x86/kprobes: Fix __recover_optprobed_insn check optimizing logic

Yang Jihong · mhiramat · commit 868a6fc0ca24 · 2023-02-21T08:49:16.000+09:00
Since the following commit: commit f66c044 ("kprobes: Set unoptimized flag after unoptimizing code") modified the update timing of the KPROBE_FLAG_OPTIMIZED, a optimized_kprobe may be in the optimizing or unoptimizing state when op.kp->flags has KPROBE_FLAG_OPTIMIZED and op->list is not empty. The __recover_optprobed_insn check logic is incorrect, a kprobe in the unoptimizing state may be incorrectly determined as unoptimizing. As a result, incorrect instructions are copied. The optprobe_queued_unopt function needs to be exported for invoking in arch directory. Link: https://lore.kernel.org/all/20230216034247.32348-2-yangjihong1@huawei.com/ Fixes: f66c044 ("kprobes: Set unoptimized flag after unoptimizing code") Cc: stable@vger.kernel.org Signed-off-by: Yang Jihong <yangjihong1@huawei.com> Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c
@@ -46,8 +46,8 @@ unsigned long __recover_optprobed_insn(kprobe_opcode_t *buf, unsigned long addr)
 		/* This function only handles jump-optimized kprobe */
 		if (kp && kprobe_optimized(kp)) {
 			op = container_of(kp, struct optimized_kprobe, kp);
-			/* If op->list is not empty, op is under optimizing */
-			if (list_empty(&op->list))
+			/* If op is optimized or under unoptimizing */
+			if (list_empty(&op->list) || optprobe_queued_unopt(op))
 				goto found;
 		}
 	}
diff --git a/include/linux/kprobes.h b/include/linux/kprobes.h
@@ -378,6 +378,7 @@ extern void opt_pre_handler(struct kprobe *p, struct pt_regs *regs);
 DEFINE_INSN_CACHE_OPS(optinsn);
 
 extern void wait_for_kprobe_optimizer(void);
+bool optprobe_queued_unopt(struct optimized_kprobe *op);
 #else /* !CONFIG_OPTPROBES */
 static inline void wait_for_kprobe_optimizer(void) { }
 #endif /* CONFIG_OPTPROBES */
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
@@ -660,7 +660,7 @@ void wait_for_kprobe_optimizer(void)
 	mutex_unlock(&kprobe_mutex);
 }
 
-static bool optprobe_queued_unopt(struct optimized_kprobe *op)
+bool optprobe_queued_unopt(struct optimized_kprobe *op)
 {
 	struct optimized_kprobe *_op;
 

Original file line number	Diff line number	Diff line change
`@@ -46,8 +46,8 @@ unsigned long __recover_optprobed_insn(kprobe_opcode_t *buf, unsigned long addr)`
`46`	`46`	`/* This function only handles jump-optimized kprobe */`
`47`	`47`	`if (kp && kprobe_optimized(kp)) {`
`48`	`48`	`op = container_of(kp, struct optimized_kprobe, kp);`
`49`		`- /* If op->list is not empty, op is under optimizing */`
`50`		`- if (list_empty(&op->list))`
	`49`	`+ /* If op is optimized or under unoptimizing */`
	`50`	`+ if (list_empty(&op->list) \|\| optprobe_queued_unopt(op))`
`51`	`51`	`goto found;`
`52`	`52`	`}`
`53`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -660,7 +660,7 @@ void wait_for_kprobe_optimizer(void)`
`660`	`660`	`mutex_unlock(&kprobe_mutex);`
`661`	`661`	`}`
`662`	`662`
`663`		`-static bool optprobe_queued_unopt(struct optimized_kprobe *op)`
	`663`	`+bool optprobe_queued_unopt(struct optimized_kprobe *op)`
`664`	`664`	`{`
`665`	`665`	`struct optimized_kprobe *_op;`
`666`	`666`