Kernel oops when using kprobes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am trying to use a kprobe module on an android platform( linux + arm ).
Even if this has no connection with my problem i've thought that i should mention that I've disabled the FTRACE support and enabled KPROBES( the proprietary drivers wont work with both FTRACE and KPROBES).

When i am trying to insert my module, i get an oops. The source of it is the next line of code:
*p->addr = KPROBE_BREAKPOINT_INSTRUCTION;
from the function arch_arm_kprobe ( arch/arm/kernel/kprobes.c ).

I suspect the reason for the oops is that the memory region is in kernel text region and is marked as read only. When trying to add the breakpoint a memory protection violation rises.
In order to test if this is the issue, i've added the next lines of code in arch_arm_kprobe:

    struct mm_struct *mm = current->mm;
    unsigned long addr = (unsigned long)p->addr;
    pgd_t *pgd; pmd_t *pmd; pte_t *pte;
    spinlock_t *ptl;

    printk(KERN_ALERT "HERE kprobe&=[%p] p->addr = [%p]",p,p->addr);
    down_read(&mm->mmap_sem);
    pgd = pgd_offset(mm, addr);
    if (!pgd_present(*pgd)) {
        printk(KERN_ALERT "BAD pgd [%p]",pgd);
        up_read(&mm->mmap_sem);       
        return;
    }
    pmd = pmd_offset(pgd, addr);
    if (!pmd_present(*pmd)) {
        printk(KERN_ALERT "BAD pmd [%p]",pmd);
        up_read(&mm->mmap_sem);       
        return;
    }
   
    pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
    printk( KERN_ALERT "PTE=[%p]",pte);

    if( !pte_present(*pte) ) {
        printk( KERN_ALERT "NOT PRESENT");
        pte_unmap_unlock(pte, ptl);
        up_read(&mm->mmap_sem);       
        return;
    }
       
    if( !pte_write(*pte) ) {
        printk( KERN_ALERT "Is not Write");
        pte_unmap_unlock(pte, ptl);       
        up_read(&mm->mmap_sem);       
        return;
    }
   
    pte_unmap_unlock(pte, ptl);   
    up_read(&mm->mmap_sem);
   
    *p->addr = KPROBE_BREAKPOINT_INSTRUCTION;
   

The branch !pte_write(*pte) was not taken. What i should try next?


