From 40cf19078e0f5aca77bb53a17ab2913d1c58417d Mon Sep 17 00:00:00 2001
From: Javier Honduvilla Coto <javierhonduco@gmail.com>
Date: Thu, 11 Apr 2019 18:59:23 +0100
Subject: [PATCH] Ban kprobes that cause CPU deadlocks

---
 src/attached_probe.cpp      | 18 ++++++++++++++++++
 tests/runtime/banned_probes | 19 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 tests/runtime/banned_probes

diff --git a/src/attached_probe.cpp b/src/attached_probe.cpp
index f83634a..073be78 100644
--- a/src/attached_probe.cpp
+++ b/src/attached_probe.cpp
@@ -24,6 +24,15 @@
 namespace bpftrace {
 
 const int BPF_LOG_SIZE = 100 * 1024;
+/*
+ * Kernel functions that are unsafe to trace are excluded in the Kernel with
+ * `notrace`. However, the ones below are not excluded.
+ */
+const std::set<std::string> banned_kretprobes = {
+  "_raw_spin_lock", "_raw_spin_lock_irqsave", "_raw_spin_unlock_irqrestore",
+  "queued_spin_lock_slowpath",
+};
+
 
 bpf_probe_attach_type attachtype(ProbeType t)
 {
@@ -60,6 +69,12 @@ bpf_prog_type progtype(ProbeType t)
   }
 }
 
+void check_banned_kretprobes(std::string const& kprobe_name) {
+  if (banned_kretprobes.find(kprobe_name) != banned_kretprobes.end()) {
+    std::cerr << "error: kretprobe:" << kprobe_name << " can't be used as it might lock up your system." << std::endl;
+    exit(1);
+  }
+}
 
 AttachedProbe::AttachedProbe(Probe &probe, std::tuple<uint8_t *, uintptr_t> func)
   : probe_(probe), func_(func)
@@ -70,7 +85,10 @@ AttachedProbe::AttachedProbe(Probe &probe, std::tuple<uint8_t *, uintptr_t> func
   switch (probe_.type)
   {
     case ProbeType::kprobe:
+      attach_kprobe();
+      break;
     case ProbeType::kretprobe:
+      check_banned_kretprobes(probe_.attach_point);
       attach_kprobe();
       break;
     case ProbeType::uprobe:
diff --git a/tests/runtime/banned_probes b/tests/runtime/banned_probes
new file mode 100644
index 0000000..e892bd2
--- /dev/null
+++ b/tests/runtime/banned_probes
@@ -0,0 +1,19 @@
+NAME kretprobe:_raw_spin_lock is banned
+RUN bpftrace -e 'kretprobe:_raw_spin_lock { exit(); }'
+EXPECT error: kretprobe:_raw_spin_lock can't be used as it might lock up your system.
+TIMEOUT 1
+
+NAME kretprobe:queued_spin_lock_slowpath is banned
+RUN bpftrace -e 'kretprobe:queued_spin_lock_slowpath { exit(); }'
+EXPECT error: kretprobe:queued_spin_lock_slowpath can't be used as it might lock up your system.
+TIMEOUT 1
+
+NAME kretprobe:_raw_spin_unlock_irqrestore is banned
+RUN bpftrace -e 'kretprobe:_raw_spin_unlock_irqrestore { exit(); }'
+EXPECT error: kretprobe:_raw_spin_unlock_irqrestore can't be used as it might lock up your system.
+TIMEOUT 1
+
+NAME kretprobe:_raw_spin_lock_irqsave is banned
+RUN bpftrace -e 'kretprobe:_raw_spin_lock_irqsave { exit(); }'
+EXPECT error: kretprobe:_raw_spin_lock_irqsave can't be used as it might lock up your system.
+TIMEOUT 1
-- 
2.20.1