From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753570AbcFMEar (ORCPT <rfc822;w@1wt.eu>);
	Mon, 13 Jun 2016 00:30:47 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:43862 "EHLO
	mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
	by vger.kernel.org with ESMTP id S1750702AbcFMEap (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 13 Jun 2016 00:30:45 -0400
X-IBM-Helo: d03dlp03.boulder.ibm.com
X-IBM-MailFrom: ananth@linux.vnet.ibm.com
X-IBM-RcptTo: rostedt@goodmis.org;peterz@infradead.org;luto@kernel.org;mhiramat@kernel.org;tglx@linutronix.de;mingo@redhat.com;systemtap@sourceware.org;linux-kernel@vger.kernel.org;hpa@zytor.com
Date: Mon, 13 Jun 2016 10:00:33 +0530
From: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
To: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        "H . Peter Anvin" <hpa@zytor.com>, Andy Lutomirski <luto@kernel.org>,
        systemtap@sourceware.org, Steven Rostedt <rostedt@goodmis.org>
Subject: Re: [PATCH tip/master] [BUGFIX] kprobes/x86: Fix to clear TF bit in
 fault-on-single-stepping
Reply-To: ananth@linux.vnet.ibm.com
References: <20160611140648.25885.37482.stgit@devbox>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160611140648.25885.37482.stgit@devbox>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-TM-AS-GCONF: 00
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16061304-0008-0000-0000-000004C9C680
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 16061304-0009-0000-0000-000038532A46
Message-Id: <20160613043033.GA22985@in.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-06-13_02:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0
 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
 adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000
 definitions=main-1606130049
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Jun 11, 2016 at 11:06:53PM +0900, Masami Hiramatsu wrote:
> Fix kprobe_fault_handler to clear TF (trap flag) bit of
> flags register in the case of fault fixup on single-stepping.
> 
> If we put a kprobe on the instruction which can cause a
> page fault (e.g. actual mov instructions in copy_user_*),
> that fault happens on a single-stepping buffer. In this
> case, kprobes resets running instance so that the CPU can
> retry execution on the original ip address.
> However, current code forgets reset TF bit. Since this
> fault happens with TF bit set for enabling single-stepping,
> when it retries, it causes a debug exception and kprobes
> can not handle it because it already reset itself.
> 
> On the most of x86-64 platform, it can be easily reproduced
> by using kprobe tracer. E.g.
> 
>   # cd /sys/kernel/debug/tracing
>   # echo p copy_user_enhanced_fast_string+5 > kprobe_events
>   # echo 1 > events/kprobes/enable
> 
> And you'll see a kernel panic on do_debug(), since the debug
> trap is not handled by kprobes.
> 
> To fix this problem, we just need to clear the TF bit when
> resetting running kprobe.
> 
> Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>

Good catch!

Reviewed-by: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>