<1>[   18.699348] HERE kprobe&=[bf0005a4] p->addr = [c0237524]
<1>[   18.699357] PTE=[c02198dc]
<1>[   18.699370] Unable to handle kernel paging request at virtual address c0237524
<1>[   18.699380] pgd = d52b8000
<1>[   18.699387] [c0237524] *pgd=4041940e(bad)
<0>[   18.699402] Internal error: Oops: 80d [#1] PREEMPT SMP
<0>[   18.703496] last sysfs file: /sys/devices/system/cpu/cpu0/rq-stats/def_timer_ms
<4>[   18.710788] Modules linked in: VMXProber(+)
<4>[   18.714957] CPU: 0    Not tainted  (2.6.35.11-perf #9)
<4>[   18.720086] PC is at arch_arm_kprobe+0x15c/0x1ac
<4>[   18.724679] LR is at arch_arm_kprobe+0x150/0x1ac
<4>[   18.729281] pc : [<c0738754>]    lr : [<c0738748>]    psr: 00000013
<4>[   18.729286] sp : d52b1ed0  ip : 0000731e  fp : bedfb860
<4>[   18.740736] r10: 00000001  r9 : d52b0000  r8 : d6ba5d74
<4>[   18.745944] r7 : 00000080  r6 : d6ba5d84  r5 : bf0005a4  r4 : d52b0000
<4>[   18.752456] r3 : c0237524  r2 : e7f001f8  r1 : 00000000  r0 : c083cce1
<4>[   18.758966] Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
<4>[   18.766084] Control: 10c57c7d  Table: 554b806a  DAC: 00000015
<4>[   18.771813]
<4>[   18.771815] PC: 0xc07386d4:
<4>[   18.776065] 86d4  ebffefa1 f57ff05f e5867000 f57ff04f e320f004 e5943004 e2433001 e5843004
<4>[   18.784224] 86f4  e5943000 e3130002 0a000000 ebfff20c e1a00008 e8bd47f0 eaea3e40 f57ff05f
<4>[   18.792384] 8714  e3a03000 e5863000 f57ff04f e320f004 e5943004 e2433001 e5843004 e5943000
<4>[   18.800544] 8734  e3130002 0a000000 ebfff1fd e1a00008 ebea3e32 e5953014 e59f2040 e59f0040
<4>[   18.808703] 8754  e5832000 ebffef80 e5950014 e59f3034 e2801004 e1a0e00f e593f00c e59f0028
<4>[   18.816863] 8774  e8bd47f0 eaffef78 c083cc82 c083cca6 7fe00800 c083ccb6 c083ccc2 c083ccd1
<4>[   18.825024] 8794  e7f001f8 c083cce1 c0bbcf28 c083cceb e92d4013 e5903014 e1a04000 e3130003
<4>[   18.833183] 87b4  1a000016 e59f2098 e1530002 3a000015 e59f2090 e1530002 3a000010 ea000011
<4>[   18.841343]
<4>[   18.841346] LR: 0xc07386c8:
<4>[   18.845595] 86c8  e2177080 1a00000f e59f00b8 ebffefa1 f57ff05f e5867000 f57ff04f e320f004
<4>[   18.853755] 86e8  e5943004 e2433001 e5843004 e5943000 e3130002 0a000000 ebfff20c e1a00008
<4>[   18.861915] 8708  e8bd47f0 eaea3e40 f57ff05f e3a03000 e5863000 f57ff04f e320f004 e5943004
<4>[   18.870075] 8728  e2433001 e5843004 e5943000 e3130002 0a000000 ebfff1fd e1a00008 ebea3e32
<4>[   18.878235] 8748  e5953014 e59f2040 e59f0040 e5832000 ebffef80 e5950014 e59f3034 e2801004
<4>[   18.886395] 8768  e1a0e00f e593f00c e59f0028 e8bd47f0 eaffef78 c083cc82 c083cca6 7fe00800
<4>[   18.894555] 8788  c083ccb6 c083ccc2 c083ccd1 e7f001f8 c083cce1 c0bbcf28 c083cceb e92d4013
<4>[   18.902714] 87a8  e5903014 e1a04000 e3130003 1a000016 e59f2098 e1530002 3a000015 e59f2090
<4>[   18.910874]
<4>[   18.910877] SP: 0xd52b1e50:
<4>[   18.915127] 1e50  ce07ea68 2020205b 362e3831 35333939 00205d37 000006df d52b0000 da9cd7a0
<4>[   18.923287] 1e70  bedfb860 ffffffff d52b1ebc d6ba5d84 00000080 c073792c c083cce1 00000000
<4>[   18.931447] 1e90  e7f001f8 c0237524 d52b0000 bf0005a4 d6ba5d84 00000080 d6ba5d74 d52b0000
<4>[   18.939606] 1eb0  00000001 bedfb860 0000731e d52b1ed0 c0738748 c0738754 00000013 ffffffff
<4>[   18.947766] 1ed0  00000000 bf0005a4 00000000 00000000 bf0005ac d52b0000 00000000 c073b5cc
<4>[   18.955926] 1ef0  bf0005a4 00000000 d52b1f34 c07380e0 c07381c8 d52b0000 00000001 c073b874
<4>[   18.964085] 1f10  bf000548 00000000 00000000 000251dc c0100e28 d52b0000 00000000 c073b8c8
<4>[   18.972245] 1f30  bf0005a4 bf0005a4 d52b1f34 bf003048 bf003000 00000000 d52b0000 bf003000
<4>[   18.980406]
<4>[   18.980408] R0: 0xc083cc61:
<4>[   18.984658] cc60  65747369 000a7372 68637261 6d72612f 72656b2f 2f6c656e 6f72706b 2e736562
<4>[   18.992817] cc80  313c0063 5245483e 706b2045 65626f72 255b3d26 70205d70 64613e2d 3d207264
