|
 |
05649e |
From 40cf19078e0f5aca77bb53a17ab2913d1c58417d Mon Sep 17 00:00:00 2001
|
|
|
05649e |
From: Javier Honduvilla Coto <javierhonduco@gmail.com>
|
|
|
05649e |
Date: Thu, 11 Apr 2019 18:59:23 +0100
|
|
|
05649e |
Subject: [PATCH] Ban kprobes that cause CPU deadlocks
|
|
|
05649e |
|
|
|
05649e |
---
|
|
|
05649e |
src/attached_probe.cpp | 18 ++++++++++++++++++
|
|
|
05649e |
tests/runtime/banned_probes | 19 +++++++++++++++++++
|
|
|
05649e |
2 files changed, 37 insertions(+)
|
|
|
05649e |
create mode 100644 tests/runtime/banned_probes
|
|
|
05649e |
|
|
|
05649e |
diff --git a/src/attached_probe.cpp b/src/attached_probe.cpp
|
|
|
05649e |
index f83634a..073be78 100644
|
|
|
05649e |
--- a/src/attached_probe.cpp
|
|
|
05649e |
+++ b/src/attached_probe.cpp
|
|
|
05649e |
@@ -24,6 +24,15 @@
|
|
|
05649e |
namespace bpftrace {
|
|
|
05649e |
|
|
|
05649e |
const int BPF_LOG_SIZE = 100 * 1024;
|
|
|
05649e |
+/*
|
|
|
05649e |
+ * Kernel functions that are unsafe to trace are excluded in the Kernel with
|
|
|
05649e |
+ * `notrace`. However, the ones below are not excluded.
|
|
|
05649e |
+ */
|
|
|
05649e |
+const std::set<std::string> banned_kretprobes = {
|
|
|
05649e |
+ "_raw_spin_lock", "_raw_spin_lock_irqsave", "_raw_spin_unlock_irqrestore",
|
|
|
05649e |
+ "queued_spin_lock_slowpath",
|
|
|
05649e |
+};
|
|
|
05649e |
+
|
|
|
05649e |
|
|
|
05649e |
bpf_probe_attach_type attachtype(ProbeType t)
|
|
|
05649e |
{
|
|
|
05649e |
@@ -60,6 +69,12 @@ bpf_prog_type progtype(ProbeType t)
|
|
|
05649e |
}
|
|
|
05649e |
}
|
|
|
05649e |
|
|
|
05649e |
+void check_banned_kretprobes(std::string const& kprobe_name) {
|
|
|
05649e |
+ if (banned_kretprobes.find(kprobe_name) != banned_kretprobes.end()) {
|
|
|
05649e |
+ std::cerr << "error: kretprobe:" << kprobe_name << " can't be used as it might lock up your system." << std::endl;
|
|
|
05649e |
+ exit(1);
|
|
|
05649e |
+ }
|
|
|
05649e |
+}
|
|
|
05649e |
|
|
|
05649e |
AttachedProbe::AttachedProbe(Probe &probe, std::tuple<uint8_t *, uintptr_t> func)
|
|
|
05649e |
: probe_(probe), func_(func)
|
|
|
05649e |
@@ -70,7 +85,10 @@ AttachedProbe::AttachedProbe(Probe &probe, std::tuple<uint8_t *, uintptr_t> func
|
|
|
05649e |
switch (probe_.type)
|
|
|
05649e |
{
|
|
|
05649e |
case ProbeType::kprobe:
|
|
|
05649e |
+ attach_kprobe();
|
|
|
05649e |
+ break;
|
|
|
05649e |
case ProbeType::kretprobe:
|
|
|
05649e |
+ check_banned_kretprobes(probe_.attach_point);
|
|
|
05649e |
attach_kprobe();
|
|
|
05649e |
break;
|
|
|
05649e |
case ProbeType::uprobe:
|
|
|
05649e |
diff --git a/tests/runtime/banned_probes b/tests/runtime/banned_probes
|
|
|
05649e |
new file mode 100644
|
|
|
05649e |
index 0000000..e892bd2
|
|
|
05649e |
--- /dev/null
|
|
|
05649e |
+++ b/tests/runtime/banned_probes
|
|
|
05649e |
@@ -0,0 +1,19 @@
|
|
|
05649e |
+NAME kretprobe:_raw_spin_lock is banned
|
|
|
05649e |
+RUN bpftrace -e 'kretprobe:_raw_spin_lock { exit(); }'
|
|
|
05649e |
+EXPECT error: kretprobe:_raw_spin_lock can't be used as it might lock up your system.
|
|
|
05649e |
+TIMEOUT 1
|
|
|
05649e |
+
|
|
|
05649e |
+NAME kretprobe:queued_spin_lock_slowpath is banned
|
|
|
05649e |
+RUN bpftrace -e 'kretprobe:queued_spin_lock_slowpath { exit(); }'
|
|
|
05649e |
+EXPECT error: kretprobe:queued_spin_lock_slowpath can't be used as it might lock up your system.
|
|
|
05649e |
+TIMEOUT 1
|
|
|
05649e |
+
|
|
|
05649e |
+NAME kretprobe:_raw_spin_unlock_irqrestore is banned
|
|
|
05649e |
+RUN bpftrace -e 'kretprobe:_raw_spin_unlock_irqrestore { exit(); }'
|
|
|
05649e |
+EXPECT error: kretprobe:_raw_spin_unlock_irqrestore can't be used as it might lock up your system.
|
|
|
05649e |
+TIMEOUT 1
|
|
|
05649e |
+
|
|
|
05649e |
+NAME kretprobe:_raw_spin_lock_irqsave is banned
|
|
|
05649e |
+RUN bpftrace -e 'kretprobe:_raw_spin_lock_irqsave { exit(); }'
|
|
|
05649e |
+EXPECT error: kretprobe:_raw_spin_lock_irqsave can't be used as it might lock up your system.
|
|
|
05649e |
+TIMEOUT 1
|
|
|
05649e |
--
|
|
|
05649e |
2.20.1
|
|
|
05649e |
|