On Sun, Jun 12, 2022 at 09:30:41PM +0900, Masami Hiramatsu wrote: > On Wed, 8 Jun 2022 11:19:19 -0700 > Song Liu <song@xxxxxxxxxx> wrote: > > > On Wed, Jun 8, 2022 at 9:28 AM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > > > > > Hello Jarkko, > > > > > > On Wed, 8 Jun 2022 at 02:02, Jarkko Sakkinen <jarkko@xxxxxxxxxxx> wrote: > > > > > > > > Tracing with kprobes while running a monolithic kernel is currently > > > > impossible because CONFIG_KPROBES is dependent of CONFIG_MODULES. This > > > > dependency is a result of kprobes code using the module allocator for the > > > > trampoline code. > > > > > > > > Detaching kprobes from modules helps to squeeze down the user space, > > > > e.g. when developing new core kernel features, while still having all > > > > the nice tracing capabilities. > > > > > > > > For kernel/ and arch/*, move module_alloc() and module_memfree() to > > > > module_alloc.c, and compile as part of vmlinux when either CONFIG_MODULES > > > > or CONFIG_KPROBES is enabled. In addition, flag kernel module specific > > > > code with CONFIG_MODULES. > > > > > > > > As the result, kprobes can be used with a monolithic kernel. > > > > > > I think I may have mentioned this the previous time as well, but I > > > don't think this is the right approach. > > > > > > Kprobes uses alloc_insn_page() to allocate executable memory, but the > > > requirements for this memory are radically different compared to > > > loadable modules, which need to be within an arch-specific distance of > > > the core kernel, need KASAN backing etc etc. > > > > I think the distance of core kernel requirement is the same for kprobe > > alloc_insn_page and modules, no? > > This strongly depends on how kprobes (software breakpoint and > single-step) is implemented on the arch. For example, x86 implements > the so-called "kprobe-booster" which jumps back from the single > stepping trampoline buffer. Then the buffer address must be within > the range where it can jump to the original address. > However, if the arch implements single-step as an instruction > emulation, it has no such limitation. As far as I know, arm64 > will do emulation for the instructions which change PC register > and will do direct execution with another software breakpoint > for other instructions. > > Why I'm using module_alloc() for a generic function, is that > can cover the limitation most widely. > Thus, if we have CONFIG_ARCH_HAVE_ALLOC_INSN_PAGE flag and > kprobes can check it instead of using __weak function, the > kprobes may not need to depend on module_alloc() in general. OK, I guess this is what Luis meant. I'll try to carve up something based on this. BR, Jarkko
