| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Nov 2022 15:52:23 +0100
From: Solar Designer <solar@...nwall.com>
To: wuqiang <wuqiang.matt@...edance.com>
Cc: mhiramat@...nel.org, davem@...emloft.net,
anil.s.keshavamurthy@...el.com, naveen.n.rao@...ux.ibm.com,
linux-kernel@...r.kernel.org, mattwu@....com,
Adam Zabrocki <pi3@....com.pl>
Subject: Re: [PATCH v2] kprobes: kretprobe events missing on 2-core KVM guest
On Thu, Nov 10, 2022 at 04:15:02PM +0800, wuqiang wrote:
> Default value of maxactive is set as num_possible_cpus() for nonpreemptable
> systems. For a 2-core system, only 2 kretprobe instances would be allocated
> in default, then these 2 instances for execve kretprobe are very likely to
> be used up with a pipelined command.
>
> Here's the testcase: a shell script was added to crontab, and the content
> of the script is:
>
> #!/bin/sh
> do_something_magic `tr -dc a-z < /dev/urandom | head -c 10`
>
> cron will trigger a series of program executions (4 times every hour). Then
> events loss would be noticed normally after 3-4 hours of testings.
>
> The issue is caused by a burst of series of execve requests. The best number
> of kretprobe instances could be different case by case, and should be user's
> duty to determine, but num_possible_cpus() as the default value is inadequate
> especially for systems with small number of cpus.
>
> This patch enables the logic for preemption as default, thus increases the
> minimum of maxactive to 10 for nonpreemptable systems.
>
> Signed-off-by: wuqiang <wuqiang.matt@...edance.com>
Reviewed-by: Solar Designer <solar@...nwall.com>
Thank you!
> ---
> Documentation/trace/kprobes.rst | 3 +--
> kernel/kprobes.c | 10 +++-------
> 2 files changed, 4 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/trace/kprobes.rst b/Documentation/trace/kprobes.rst
> index 48cf778a2468..fc7ce76eab65 100644
> --- a/Documentation/trace/kprobes.rst
> +++ b/Documentation/trace/kprobes.rst
> @@ -131,8 +131,7 @@ For example, if the function is non-recursive and is called with a
> spinlock held, maxactive = 1 should be enough. If the function is
> non-recursive and can never relinquish the CPU (e.g., via a semaphore
> or preemption), NR_CPUS should be enough. If maxactive <= 0, it is
> -set to a default value. If CONFIG_PREEMPT is enabled, the default
> -is max(10, 2*NR_CPUS). Otherwise, the default is NR_CPUS.
> +set to a default value: max(10, 2*NR_CPUS).
>
> It's not a disaster if you set maxactive too low; you'll just miss
> some probes. In the kretprobe struct, the nmissed field is set to
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index a8b202f87e2d..1e80bddf2654 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -2212,11 +2212,7 @@ int register_kretprobe(struct kretprobe *rp)
> rp->kp.post_handler = NULL;
>
> /* Pre-allocate memory for max kretprobe instances */
> - if (rp->maxactive <= 0) {
> -#ifdef CONFIG_PREEMPTION
> + if (rp->maxactive <= 0)
> rp->maxactive = max_t(unsigned int, 10, 2*num_possible_cpus());
> -#else
> - rp->maxactive = num_possible_cpus();
> -#endif
> - }
> +
> #ifdef CONFIG_KRETPROBE_ON_RETHOOK
> --
> 2.34.1
Alexander
Powered by blists - more mailing lists