Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-16 17:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
1ea30fb645
linux/arch/x86/kernel
History
Denys Vlasenko 1ea30fb645 uprobes/x86: Fix scratch register selection for rip-relative fixups 
Before this patch, instructions such as div, mul, shifts with count
in CL, cmpxchg are mishandled.

This patch adds vex prefix handling. In particular, it avoids colliding
with register operand encoded in vex.vvvv field.

Since we need to avoid two possible register operands, the selection of
scratch register needs to be from at least three registers.

After looking through a lot of CPU docs, it looks like the safest choice
is SI,DI,BX. Selecting BX needs care to not collide with implicit use of
BX by cmpxchg8b.

Test-case:

	#include <stdio.h>

	static const char *const pass[] = { "FAIL", "pass" };

	long two = 2;
	void test1(void)
	{
		long ax = 0, dx = 0;
		asm volatile("\n"
	"			xor	%%edx,%%edx\n"
	"			lea	2(%%edx),%%eax\n"
	// We divide 2 by 2. Result (in eax) should be 1:
	"	probe1:		.globl	probe1\n"
	"			divl	two(%%rip)\n"
	// If we have a bug (eax mangled on entry) the result will be 2,
	// because eax gets restored by probe machinery.
		: "=a" (ax), "=d" (dx) /*out*/
		: "0" (ax), "1" (dx) /*in*/
		: "memory" /*clobber*/
		);
		dprintf(2, "%s: %s\n", __func__,
			pass[ax == 1]
		);
	}

	long val2 = 0;
	void test2(void)
	{
		long old_val = val2;
		long ax = 0, dx = 0;
		asm volatile("\n"
	"			mov	val2,%%eax\n"     // eax := val2
	"			lea	1(%%eax),%%edx\n" // edx := eax+1
	// eax is equal to val2. cmpxchg should store edx to val2:
	"	probe2:		.globl  probe2\n"
	"			cmpxchg %%edx,val2(%%rip)\n"
	// If we have a bug (eax mangled on entry), val2 will stay unchanged
		: "=a" (ax), "=d" (dx) /*out*/
		: "0" (ax), "1" (dx) /*in*/
		: "memory" /*clobber*/
		);
		dprintf(2, "%s: %s\n", __func__,
			pass[val2 == old_val + 1]
		);
	}

	long val3[2] = {0,0};
	void test3(void)
	{
		long old_val = val3[0];
		long ax = 0, dx = 0;
		asm volatile("\n"
	"			mov	val3,%%eax\n"  // edx:eax := val3
	"			mov	val3+4,%%edx\n"
	"			mov	%%eax,%%ebx\n" // ecx:ebx := edx:eax + 1
	"			mov	%%edx,%%ecx\n"
	"			add	$1,%%ebx\n"
	"			adc	$0,%%ecx\n"
	// edx:eax is equal to val3. cmpxchg8b should store ecx:ebx to val3:
	"	probe3:		.globl  probe3\n"
	"			cmpxchg8b val3(%%rip)\n"
	// If we have a bug (edx:eax mangled on entry), val3 will stay unchanged.
	// If ecx:edx in mangled, val3 will get wrong value.
		: "=a" (ax), "=d" (dx) /*out*/
		: "0" (ax), "1" (dx) /*in*/
		: "cx", "bx", "memory" /*clobber*/
		);
		dprintf(2, "%s: %s\n", __func__,
			pass[val3[0] == old_val + 1 && val3[1] == 0]
		);
	}

	int main(int argc, char **argv)
	{
		test1();
		test2();
		test3();
		return 0;
	}

