> When I was writing the test script, I did find a couple of probes that
> failed, but it was unrelated to "current" dereferencing. I will
> follow up in another email...
As promised, here they are. I tried these with very simple probe bodies
(increment a global number), so I know the crashes have nothing to do
with "current" dereferencing.
The first one that failed on me was 'kernel.inline("get_current")'. I
figured this would be a dangerous one, but I wanted to try it. This
matched 2710 locations for me, and probably a lot of them are in
critical locations. When I ran this, I got "NMI Watchdog detected
LOCKUP". It probably isn't worth trying to make this one work, but if
we have a blacklist, this should be on it.
The second one that failed was 'kernel.function("__switch_to").return'.
This one is a problem with kretprobes only, as all of my other probes in
__switch_to behaved just fine, even in the middle of the function.
Running this gave "Kernel BUG at kprobes:449" (the full dump is included
below). The line mentioned is in trampoline_probe_handler:
BUG_ON(!orig_ret_address || (orig_ret_address ==
trampoline_address));
It seems pretty obvious that the actions taken in __switch_to would
conflict with the way the trampoline works. I don't know if it's
possible to make kretprobes work on this function - if not, it should be
blacklisted.
Josh
crashdump from kernel.function("__switch_to").return
===================================================================
Kernel BUG at kprobes:449
invalid operand: 0000 [1] SMP
CPU 1
Modules linked in: stap_4037(U) nfsd exportfs lockd md5 ipv6
parport_pc lp parport autofs4 i2c_dev i2c_core smbfs sunrpc ds
yenta_socket pcmcia_core ipt_REJECT ipt_state ip_conntrack
iptable_filter ip_tables dm_mirror dm_mod button battery ac
joydev uhci_hcd ehci_hcd shpchp hw_random ata_piix snd_azx
snd_hda_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd
soundcore snd_page_alloc sk98lin(U) floppy ext3 jbd ahci libata
sd_mod scsi_mod
Pid: 4006, comm: sshd Tainted: GF 2.6.9-22.ELsmp
RIP: 0010:[<ffffffff80121809>]
<ffffffff80121809>{trampoline_probe_handler+130}
RSP: 0018:0000010071d81b28 EFLAGS: 00010002
RAX: 0000000000000001 RBX: 000001007f9d4600 RCX: ffffffffa0000000
RDX: 0000000000000001 RSI: 0000010071d81bf8 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000010037e14000 R09: 0000000000000003
R10: 00000000000000ff R11: 0000000000000003 R12: 0000000000000000
R13: 0000010071d81bf8 R14: 0000000000000000 R15: 0000010002c1a5e0
FS: 0000002a96a33280(0000) GS:ffffffff804d3180(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 000000383c38f070 CR3: 0000000037e18000 CR4: 00000000000006e0
Process sshd (pid: 4006, threadinfo 0000010071d80000, task
0000010076dc3030)
Stack: ffffffff803d16a0 ffffffff803d16a0 ffffffff80121785
0000010071d81bf8
ffffffff80121786 ffffffff80121751 ffffffff803db140
0000010071d81bb8
0000000000000002 0000010076dc3030
Call Trace:
<ffffffff80121785>{kretprobe_trampoline+0}
<ffffffff80121786>{kretprobe_trampoline+1}
<ffffffff80121751>{kprobe_handler+559}
<ffffffff80121a27>{kprobe_exceptions_notify+40}
<ffffffff801432fb>{notifier_call_chain+31}
<ffffffff80112460>{do_int3+66}
<ffffffff80110aed>{error_exit+0}
<ffffffff80121786>{kretprobe_trampoline+1}
<ffffffff80121785>{kretprobe_trampoline+0}
<ffffffff80222bad>{tty_ldisc_try+60}
<ffffffff80303924>{schedule_timeout+101}
<ffffffff80222ce0>{tty_ldisc_deref+103}
<ffffffff8018902b>{do_select+939}
<ffffffff80188bc5>{__pollwait+0}
<ffffffff801893aa>{sys_select+820}
<ffffffff801908fc>{dnotify_parent+34}
<ffffffff80110052>{system_call+126}
Code: 0f 0b 64 b8 31 80 ff ff ff ff c1 01 49 89 ad 80 00 00 00 e8
RIP <ffffffff80121809>{trampoline_probe_handler+130} RSP
<0000010071d81b28>
^ permalink raw reply [flat|nested] 2+ messages in thread
* kretprobes vs __switch_to
2005-12-08 2:40 [Bug translator/1276] support more timer varieties Stone, Joshua I
@ 2005-12-15 8:21 ` Roland McGrath
0 siblings, 0 replies; 2+ messages in thread
From: Roland McGrath @ 2005-12-15 8:21 UTC (permalink / raw)
To: Stone, Joshua I; +Cc: systemtap
> The second one that failed was 'kernel.function("__switch_to").return'.
> This one is a problem with kretprobes only, as all of my other probes in
> __switch_to behaved just fine, even in the middle of the function.
> Running this gave "Kernel BUG at kprobes:449" (the full dump is included
> below). The line mentioned is in trampoline_probe_handler:
>
> BUG_ON(!orig_ret_address || (orig_ret_address ==
> trampoline_address));
>
> It seems pretty obvious that the actions taken in __switch_to would
> conflict with the way the trampoline works. I don't know if it's
> possible to make kretprobes work on this function - if not, it should be
> blacklisted.
It's not clear to me why this fails. It's actually some assembly code in
the switch_to macro (used in context_switch) that changes stacks, before it
calls __switch_to. __switch_to is entered on the new stack and it seems to
me that kretprobes ought to be able to handle it normally. Clearly I'm
missing something.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-12-15 7:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-12-08 2:40 [Bug translator/1276] support more timer varieties Stone, Joshua I
2005-12-15 8:21 ` kretprobes vs __switch_to Roland McGrath
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).