On Mon, Mar 1, 2021 at 8:51 AM Oleg Nesterov <o...@redhat.com> wrote: > > Hi Andy, > > sorry for delay. > > On 02/23, Andy Lutomirski wrote: > > > > A while back, I let myself be convinced that kprobes genuinely need to > > single-step the kernel on occasion, and I decided that this sucked but > > I could live with it. it would, however, be Really Really Nice (tm) > > if we could have a rule that anyone running x86 Linux who single-steps > > the kernel (e.g. kgdb and nothing else) gets to keep all the pieces > > when the system falls apart around them. Specifically, if we don't > > allow kernel single-stepping and if we suitably limit kernel > > instruction breakpoints (the latter isn't actually a major problem), > > then we don't really really need to use IRET to return to the kernel, > > and that means we can avoid some massive NMI nastiness. > > Not sure I understand you correctly, I know almost nothing about low-level > x86 magic. > > But I guess this has nothing to do with uprobes, they do not single-step > in kernel mode, right?
They single-step user code, though, and the code that makes this work is quite ugly. Single-stepping on x86 is a mess. > > > Uprobes seem to single-step user code for no discernable reason. > > (They want to trap after executing an out of line instruction, AFAICT. > > Surely INT3 or even CALL after the out-of-line insn would work as well > > or better.) > > Uprobes use single-step from the very beginning, probably because this > is the most simple and "standard" way to implement xol. > > And please note that CALL/JMP/etc emulation was added much later to fix the > problems with non-canonical addresses, and this emulation it still incomplete. Is there something like a uprobe test suite? How maintained / actively used is uprobe? --Andy
