Bug 596876 - s390x kprobes unregistration problem
s390x kprobes unregistration problem
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.0
s390x Linux
high Severity medium
: rc
: 6.0
Assigned To: Hendrik Brueckner
Red Hat Kernel QE team
:
: 589159 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-27 13:06 EDT by David Smith
Modified: 2010-11-11 10:44 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-11 10:44:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
module makefile (111 bytes, text/plain)
2010-05-27 13:07 EDT, David Smith
no flags Details
base module source (1.47 KB, text/plain)
2010-05-27 13:08 EDT, David Smith
no flags Details
module header (116.35 KB, text/plain)
2010-05-27 13:08 EDT, David Smith
no flags Details
linux-2.6.32-s390-kernel-panic-kprobes.patch (1.00 KB, text/plain)
2010-06-09 05:01 EDT, IBM Bug Proxy
no flags Details

  None (edit)
Description David Smith 2010-05-27 13:06:39 EDT
Description of problem:

The kernel crashes when unregistering a large number of kprobes on s390x.

Version-Release number of selected component (if applicable):

kernel-2.6.32-28.el6.s390x

How reproducible:

Every time.

Steps to Reproduce:
1. build module
2. insert module
3. remove module
  
Actual results:

Output seen on console:

Process rmmod (pid: 6489, task: 000000001d220040, ksp: 000000001ecd7b00)
000000001ecd7a40 000000001ecd79c0 0000000000000002 0000000000000000
       000000001ecd7a60 000000001ecd79d8 000000001ecd79d8 00000000004aa358
       000000001fe23211 0000000000000000 0000000000000204 0000000000000020
       000000000000000d 000000000000000c 000000001ecd7a30 0000000000000000
       0000000000000000 00000000001052f0 000000001ecd79c0 000000001ecd7a00
Call Trace:
(<00000000001051f0> show_trace+0xe8/0x138)
 <00000000004aa1a6> panic+0x92/0x1f0
 <0000000000105842> die+0x16e/0x17c
 <0000000000100f96> do_no_context+0xae/0xec
 <00000000004ae086> do_protection_exception+0x2ca/0x2d8
 <0000000000118234> sysc_return+0x0/0x8
 <000000000011906e> module_free+0x36/0x4c
(<000000000011906a> module_free+0x32/0x4c)
 <00000000004b1298> collect_one_slot+0x7c/0xbc
 <00000000004b14ce> free_insn_slot+0x12a/0x130
01: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop from
 CPU 00.
 <00000000004aec50> arch_remove_kprobe+0x3c/0x50
 <00000000004b02e8> unregister_kprobes+0xa0/0xdc
 <00000000004b0356> unregister_kprobe+0x32/0x3c
 <000003c001fce0ae> kprobe_exit+0x56/0xcc kprobe_module
 <0000000000186024> SyS_delete_module+0x16c/0x274
 <0000000000118362> sysc_tracego+0xe/0x14
 <000000496897e4ae> 0x496897e4ae
00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 00000000 00111E68


Expected results:

Module removed successfully.

Additional info:
Comment 1 David Smith 2010-05-27 13:07:27 EDT
Created attachment 417312 [details]
module makefile
Comment 2 David Smith 2010-05-27 13:08:06 EDT
Created attachment 417315 [details]
base module source
Comment 3 David Smith 2010-05-27 13:08:57 EDT
Created attachment 417316 [details]
module header
Comment 4 David Smith 2010-05-27 13:10:44 EDT
Build instructions.  Put 3 attachment files in a directory.  Run the following:

# make -C /lib/modules/`uname -r`/build/ M=`pwd` modules

To duplicate the crash, do the following:

# insmod kprobe_module.ko
# rmmod kprobe_module
Comment 8 Frank Ch. Eigler 2010-05-28 16:06:56 EDT
*** Bug 589159 has been marked as a duplicate of this bug. ***
Comment 9 RHEL Product and Program Management 2010-06-07 12:05:58 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 10 IBM Bug Proxy 2010-06-09 05:01:05 EDT
Created attachment 422478 [details]
linux-2.6.32-s390-kernel-panic-kprobes.patch


------- Comment on attachment From brueckner@linux.vnet.ibm.com 2010-06-09 04:54 EDT-------


Description: kernel: fix kernel panic caused by using kprobes
Symptom:     A kernel panic might occur when setting numerous kprobes with
             systemtap. Further, the kernel might crash when unregistering
             a large number of kprobes on s390x.
Problem:     Currently, kprobes allows probing of (inline) functions that
             starts with the stnsm/stosm/epsw instructions.  The probed
             instructions will be executed in a single stepped and irq
             disabled context.  Therefore the results of stnsm, stosm, and
             epsw would be wrong if probed.
             Further, when unregistering numerous kprobes, the kprobe code
             calls s390x' module_free() passing a NULL pointer.  A missing
             check causes a kernel panic.
Solution:    Prohibit probing of the stnsm/stosm/epsw instructions and add
             a check to module_free() to prevent NULL pointer dereferences.
Comment 11 Hendrik Brueckner 2010-06-09 06:27:45 EDT
The patch has been posted to rhkernel by Hendrik Brueckner <brueckner@redhat.com>
Comment 12 Aristeu Rozanski 2010-07-01 12:22:12 EDT
Patch(es) available on kernel-2.6.32-42.el6
Comment 16 releng-rhel@redhat.com 2010-11-11 10:44:44 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.