| Message ID | 162399999702.506599.16339931387573094059.stgit@devnote2 (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | kprobes: Fix stacktrace with kretprobes on x86 | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
* Masami Hiramatsu <mhiramat@kernel.org> wrote: > Change kretprobe_trampoline to make a space for regs->ARM_pc so that > kretprobe_trampoline_handler can call instruction_pointer_set() > safely. The idiom is "make space", but in any case, what does this mean? Was the stack frame set up in kretprobe_trampoline() and calling trampoline_handler() buggy? If yes, then explain the bad effects of the bug, and make all of this clear in the title & changelog. Thanks, Ingo
On Mon, 5 Jul 2021 10:04:41 +0200 Ingo Molnar <mingo@kernel.org> wrote: > > * Masami Hiramatsu <mhiramat@kernel.org> wrote: > > > Change kretprobe_trampoline to make a space for regs->ARM_pc so that > > kretprobe_trampoline_handler can call instruction_pointer_set() > > safely. > > The idiom is "make space", but in any case, what does this mean? Since arm's kretprobe_trampoline() saves partial pt_regs, regs->ARM_pc is not accessible (it points the caller function's stack frame). Therefore, this extends the stack frame for storing regs->ARM_pc. > > Was the stack frame set up in kretprobe_trampoline() and calling > trampoline_handler() buggy? > > If yes, then explain the bad effects of the bug, and make all of this clear > in the title & changelog. This is actually buggy from the specification viewpoint. And if the kretprobe handler sets the instruction pointer, it must be ignored, but in reallty, it breaks the stack frame (this does not happen in the ftrace/perf dynamic events, but a custom kretprobe kernel module can do this.) Thank you, > > Thanks, > > Ingo
diff --git a/arch/arm/probes/kprobes/core.c b/arch/arm/probes/kprobes/core.c index 583f6b1a2a6f..556b1560fb2c 100644 --- a/arch/arm/probes/kprobes/core.c +++ b/arch/arm/probes/kprobes/core.c @@ -374,11 +374,13 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self, void __naked __kprobes kretprobe_trampoline(void) { __asm__ __volatile__ ( + "sub sp, sp, #16 \n\t" "stmdb sp!, {r0 - r11} \n\t" "mov r0, sp \n\t" "bl trampoline_handler \n\t" "mov lr, r0 \n\t" "ldmia sp!, {r0 - r11} \n\t" + "add sp, sp, #16 \n\t" #ifdef CONFIG_THUMB2_KERNEL "bx lr \n\t" #else
Change kretprobe_trampoline to make a space for regs->ARM_pc so that kretprobe_trampoline_handler can call instruction_pointer_set() safely. Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> --- arch/arm/probes/kprobes/core.c | 2 ++ 1 file changed, 2 insertions(+)