From patchwork Mon May 18 12:59:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fredrik Strupe X-Patchwork-Id: 11555405 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 78F2190 for ; Mon, 18 May 2020 13:02:37 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5655C207D3 for ; Mon, 18 May 2020 13:02:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HKiiqpcH" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5655C207D3 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=strupe.net Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=uDY98k/TLZsszJ6+zpjanTbqBofSLI/lB1gjlEds2+o=; b=HKiiqpcHB+RPXu LP/oZUCm0oKdx899tHKMyAjKr7MmiakIgOHENqp5QA0bUEFLehZEIZN+IjVR3chblsKKdGg/xOQOQ HO3wXgjBesOBXFDp3/HsA1Be6PO7FAixWu2kMfyjIPjaddNsZX3GPRHRng8V6+pUeJt256hj73Q5Z GhBCKBrj9Jy10pHbjTTSJ02NU0uWAJ6Cxy16El0xW9kOQYiBU/IaTARdXy76IsqFX0BMc1MSEzAce yjI7dlwh5plN5QHS644/0rVD7VG1gqLURCvphbTkMkWO1YKrV59WmqE3PagLEZBTcNJnmW87HhSTJ mSIlOMHT5TpvVCWEPzBw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jafPQ-0001WF-O8; Mon, 18 May 2020 13:02:20 +0000 Received: from relay6-d.mail.gandi.net ([217.70.183.198]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jafPM-0001Fn-4J for linux-arm-kernel@lists.infradead.org; Mon, 18 May 2020 13:02:19 +0000 X-Originating-IP: 84.210.220.251 Received: from consensus.lan (cm-84.210.220.251.getinternet.no [84.210.220.251]) (Authenticated sender: fredrik@strupe.net) by relay6-d.mail.gandi.net (Postfix) with ESMTPSA id 31480C0010; Mon, 18 May 2020 13:01:58 +0000 (UTC) From: Fredrik Strupe To: Russell King , Rabin Vincent , "David A . Long" , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH] arm: uprobes: Don't hook on thumb instructions Date: Mon, 18 May 2020 14:59:48 +0200 Message-Id: <20200518125948.25315-1-fredrik@strupe.net> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200518_060216_344809_61467EFB X-CRM114-Status: GOOD ( 12.03 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.4 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [217.70.183.198 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fredrik Strupe Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Since uprobes is not supported for thumb, check that the thumb bit is not set when matching the uprobes instruction hooks. The Arm UDF instructions used for uprobes triggering (UPROBE_SWBP_ARM_INSN and UPROBE_SS_ARM_INSN) coincidentally share the same encoding as a pair of unallocated 32-bit thumb instructions (not UDF) when the condition code is 0b1111 (0xf). This in effect makes it possible to trigger the uprobes functionality from thumb, and at that using two unallocated instructions which are not permanently undefined. Signed-off-by: Fredrik Strupe Fixes: c7edc9e326d5 ("ARM: add uprobes support") --- arch/arm/probes/uprobes/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/probes/uprobes/core.c b/arch/arm/probes/uprobes/core.c index c4b49b322e8a..f5f790c6e5f8 100644 --- a/arch/arm/probes/uprobes/core.c +++ b/arch/arm/probes/uprobes/core.c @@ -204,7 +204,7 @@ unsigned long uprobe_get_swbp_addr(struct pt_regs *regs) static struct undef_hook uprobes_arm_break_hook = { .instr_mask = 0x0fffffff, .instr_val = (UPROBE_SWBP_ARM_INSN & 0x0fffffff), - .cpsr_mask = MODE_MASK, + .cpsr_mask = (PSR_T_BIT | MODE_MASK), .cpsr_val = USR_MODE, .fn = uprobe_trap_handler, }; @@ -212,7 +212,7 @@ static struct undef_hook uprobes_arm_break_hook = { static struct undef_hook uprobes_arm_ss_hook = { .instr_mask = 0x0fffffff, .instr_val = (UPROBE_SS_ARM_INSN & 0x0fffffff), - .cpsr_mask = MODE_MASK, + .cpsr_mask = (PSR_T_BIT | MODE_MASK), .cpsr_val = USR_MODE, .fn = uprobe_trap_handler, };