<4>[   19.000979] cca0  70255b20 313c005d 4441423e 646d7020 70255b20 313c005d 4554503e 70255b3d
<4>[   19.009137] ccc0  313c005d 544f4e3e 45525020 544e4553 3e313c00 6e207349 5720746f 65746972
<4>[   19.017298] cce0  3e313c00 45524548 3c003220 45483e31 33204552 3e373c00 69776e75 203a646e
<4>[   19.025457] cd00  204d5241 63617473 6e75206b 646e6977 20676e69 74696e69 696c6169 0a646573
<4>[   19.033617] cd20  3e343c00 69776e75 203a646e 6e6b6e55 206e776f 626d7973 61206c6f 65726464
<4>[   19.041777] cd40  25207373 786c3830 373c000a 2873253e 6c383025 25202c78 25202c70 000a2970
<4>[   19.049936] cd60  753e343c 6e69776e 43203a64 7572726f 75207470 6e69776e 61742064 0a656c62
<4>[   19.058096]
<4>[   19.058098] R2: 0xe7f00178:
<4>[   19.062350] 0178  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.070508] 0198  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.078668] 01b8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.086828] 01d8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.094988] 01f8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.103148] 0218  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.111308] 0238  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.119468] 0258  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.127627]
<4>[   19.127630] R3: 0xc02374a4:
<4>[   19.131880] 74a4  e1a00006 e59670d4 e1a01007 ebfdb975 e3570000 1affff68 eaffff71 e1a0300d
<4>[   19.140040] 74c4  e3a05000 e3c34d7f e5885088 e3c4403f e594300c e593200c e3c22501 e583200c
<4>[   19.148200] 74e4  ebfb2b52 e594300c e59810a4 e1a00005 e59320ec e1c22001 e58320ec eaffffca
<4>[   19.156360] 7504  c0b02020 c086d39d 00200200 c0ff0f30 c102c814 c003e9ec c0b1f6f0 c0b666c0
<4>[   19.164519] 7524  e92d41f0 e1a0300d e3c34d7f e1a05000 e3c4403f e1a08001 e5943004 e2833001
<4>[   19.172679] 7544  e5843004 e3a03001 e2806d0a e1962f9f e3320000 1320f002 01862f93 03320000
<4>[   19.180838] 7564  1afffff9 f57ff05f e2807f7a e3a01010 e1a00007 eb051e80 f57ff04f e3a02010
<4>[   19.188999] 7584  e1a00007 e1a01008 eb053b14 f57ff05f e3a03000 e5863000 f57ff04f e320f004
<4>[   19.197158]
<4>[   19.197161] R4: 0xd52aff80:
<4>[   19.201411] ff80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.209572] ffa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.217731] ffc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.225891] ffe0  00000000 00000000 00000000 00000000 58ce75df 5838551f 00000000 00000000
<4>[   19.234050] 0000  00000000 00000002 00000000 dfa39040 c0b6342c 00000000 00000017 ce0800c0
<4>[   19.242210] 0020  d52b0000 dfa39040 dfc7d860 d6ba5d40 dfb29380 00000000 d52b1e3c d52b1df0
<4>[   19.250370] 0040  c0734bec 00000000 00000000 00000000 00000000 00000000 01000000 00000000
<4>[   19.258529] 0060  afd4d49c 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.266690]
<4>[   19.266693] R6: 0xd6ba5d04:
<4>[   19.270944] 5d04  55555555 55555555 55555555 55555555 55555551 55555555 55555155 55555555
<4>[   19.279102] 5d24  55555555 55555555 55555555 55555555 55555555 55555555 55555555 d5298dc0
<4>[   19.287263] 5d44  d5298b74 da91ab00 c010c8e0 c021b694 40000000 bf000000 00000000 4002f000
<4>[   19.295422] 5d64  d52b8000 00000001 00000001 00000016 00000000 00000000 d6ba5d7c d6ba5d7c
<4>[   19.303582] 5d84  00000000 d6ba5d88 d6ba5d88 0000003f 000000df 00000106 00000000 00000093
<4>[   19.311742] 5da4  00000082 00000022 00000000 00000000 00000007 00008000 0001a9d4 0001b000
<4>[   19.319902] 5dc4  0001b938 00021000 00021000 bedfbcc0 bedfbdb1 bedfbdd0 bedfbdd0 bedfbfe9
<4>[   19.328061] 5de4  00000010 000030d7 00000006 00001000 00000011 00000064 00000003 00008034
<4>[   19.336221]
<4>[   19.336224] R8: 0xd6ba5cf4:
<4>[   19.340474] 5cf4  55555551 55555555 55555555 55555555 55555555 55555555 55555555 55555555
