3541 – unsafe printk calls in hand-coded kprobe handlers

Bug 3541 - unsafe printk calls in hand-coded kprobe handlers

Summary: unsafe printk calls in hand-coded kprobe handlers

Status:	RESOLVED WONTFIX

Alias:	None

Product:	systemtap
Classification:	Unclassified
Component:	kprobes (show other bugs)
Version:	unspecified

Importance:	P2 normal
Target Milestone:	---
Assignee:	Unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-11-17 23:19 UTC by Jim Keniston
Modified:	2009-10-07 14:58 UTC (History)
CC List:	0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jim Keniston 2006-11-17 23:19:01 UTC

printk is supposed to be callable from anywhere, but various people have noted
that that's not really the case.  See, for example, bugs 1594, 1837, 1564, and
1776.  This bug report has a little more in the way of specifics on that topic.

In 1776, calling printk from a handler for a probe in activate_task yielded
oopses and/or hangs.  In that particular case, I think a deadlock is caused as
follows: activate_task -> handler -> printk -> release_console_sem [locks
logbuf_lock] -> up -> __up_wakeup -> __up -> wake_up -> __wake_up ->
__wake_up_common -> default_wake_function -> try_to_wake_up -> activate_task ->
handler -> printk [goes for logbuf_lock again].

This is not a problem for SystemTap, which doesn't emit printk calls, but it
could be for kprobes users.  Possible actions we could take include:

1) Document this type of scenario in Documentation/kprobes.txt.  I.e., a handler
for any function callable while logbuf_lock is held shouldn't call printk.

2) Push for an enhancement to printk.c -- e.g.,
a) In release_console_sem, consider releasing logbuf_lock and console_sem in
reverse order.  Unfortunately, while logbuf_lock is held there's also a call to
down_trylock, which can indirectly call wake_up_locked, so that doesn't buy us much.
b) Upon entry to printk, consider calling spin_trylock instead of spin_lock, and
print nothing (and maybe atomic_inc a miss-counter to report later) if we can't
get logbuf_lock.

Comment 1 Jim Keniston 2006-11-22 00:05:32 UTC

Since kprobes doesn't allow handlers to re-enter, the likely deadlock scenario
is anybody -> printk -> release_console_sem [locks logbuf_lock] -> up -> ... ->
try_to_wake_up -> activate_task -> handler -> printk [goes for logbuf_lock again].

Re: (2b), spin_trylock_irqsave() (which is what we want) can fail in perfectly
benign scenarios.  If it does, it's a deadlock only if printk_cpu ==
smp_processor_id().  Otherwise, just go for the lock again with spinlock_irq_save().

Comment 2 Frank Ch. Eigler 2009-04-01 17:35:56 UTC

I propose a CLOSED/WONTFIX for this one.

Comment 3 Frank Ch. Eigler 2009-10-07 14:58:52 UTC

closing, a kernel design issue rather than something in kprobes/systemtap land,
to some extent mooted by recent kernel developments