Before this change all tests fail if probe{1,2,3} are probed.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Reviewed-by: Jim Keniston <jkenisto@us.ibm.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
2014-05-14 13:57:25 +02:00
..
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux into pm-cpuidle 2014-04-08 13:25:25 +02:00
apic Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-11 11:58:33 -07:00
cpu Merge branch 'perf/urgent' into perf/core, to pick up fixes 2014-04-25 10:04:22 +02:00
kprobes kprobes/x86: Fix page-fault handling logic 2014-04-17 10:57:02 +02:00
.gitignore
alternative.c lockdep, x86/alternatives: Drop ancient lockdep fixup message 2013-09-28 10:09:41 +02:00
amd_gart_64.c x86, mm: use pfn_range_is_mapped() with gart 2012-11-17 11:59:10 -08:00
amd_nb.c A bunch of EDAC updates all over the place: 2014-04-01 13:54:00 -07:00
apb_timer.c intel_mid: Renamed *mrst* to *intel_mid* 2013-10-17 16:40:47 -07:00
aperture_64.c Revert "[PATCH] Insert GART region into resource map" 2014-03-18 14:26:12 -06:00
apm_32.c x86, asmlinkage, apm: Make APM data structure used from assembler visible 2013-08-06 14:20:20 -07:00
asm-offsets_32.c x86: Get rid of ->hard_math and all the FPU asm fu 2013-06-06 14:32:04 -07:00
asm-offsets_64.c x86, gdt, hibernate: Store/load GDT for hibernate path. 2013-05-02 11:27:35 -07:00
asm-offsets.c sched, x86: Provide a per-cpu preempt_count implementation 2013-09-25 14:07:57 +02:00
audit_64.c
bootflag.c
check.c x86/mm: memblock: switch to use NUMA_NO_NODE 2014-01-21 16:19:47 -08:00
cpuid.c x86, cpuid: Fix CPU hotplug callback registration 2014-03-20 13:43:42 +01:00
crash_dump_32.c
crash_dump_64.c
crash.c x86, crash: Unify ifdef 2014-03-13 15:32:44 -07:00
devicetree.c Merge remote-tracking branch 'grant/devicetree/next' into for-next 2013-11-07 10:34:46 -06:00
doublefault.c x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
dumpstack_32.c Merge branch 'x86-threadinfo-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-01 10:17:18 -07:00
dumpstack_64.c x86: Fix dumpstack_64 irq stack handling 2014-04-02 11:46:50 -07:00
dumpstack.c x86/dumpstack: Fix printk_address for direct addresses 2013-11-12 21:06:06 +01:00
e820.c x86/mm: memblock: switch to use NUMA_NO_NODE 2014-01-21 16:19:47 -08:00
early_printk.c Merge branch 'x86-intel-mid-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 11:12:22 +09:00
early-quirks.c x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks 2014-04-14 08:50:56 +02:00
entry_32.S ftrace/x86: Load ftrace_ops in parameter not the variable holding it 2014-01-09 13:24:29 -08:00
entry_64.S ftrace/x86: Load ftrace_ops in parameter not the variable holding it 2014-01-09 13:24:29 -08:00
ftrace.c ftrace/x86: BUG when ftrace recovery fails 2014-03-07 10:06:16 -05:00
head32.c intel_mid: Renamed *mrst* to *intel_mid* 2013-10-17 16:40:47 -07:00
head64.c x86, trace: Register exception handler to trace IDT 2013-11-08 14:15:45 -08:00
head_32.S x86: fix compile error due to X86_TRAP_NMI use in asm files 2014-03-07 18:58:40 -08:00
head_64.S x86: fix compile error due to X86_TRAP_NMI use in asm files 2014-03-07 18:58:40 -08:00
head.c x86: Make sure we can boot in the case the BDA contains pure garbage 2013-02-27 13:38:57 -08:00
hpet.c CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
hw_breakpoint.c x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
i386_ksyms_32.c sched, x86: Optimize the preempt_schedule() call 2013-09-25 14:23:07 +02:00
i387.c x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU 2014-03-11 12:32:52 -07:00
i8237.c
i8253.c
i8259.c x86/irq: Correct comment about i8259 initialization 2013-09-04 07:46:04 +02:00
io_delay.c
ioport.c x86: get rid of pt_regs argument of iopl(2) 2013-02-03 18:16:24 -05:00
iosf_mbi.c arch: x86: New MailBox support driver for Intel SOC's 2014-01-08 14:36:29 -08:00
irq_32.c x86, threadinfo: Redo "x86: Use inline assembler to get sp" 2014-03-10 17:32:01 -07:00
irq_64.c irq: Consolidate do_softirq() arch overriden implementations 2013-10-01 12:53:25 +02:00
irq_work.c x86, asmlinkage: Make all interrupt handlers asmlinkage / __visible 2013-08-06 14:18:23 -07:00
irq.c x86/platform/hyperv: Handle VMBUS driver being a module 2014-04-02 09:49:47 +02:00
irqinit.c x86/irq: Fix do_IRQ() interrupt warning for cpu hotplug retriggered irqs 2014-01-12 13:13:02 +01:00
jump_label.c x86/jump_label: expect default_nop if static_key gets enabled on boot-up 2013-10-19 19:45:35 -04:00
kdebugfs.c
kgdb.c x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
ksysfs.c x86: ksysfs.c build fix 2014-01-03 14:37:13 +00:00
kvm.c kvm: remove redundant registration of BSP's hv_clock area 2014-02-22 15:53:32 +01:00
kvmclock.c kvm: remove redundant registration of BSP's hv_clock area 2014-02-22 15:53:32 +01:00
ldt.c x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels 2014-04-11 10:10:09 -07:00
machine_kexec_32.c x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
machine_kexec_64.c x86, kaslr: export offset in VMCOREINFO ELF notes 2014-02-25 16:57:47 -08:00
Makefile x86, vdso: Make vsyscall_gtod_data handling x86 generic 2014-03-18 12:51:52 -07:00
mmconf-fam10h_64.c x86: delete __cpuinit usage from all x86 files 2013-07-14 19:36:56 -04:00
module.c x86, kaslr: fix module lock ordering problem 2014-03-24 10:18:26 -07:00
mpparse.c
msr.c x86, msr: Fix CPU hotplug callback registration 2014-03-20 13:43:42 +01:00
nmi_selftest.c
nmi.c x86/nmi: Push duration printk() to irq context 2014-02-09 13:17:22 +01:00
paravirt_patch_32.c
paravirt_patch_64.c
paravirt-spinlocks.c x86, ticketlock: Add slowpath logic 2013-08-09 07:54:00 -07:00
paravirt.c x86, paravirt: Remove duplicate definition for DEF_NATIVE 2013-09-04 09:46:43 -07:00
pci-calgary_64.c x86, calgary: Use 8M TCE table size by default 2014-04-10 19:51:32 -07:00
pci-dma.c x86: dma-mapping: fix GFP_ATOMIC macro usage 2014-02-11 09:40:15 +01:00
pci-iommu_table.c
pci-nommu.c x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
pci-swiotlb.c
pcspeaker.c
perf_regs.c perf: Fix off by one test in perf_reg_value() 2012-09-19 17:08:40 +02:00
preempt.S sched, x86: Optimize the preempt_schedule() call 2013-09-25 14:23:07 +02:00
probe_roms.c x86/pci/probe_roms: Add missing __iomem annotation to pci_map_biosrom() 2012-09-05 10:52:25 +02:00
process_32.c x86: Keep thread_info on thread stack in x86_32 2014-03-06 16:56:55 -08:00
process_64.c uprobes/x86: Fix is_64bit_mm() with CONFIG_X86_X32 2014-04-30 19:10:35 +02:00
process.c sched/idle, x86: Remove redundant cpuidle_idle_call() 2014-02-11 09:58:28 +01:00
ptrace.c x86: Keep thread_info on thread stack in x86_32 2014-03-06 16:56:55 -08:00
pvclock.c hung_task: add method to reset detector 2013-11-06 09:49:02 +02:00
quirks.c x86/amd/numa: Fix northbridge quirk to assign correct NUMA node 2014-03-14 11:05:36 +01:00
reboot_fixups_32.c
reboot.c x86: Remove the PCI reboot method from the default chain 2014-04-16 08:56:09 +02:00
relocate_kernel_32.S x86, asm, cleanup: Replace open-coded control register values with symbolic 2013-06-25 16:26:06 -07:00
relocate_kernel_64.S x86, reloc: Use xorl instead of xorq in relocate_kernel_64.S 2013-06-20 21:30:04 -07:00
resource.c
rtc.c Merge branch 'x86-intel-mid-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 11:12:22 +09:00
setup_percpu.c
setup.c Merge branch 'x86-nuke-platforms-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-02 13:15:58 -07:00
signal.c Merge branch 'x86-smap-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-09-04 11:08:32 -07:00
smp.c x86, asmlinkage: Make all interrupt handlers asmlinkage / __visible 2013-08-06 14:18:23 -07:00
smpboot.c Merge branch 'x86-threadinfo-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-01 10:17:18 -07:00
stacktrace.c
step.c ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL 2013-01-22 10:08:00 -08:00
sys_x86_64.c x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member 2013-08-22 10:19:35 -07:00
syscall_32.c x86, asmlinkage: Make syscall tables visible 2013-08-06 14:20:18 -07:00
syscall_64.c x86, asmlinkage: Make syscall tables visible 2013-08-06 14:20:18 -07:00
sysfb_efi.c x86: sysfb: move EFI quirks from efifb to sysfb 2013-08-02 16:17:47 -07:00
sysfb_simplefb.c x86/simplefb: Mark framebuffer mem-resources as IORESOURCE_BUSY to avoid bootup warning 2013-10-03 07:51:11 +02:00
sysfb.c x86: sysfb: move EFI quirks from efifb to sysfb 2013-08-02 16:17:47 -07:00
tboot.c x86 / tboot / ACPI: Fail extended mode reduced hardware sleep 2013-07-31 14:25:51 +02:00
tce_64.c
test_nx.c
test_rodata.c
time.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-01 11:22:57 -07:00
tls.c make SYSCALL_DEFINE<n>-generated wrappers do asmlinkage_protect 2013-03-03 22:58:33 -05:00
tls.h
topology.c hotplug, powerpc, x86: Remove cpu_hotplug_driver_lock() 2013-09-30 19:55:51 +02:00
trace_clock.c tracing,x86: Add a TSC trace_clock 2012-11-13 15:48:27 -05:00
tracepoint.c x86: Make sure IDT is page aligned 2013-07-16 15:14:48 -07:00
traps.c x86/traps: Clean up error exception handler definitions 2013-12-12 14:46:42 +01:00
tsc_msr.c x86: tsc: Add missing Baytrail frequency to the table 2014-02-19 17:12:24 +01:00
tsc_sync.c x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
tsc.c Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-02 12:26:43 -07:00
uprobes.c uprobes/x86: Fix scratch register selection for rip-relative fixups 2014-05-14 13:57:25 +02:00
verify_cpu.S
vm86_32.c x86, vm86: fix VM86 syscalls: use SYSCALL_DEFINEx(...) 2013-05-02 20:36:32 -04:00
vmlinux.lds.S x86, vdso: Zero-pad the VVAR page 2014-03-18 12:52:44 -07:00
vsmp_64.c x86, asmlinkage, paravirt: Make paravirt thunks global 2014-01-29 22:17:17 -08:00
vsyscall_64.c CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
vsyscall_emu_64.S
vsyscall_gtod.c x86, vdso: Add 32 bit VDSO time support for 64 bit kernel 2014-03-18 12:52:41 -07:00
vsyscall_trace.h
x86_init.c PCI: Drop "irq" param from *_restore_msi_irqs() 2013-12-13 08:44:30 -07:00
x8664_ksyms_64.c sched, x86: Optimize the preempt_schedule() call 2013-09-25 14:23:07 +02:00
xsave.c x86, xsave: Support eager-only xsave features, add MPX support 2013-12-06 17:17:42 -08:00