Skip to content

Commit 3b84efc

Browse files
mhiramatwilldeacon
authored andcommitted
arm64: kprobes: Return DBG_HOOK_ERROR if kprobes can not handle a BRK
Return DBG_HOOK_ERROR if kprobes can not handle a BRK because it fails to find a kprobe corresponding to the address. Since arm64 kprobes uses stop_machine based text patching for removing BRK, it ensures all running kprobe_break_handler() is done at that point. And after removing the BRK, it removes the kprobe from its hash list. Thus, if the kprobe_break_handler() fails to find kprobe from hash list, there is a bug. Signed-off-by: Masami Hiramatsu (Google) <[email protected]> Acked-by: Mark Rutland <[email protected]> Link: https://lore.kernel.org/r/166994753273.439920.6629626290560350760.stgit@devnote3 Signed-off-by: Will Deacon <[email protected]>
1 parent 30a4215 commit 3b84efc

File tree

1 file changed

+36
-42
lines changed

1 file changed

+36
-42
lines changed

arch/arm64/kernel/probes/kprobes.c

Lines changed: 36 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -298,7 +298,8 @@ int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int fsr)
298298
return 0;
299299
}
300300

301-
static void __kprobes kprobe_handler(struct pt_regs *regs)
301+
static int __kprobes
302+
kprobe_breakpoint_handler(struct pt_regs *regs, unsigned long esr)
302303
{
303304
struct kprobe *p, *cur_kprobe;
304305
struct kprobe_ctlblk *kcb;
@@ -308,39 +309,44 @@ static void __kprobes kprobe_handler(struct pt_regs *regs)
308309
cur_kprobe = kprobe_running();
309310

310311
p = get_kprobe((kprobe_opcode_t *) addr);
312+
if (WARN_ON_ONCE(!p)) {
313+
/*
314+
* Something went wrong. This BRK used an immediate reserved
315+
* for kprobes, but we couldn't find any corresponding probe.
316+
*/
317+
return DBG_HOOK_ERROR;
318+
}
311319

312-
if (p) {
313-
if (cur_kprobe) {
314-
if (reenter_kprobe(p, regs, kcb))
315-
return;
316-
} else {
317-
/* Probe hit */
318-
set_current_kprobe(p);
319-
kcb->kprobe_status = KPROBE_HIT_ACTIVE;
320-
321-
/*
322-
* If we have no pre-handler or it returned 0, we
323-
* continue with normal processing. If we have a
324-
* pre-handler and it returned non-zero, it will
325-
* modify the execution path and no need to single
326-
* stepping. Let's just reset current kprobe and exit.
327-
*/
328-
if (!p->pre_handler || !p->pre_handler(p, regs)) {
329-
setup_singlestep(p, regs, kcb, 0);
330-
} else
331-
reset_current_kprobe();
332-
}
320+
if (cur_kprobe) {
321+
/* Hit a kprobe inside another kprobe */
322+
if (!reenter_kprobe(p, regs, kcb))
323+
return DBG_HOOK_ERROR;
324+
} else {
325+
/* Probe hit */
326+
set_current_kprobe(p);
327+
kcb->kprobe_status = KPROBE_HIT_ACTIVE;
328+
329+
/*
330+
* If we have no pre-handler or it returned 0, we
331+
* continue with normal processing. If we have a
332+
* pre-handler and it returned non-zero, it will
333+
* modify the execution path and not need to single-step
334+
* Let's just reset current kprobe and exit.
335+
*/
336+
if (!p->pre_handler || !p->pre_handler(p, regs))
337+
setup_singlestep(p, regs, kcb, 0);
338+
else
339+
reset_current_kprobe();
333340
}
334-
/*
335-
* The breakpoint instruction was removed right
336-
* after we hit it. Another cpu has removed
337-
* either a probepoint or a debugger breakpoint
338-
* at this address. In either case, no further
339-
* handling of this interrupt is appropriate.
340-
* Return back to original instruction, and continue.
341-
*/
341+
342+
return DBG_HOOK_HANDLED;
342343
}
343344

345+
static struct break_hook kprobes_break_hook = {
346+
.imm = KPROBES_BRK_IMM,
347+
.fn = kprobe_breakpoint_handler,
348+
};
349+
344350
static int __kprobes
345351
kprobe_breakpoint_ss_handler(struct pt_regs *regs, unsigned long esr)
346352
{
@@ -365,18 +371,6 @@ static struct break_hook kprobes_break_ss_hook = {
365371
.fn = kprobe_breakpoint_ss_handler,
366372
};
367373

368-
static int __kprobes
369-
kprobe_breakpoint_handler(struct pt_regs *regs, unsigned long esr)
370-
{
371-
kprobe_handler(regs);
372-
return DBG_HOOK_HANDLED;
373-
}
374-
375-
static struct break_hook kprobes_break_hook = {
376-
.imm = KPROBES_BRK_IMM,
377-
.fn = kprobe_breakpoint_handler,
378-
};
379-
380374
/*
381375
* Provide a blacklist of symbols identifying ranges which cannot be kprobed.
382376
* This blacklist is exposed to userspace via debugfs (kprobes/blacklist).

0 commit comments

Comments
 (0)