You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are 2 mm_init functions in kernel.
One in kernel/fork.c:
static struct mm_struct *mm_init(struct mm_struct *mm,
struct task_struct *p,
struct user_namespace *user_ns)
And another one in init/main.c:
static void __init mm_init(void)
The BTF data will get the first one, which is most likely
(in my case) mm_init from init/main.c without arguments.
Then in runtime when we want to attach to 'mm_init' the
kalsyms contains address of the one from kernel/fork.c.
So we have function model with no arguments and using it
to attach function with 3 arguments.. as result the trampoline
will not save function's arguments and we get crash because
trampoline changes argument registers:
BUG: unable to handle page fault for address: 0000607d87a1d558
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: 0002 [#1] SMP PTI
CPU: 6 PID: 936 Comm: systemd Not tainted 5.12.0-rc4qemu+ torvalds#191
RIP: 0010:mm_init+0x223/0x2a0
...
Call Trace:
? bpf_trampoline_6442453476_0+0x3b/0x1000
dup_mm+0x66/0x5f0
? __lock_task_sighand+0x3a/0x70
copy_process+0x17d0/0x1b50
kernel_clone+0x97/0x3c0
__do_sys_clone+0x60/0x80
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f1dc9b3201f
I think there might be more cases like this, but I don't have
an idea yet how to solve this in generic way. The rename in
this change fix it for this instance.
Signed-off-by: Jiri Olsa <[email protected]>
0 commit comments