<4>[   19.348634] 5d14  55555551 55555555 55555155 55555555 55555555 55555555 55555555 55555555
<4>[   19.356793] 5d34  55555555 55555555 55555555 d5298dc0 d5298b74 da91ab00 c010c8e0 c021b694
<4>[   19.364953] 5d54  40000000 bf000000 00000000 4002f000 d52b8000 00000001 00000001 00000016
<4>[   19.373114] 5d74  00000000 00000000 d6ba5d7c d6ba5d7c 00000000 d6ba5d88 d6ba5d88 0000003f
<4>[   19.381273] 5d94  000000df 00000106 00000000 00000093 00000082 00000022 00000000 00000000
<4>[   19.389432] 5db4  00000007 00008000 0001a9d4 0001b000 0001b938 00021000 00021000 bedfbcc0
<4>[   19.397592] 5dd4  bedfbdb1 bedfbdd0 bedfbdd0 bedfbfe9 00000010 000030d7 00000006 00001000
<4>[   19.405752]
<4>[   19.405755] R9: 0xd52aff80:
<4>[   19.410006] ff80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.418165] ffa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.426324] ffc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<4>[   19.434484] ffe0  00000000 00000000 00000000 00000000 58ce75df 5838551f 00000000 00000000
<4>[   19.442644] 0000  00000000 00000002 00000000 dfa39040 c0b6342c 00000000 00000017 ce0800c0
<4>[   19.450804] 0020  d52b0000 dfa39040 dfc7d860 d6ba5d40 dfb29380 00000000 d52b1e3c d52b1df0
<4>[   19.458964] 0040  c0734bec 00000000 00000000 00000000 00000000 00000000 01000000 00000000
<4>[   19.467124] 0060  afd4d49c 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>[   19.475286] Process insmod (pid: 590, stack limit = 0xd52b02f0)
<0>[   19.481188] Stack: (0xd52b1ed0 to 0xd52b2000)
<0>[   19.485530] 1ec0:                                     00000000 bf0005a4 00000000 00000000
<0>[   19.493691] 1ee0: bf0005ac d52b0000 00000000 c073b5cc bf0005a4 00000000 d52b1f34 c07380e0
<0>[   19.501851] 1f00: c07381c8 d52b0000 00000001 c073b874 bf000548 00000000 00000000 000251dc
<0>[   19.510011] 1f20: c0100e28 d52b0000 00000000 c073b8c8 bf0005a4 bf0005a4 d52b1f34 bf003048
<0>[   19.518170] 1f40: bf003000 00000000 d52b0000 bf003000 00000000 c01006c8 00000000 00000001
<0>[   19.526330] 1f60: bf0006e8 00000000 bedfb85c bf0006e8 00000000 bedfb85c 000251dc c0100e28
<0>[   19.534490] 1f80: d52b0000 c01dc998 40009008 000251dc bedfb85c 0001b6dc bedfb85c 00000000
<0>[   19.542650] 1fa0: 00000080 c0100c80 0001b6dc bedfb85c 40009008 000251dc bedfb85c 00000001
<0>[   19.550810] 1fc0: 0001b6dc bedfb85c 00000000 00000080 bedfbdb1 00000002 40009008 bedfb860
<0>[   19.558970] 1fe0: 0001b7c0 bedfb840 0000bf8d afd0c4fc a0000010 40009008 9eeaaaa2 a82aaaaa
<4>[   19.567141] [<c0738754>] (arch_arm_kprobe+0x15c/0x1ac) from [<c073b5cc>] (register_kprobe+0x50c/0x5ac)
<4>[   19.576420] [<c073b5cc>] (register_kprobe+0x50c/0x5ac) from [<c073b874>] (register_jprobes+0x4c/0x88)
<4>[   19.585622] [<c073b874>] (register_jprobes+0x4c/0x88) from [<c073b8c8>] (register_jprobe+0x18/0x1c)
<4>[   19.594656] [<c073b8c8>] (register_jprobe+0x18/0x1c) from [<bf003048>] (prober_module_init+0x48/0x1bc [VMXProber])
<4>[   19.604986] [<bf003048>] (prober_module_init+0x48/0x1bc [VMXProber]) from [<c01006c8>] (do_one_initcall+0x5c/0x1b8)
<4>[   19.615403] [<c01006c8>] (do_one_initcall+0x5c/0x1b8) from [<c01dc998>] (sys_init_module+0x90/0x1ac)
<4>[   19.624511] [<c01dc998>] (sys_init_module+0x90/0x1ac) from [<c0100c80>] (ret_fast_syscall+0x0/0x30)
<0>[   19.633536] Code: ebea3e32 e5953014 e59f2040 e59f0040 (e5832000)


Any ideas how to debug/solve this issue would be great.

Thank you,
Sorin

PS: For a moment i thought that maybe i was trying to access a swapped page while holding a lock, but that memory region is in kernel text region so it should not be swapped.
PPS: I don't know if i provided enough informations. If it's the case, please let me know what else i should specify. Thanks again
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux