596876 – s390x kprobes unregistration problem

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 596876 - s390x kprobes unregistration problem

Summary: s390x kprobes unregistration problem

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	6.0
Hardware:	s390x
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	6.0
Assignee:	Hendrik Brueckner
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	589159 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-05-27 17:06 UTC by David Smith
Modified:	2010-11-11 15:44 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-11-11 15:44:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
module makefile (111 bytes, text/plain) 2010-05-27 17:07 UTC, David Smith	no flags	Details
base module source (1.47 KB, text/plain) 2010-05-27 17:08 UTC, David Smith	no flags	Details
module header (116.35 KB, text/plain) 2010-05-27 17:08 UTC, David Smith	no flags	Details
linux-2.6.32-s390-kernel-panic-kprobes.patch (1.00 KB, text/plain) 2010-06-09 09:01 UTC, IBM Bug Proxy	no flags	Details
View All

Description David Smith 2010-05-27 17:06:39 UTC

Description of problem:

The kernel crashes when unregistering a large number of kprobes on s390x.

Version-Release number of selected component (if applicable):

kernel-2.6.32-28.el6.s390x

How reproducible:

Every time.

Steps to Reproduce:
1. build module
2. insert module
3. remove module
  
Actual results:

Output seen on console:

Process rmmod (pid: 6489, task: 000000001d220040, ksp: 000000001ecd7b00)
000000001ecd7a40 000000001ecd79c0 0000000000000002 0000000000000000
       000000001ecd7a60 000000001ecd79d8 000000001ecd79d8 00000000004aa358
       000000001fe23211 0000000000000000 0000000000000204 0000000000000020
       000000000000000d 000000000000000c 000000001ecd7a30 0000000000000000
       0000000000000000 00000000001052f0 000000001ecd79c0 000000001ecd7a00
Call Trace:
(<00000000001051f0> show_trace+0xe8/0x138)
 <00000000004aa1a6> panic+0x92/0x1f0
 <0000000000105842> die+0x16e/0x17c
 <0000000000100f96> do_no_context+0xae/0xec
 <00000000004ae086> do_protection_exception+0x2ca/0x2d8
 <0000000000118234> sysc_return+0x0/0x8
 <000000000011906e> module_free+0x36/0x4c
(<000000000011906a> module_free+0x32/0x4c)
 <00000000004b1298> collect_one_slot+0x7c/0xbc
 <00000000004b14ce> free_insn_slot+0x12a/0x130
01: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop from
 CPU 00.
 <00000000004aec50> arch_remove_kprobe+0x3c/0x50
 <00000000004b02e8> unregister_kprobes+0xa0/0xdc
 <00000000004b0356> unregister_kprobe+0x32/0x3c
 <000003c001fce0ae> kprobe_exit+0x56/0xcc kprobe_module
 <0000000000186024> SyS_delete_module+0x16c/0x274
 <0000000000118362> sysc_tracego+0xe/0x14
 <000000496897e4ae> 0x496897e4ae
00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 00000000 00111E68


Expected results:

Module removed successfully.

Additional info:

Comment 1 David Smith 2010-05-27 17:07:27 UTC

Created attachment 417312 [details]
module makefile

Comment 2 David Smith 2010-05-27 17:08:06 UTC

Created attachment 417315 [details]
base module source

Comment 3 David Smith 2010-05-27 17:08:57 UTC

Created attachment 417316 [details]
module header

Comment 4 David Smith 2010-05-27 17:10:44 UTC

Build instructions.  Put 3 attachment files in a directory.  Run the following:

# make -C /lib/modules/`uname -r`/build/ M=`pwd` modules

To duplicate the crash, do the following:

# insmod kprobe_module.ko
# rmmod kprobe_module

Comment 8 Frank Ch. Eigler 2010-05-28 20:06:56 UTC

*** Bug 589159 has been marked as a duplicate of this bug. ***

Comment 9 RHEL Program Management 2010-06-07 16:05:58 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 10 IBM Bug Proxy 2010-06-09 09:01:05 UTC

Created attachment 422478 [details]
linux-2.6.32-s390-kernel-panic-kprobes.patch


------- Comment on attachment From brueckner.ibm.com 2010-06-09 04:54 EDT-------


Description: kernel: fix kernel panic caused by using kprobes
Symptom:     A kernel panic might occur when setting numerous kprobes with
             systemtap. Further, the kernel might crash when unregistering
             a large number of kprobes on s390x.
Problem:     Currently, kprobes allows probing of (inline) functions that
             starts with the stnsm/stosm/epsw instructions.  The probed
             instructions will be executed in a single stepped and irq
             disabled context.  Therefore the results of stnsm, stosm, and
             epsw would be wrong if probed.
             Further, when unregistering numerous kprobes, the kprobe code
             calls s390x' module_free() passing a NULL pointer.  A missing
             check causes a kernel panic.
Solution:    Prohibit probing of the stnsm/stosm/epsw instructions and add
             a check to module_free() to prevent NULL pointer dereferences.

Comment 11 Hendrik Brueckner 2010-06-09 10:27:45 UTC

The patch has been posted to rhkernel by Hendrik Brueckner <brueckner>

Comment 12 Aristeu Rozanski 2010-07-01 16:22:12 UTC

Patch(es) available on kernel-2.6.32-42.el6

Comment 16 releng-rhel@redhat.com 2010-11-11 15:44:44 UTC

Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.