linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [BUGFIX PATCH -tip 0/2] x86/kprobes: Fix bugs in resume execution code
@ 2021-02-25 12:01 Masami Hiramatsu
  2021-02-25 12:02 ` [BUGFIX PATCH -tip 1/2] x86/kprobes: Retrieve correct opcode for group instruction Masami Hiramatsu
  2021-02-25 12:02 ` [BUGFIX PATCH -tip 2/2] x86/kprobes: Identify far indirect JMP correctly Masami Hiramatsu
  0 siblings, 2 replies; 3+ messages in thread
From: Masami Hiramatsu @ 2021-02-25 12:01 UTC (permalink / raw)
  To: Ingo Molnar, Steven Rostedt
  Cc: Naveen N . Rao, Ananth N Mavinakayanahalli, linux-kernel, mhiramat, x86

Hi,

Here are 2 bugfixes I have found in set_resume_flags().

The [1/2] fixes a bug which I have introduced by commit
abd82e533d88 ("x86/kprobes: Do not decode opcode in
resume_execution()"), and [2/2] has been there in the origin
of the x86 kprobes (before 2.6.12). Anyway, [2/2] is something
like a cosmetic patch, because the original code was mis-
understanding the opcode encoding, but the result is same.

Thank you,

---

Masami Hiramatsu (2):
      x86/kprobes: Retrieve correct opcode for group instruction
      x86/kprobes: Identify far indirect JMP correctly


 arch/x86/kernel/kprobes/core.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--
Masami Hiramatsu (Linaro) <mhiramat@kernel.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [BUGFIX PATCH -tip 1/2] x86/kprobes: Retrieve correct opcode for group instruction
  2021-02-25 12:01 [BUGFIX PATCH -tip 0/2] x86/kprobes: Fix bugs in resume execution code Masami Hiramatsu
@ 2021-02-25 12:02 ` Masami Hiramatsu
  2021-02-25 12:02 ` [BUGFIX PATCH -tip 2/2] x86/kprobes: Identify far indirect JMP correctly Masami Hiramatsu
  1 sibling, 0 replies; 3+ messages in thread
From: Masami Hiramatsu @ 2021-02-25 12:02 UTC (permalink / raw)
  To: Ingo Molnar, Steven Rostedt
  Cc: Naveen N . Rao, Ananth N Mavinakayanahalli, linux-kernel, mhiramat, x86

Since the opcodes start from 0xff are group5 instruction group which is
not 2 bytes opcode but the extended opcode determined by the MOD/RM byte.

The commit abd82e533d88 ("x86/kprobes: Do not decode opcode in resume_execution()")
used insn->opcode.bytes[1], but that is not correct. We have to refer
the insn->modrm.bytes[1] instead.

Fixes: abd82e533d88 ("x86/kprobes: Do not decode opcode in resume_execution()")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
---
 arch/x86/kernel/kprobes/core.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index df776cdca327..08674e7a5d7b 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -448,7 +448,11 @@ static void set_resume_flags(struct kprobe *p, struct insn *insn)
 		break;
 #endif
 	case 0xff:
-		opcode = insn->opcode.bytes[1];
+		/*
+		 * Since the 0xff is an extended group opcode, the instruction
+		 * is determined by the MOD/RM byte.
+		 */
+		opcode = insn->modrm.bytes[0];
 		if ((opcode & 0x30) == 0x10) {
 			/*
 			 * call absolute, indirect


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [BUGFIX PATCH -tip 2/2] x86/kprobes: Identify far indirect JMP correctly
  2021-02-25 12:01 [BUGFIX PATCH -tip 0/2] x86/kprobes: Fix bugs in resume execution code Masami Hiramatsu
  2021-02-25 12:02 ` [BUGFIX PATCH -tip 1/2] x86/kprobes: Retrieve correct opcode for group instruction Masami Hiramatsu
@ 2021-02-25 12:02 ` Masami Hiramatsu
  1 sibling, 0 replies; 3+ messages in thread
From: Masami Hiramatsu @ 2021-02-25 12:02 UTC (permalink / raw)
  To: Ingo Molnar, Steven Rostedt
  Cc: Naveen N . Rao, Ananth N Mavinakayanahalli, linux-kernel, mhiramat, x86

Since Grp5 far indirect JMP is FF "mod 101 r/m", it should be
(modrm & 0x38) == 0x28, and near indirect JMP is also 0x38 == 0x20.
So we can mask modrm with 0x30 and check 0x20.
This is actually what the original code does, it also doesn't care
the last bit. So the result code is same.

Thus, I think this is just a cosmetic cleanup.

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
---
 arch/x86/kernel/kprobes/core.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index 08674e7a5d7b..be76568d57a5 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -462,8 +462,7 @@ static void set_resume_flags(struct kprobe *p, struct insn *insn)
 			p->ainsn.is_call = 1;
 			p->ainsn.is_abs_ip = 1;
 			break;
-		} else if (((opcode & 0x31) == 0x20) ||
-			   ((opcode & 0x31) == 0x21)) {
+		} else if ((opcode & 0x30) == 0x20) {
 			/*
 			 * jmp near and far, absolute indirect
 			 * ip is correct.


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-25 12:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-25 12:01 [BUGFIX PATCH -tip 0/2] x86/kprobes: Fix bugs in resume execution code Masami Hiramatsu
2021-02-25 12:02 ` [BUGFIX PATCH -tip 1/2] x86/kprobes: Retrieve correct opcode for group instruction Masami Hiramatsu
2021-02-25 12:02 ` [BUGFIX PATCH -tip 2/2] x86/kprobes: Identify far indirect JMP correctly Masami Hiramatsu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).