From: Li Huafei <lihuafei1@huawei.com>
To: <stable@vger.kernel.org>
Cc: <gregkh@linuxfoundation.org>, <mhiramat@kernel.org>,
<tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>,
<x86@kernel.org>, <hpa@zytor.com>, <sashal@kernel.org>,
<peterz@infradead.org>, <linux-kernel@vger.kernel.org>,
<xukuohai@huawei.com>, <natechancellor@gmail.com>,
<ndesaulniers@google.com>, <rostedt@goodmis.org>,
<weiyongjun1@huawei.com>, <gustavoars@kernel.org>,
<namit@vmware.com>, <laijs@linux.alibaba.com>,
<clang-built-linux@googlegroups.com>, <lihuafei1@huawei.com>
Subject: [PATCH 5.10 8/9] x86/kprobes: Update kcb status flag after singlestepping
Date: Wed, 5 Jul 2023 14:46:52 +0800 [thread overview]
Message-ID: <20230705064653.226811-9-lihuafei1@huawei.com> (raw)
In-Reply-To: <20230705064653.226811-1-lihuafei1@huawei.com>
From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
[ Upstream commit dec8784c9088b131a1523f582c2194cfc8107dc0 ]
Fix kprobes to update kcb (kprobes control block) status flag to
KPROBE_HIT_SSDONE even if the kp->post_handler is not set.
This bug may cause a kernel panic if another INT3 user runs right
after kprobes because kprobe_int3_handler() misunderstands the
INT3 is kprobe's single stepping INT3.
Fixes: 6256e668b7af ("x86/kprobes: Use int3 instead of debug trap for single-step")
Reported-by: Daniel Müller <deso@posteo.net>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Daniel Müller <deso@posteo.net>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20220727210136.jjgc3lpqeq42yr3m@muellerd-fedora-PC2BDTX9
Link: https://lore.kernel.org/r/165942025658.342061.12452378391879093249.stgit@devnote2
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
---
arch/x86/kernel/kprobes/core.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index 07f222743811..bde43592f54a 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -826,16 +826,20 @@ NOKPROBE_SYMBOL(arch_prepare_kretprobe);
static void kprobe_post_process(struct kprobe *cur, struct pt_regs *regs,
struct kprobe_ctlblk *kcb)
{
- if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
- kcb->kprobe_status = KPROBE_HIT_SSDONE;
- cur->post_handler(cur, regs, 0);
- }
-
/* Restore back the original saved kprobes variables and continue. */
- if (kcb->kprobe_status == KPROBE_REENTER)
+ if (kcb->kprobe_status == KPROBE_REENTER) {
+ /* This will restore both kcb and current_kprobe */
restore_previous_kprobe(kcb);
- else
+ } else {
+ /*
+ * Always update the kcb status because
+ * reset_curent_kprobe() doesn't update kcb.
+ */
+ kcb->kprobe_status = KPROBE_HIT_SSDONE;
+ if (cur->post_handler)
+ cur->post_handler(cur, regs, 0);
reset_current_kprobe();
+ }
}
NOKPROBE_SYMBOL(kprobe_post_process);
--
2.17.1
next prev parent reply other threads:[~2023-07-05 6:48 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-05 6:46 [PATCH 5.10 0/9] x86/kprobes: Fix kprobe debug exception handling logic Li Huafei
2023-07-05 6:46 ` [PATCH 5.10 1/9] kprobes/x86: Fix fall-through warnings for Clang Li Huafei
2023-07-05 6:46 ` [PATCH 5.10 2/9] x86/kprobes: Do not decode opcode in resume_execution() Li Huafei
2023-07-05 6:46 ` [PATCH 5.10 3/9] x86/kprobes: Retrieve correct opcode for group instruction Li Huafei
2023-07-05 6:46 ` [PATCH 5.10 4/9] x86/kprobes: Identify far indirect JMP correctly Li Huafei
2023-07-05 6:46 ` [PATCH 5.10 5/9] x86/kprobes: Use int3 instead of debug trap for single-step Li Huafei
2023-07-05 6:46 ` [PATCH 5.10 6/9] x86/kprobes: Fix to identify indirect jmp and others using range case Li Huafei
2023-07-05 6:46 ` [PATCH 5.10 7/9] x86/kprobes: Move 'inline' to the beginning of the kprobe_is_ss() declaration Li Huafei
2023-07-05 6:46 ` Li Huafei [this message]
2023-07-05 6:46 ` [PATCH 5.10 9/9] x86/kprobes: Fix JNG/JNLE emulation Li Huafei
2023-08-04 9:57 ` [PATCH 5.10 0/9] x86/kprobes: Fix kprobe debug exception handling logic Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230705064653.226811-9-lihuafei1@huawei.com \
--to=lihuafei1@huawei.com \
--cc=bp@alien8.de \
--cc=clang-built-linux@googlegroups.com \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=hpa@zytor.com \
--cc=laijs@linux.alibaba.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=namit@vmware.com \
--cc=natechancellor@gmail.com \
--cc=ndesaulniers@google.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=weiyongjun1@huawei.com \
--cc=x86@kernel.org \
--cc=xukuohai@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.