Bug 5083 - rmmod uprobes should be safer
Summary: rmmod uprobes should be safer
Status: RESOLVED FIXED
Alias: None
Product: systemtap
Classification: Unclassified
Component: uprobes (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-01 19:31 UTC by Jim Keniston
Modified: 2007-10-09 22:30 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jim Keniston 2007-10-01 19:31:06 UTC
When uprobes is a module, it's possible to rmmod it unsafely.  This can happen when
1) a client module has neglected to unregister all its probes; or
2) a uprobe_process object is hanging around, waiting for uretprobed functions
to return.

It either case, we can defeat the unsafe rmmod by tying the uprobes module's ref
count to the number of surviving uprobe_processes.  It's safe to rmmod uprobes
iff the number of uprobe_processes is zero.

We should handle "rmmod --wait" gracefully.  We need to be sure to avoid doing
stuff like uprobe_run_defregs() when the module is shutting down (check
module_is_live()?) due to us running uprobe_put_process().  Can
uprobes_report_signal() or uprobes_report_exit() get preempted after calling
module_put (indirectly, via uprobe_put_process()) but before they return?
Comment 1 Jim Keniston 2007-10-09 22:30:50 UTC
Fixed in Rev 1.3 of src/runtime/uprobes/uprobes.c.

Here's how to verify the fix.  Given the following user program
----- sleep15.c -----
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
static int naps = 0;
static void nap()    /* set the retprobe here */
{
        sleep(15);
}
main()
{
        printf("pid = %d &nap = %p\n", getpid(), nap);
        for (;;) {
                nap();
                printf("Nap #%d completed\n", ++naps);
        }
}
---------------------
and the following stap script
----- uprobe1.stp -----
probe begin {
        log("Probing...")
}
probe process($1).statement($2).absolute.return,
        process($1).statement($2).absolute
{
        log (pp())
}
-----------------------
do the following:

In window #1:
$ cc -o sleep15 sleep15.c
$ ./sleep15
pid = 31880 &nap = 0x80483e4
Nap #1 completed
Nap #2 completed
...

In window #2:
# stap uprobe1.stp 31880 0x80483e4
Probing...
process(31880).statement(134513636).absolute
process(31880).statement(134513636).absolute.return
process(31880).statement(134513636).absolute
...
^C
# rmmod --wait uprobes
rmmod should run until the current nap completes (see window #1),
then finish.