From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 847E63858CDB; Sat, 13 May 2023 05:33:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 847E63858CDB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1683956006; bh=M/jjL6kRtXUxuGrnOdoVXmkYUdxBStGdm6K5b5snnII=; h=From:To:Subject:Date:In-Reply-To:References:From; b=UhX5KHtgQyPlgIi0MZC4g7gu2UGpF4SO05NegoW4jBL2FNKrP6OPE9LMjUmRxsXOH JX0Dxy2sERC6jrKrtFWRJv0WCiNDdxuV3rjxjhXZzrf9/dPsgXaPExK61bVNMZc9ox 3HnV3sZY4IAcl8Xg/fbSPbchxwoH4pqt6CimMqp8= From: "agentzh at gmail dot com" To: systemtap@sourceware.org Subject: [Bug runtime/30408] Always fail to read userland memory (read faults) inside perf event probes with 6.2/6.1 kernels Date: Sat, 13 May 2023 05:33:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: systemtap X-Bugzilla-Component: runtime X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: agentzh at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: systemtap at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D30408 --- Comment #4 from agentzh --- OK, I tracked it down to be the user_addr_max() macro missing since 5.18, w= hich is in the stap runtime's lookup_bad_addr_user() function. In perf event pro= be handlers, the in_task() macro always returns 0 (false). in_task() is a macro defined as ``` #define in_task() (!(in_nmi() | in_hardirq() | in_serving_softirq())) ``` And the kernels use hardirq contexts for perf events like `perf.type(1).config(0).sample(100000)`, and thus in_hardirq() returning 1. For comparison, the kernel's own bpf_probe_read_user() function does not ch= eck in_task(), in_hardirq(), or user_addr_max() (though it has another deadlock regression since 5.19 on the code path copy_from_user_nofault -> check_object_size -> find_vmap_area() around the vmap_area_lock lock, but t= hat is another story). The following patch seems to fix this for me: https://gist.github.com/agentzh/948f77381c1f1e2cb7474c22c2c17c0e So this regression really appeared since 5.18. --=20 You are receiving this mail because: You are the assignee for the bug.=