leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8e89c0be17
linux/arch/x86/include/asm
History
Oleg Nesterov 8e89c0be17 uprobes/x86: Emulate relative call's 
See the previous "Emulate unconditional relative jmp's" which explains
why we can not execute "jmp" out-of-line, the same applies to "call".

Emulating of rip-relative call is trivial, we only need to additionally
push the ret-address. If this fails, we execute this instruction out of
line and this should trigger the trap, the probed application should die
or the same insn will be restarted if a signal handler expands the stack.
We do not even need ->post_xol() for this case.

But there is a corner (and almost theoretical) case: another thread can
expand the stack right before we execute this insn out of line. In this
case it hit the same problem we are trying to solve. So we simply turn
the probed insn into "call 1f; 1:" and add ->post_xol() which restores
->sp and restarts.

Many thanks to Jonathan who finally found the standalone reproducer,
otherwise I would never resolve the "random SIGSEGV's under systemtap"
bug-report. Now that the problem is clear we can write the simplified
test-case:

	void probe_func(void), callee(void);

	int failed = 1;

	asm (
		".text\n"
		".align 4096\n"
		".globl probe_func\n"
		"probe_func:\n"
		"call callee\n"
		"ret"
	);

	/*
	 * This assumes that:
	 *
	 *	- &probe_func = 0x401000 + a_bit, aligned = 0x402000
	 *
	 *	- xol_vma->vm_start = TASK_SIZE_MAX - PAGE_SIZE = 0x7fffffffe000
	 *	  as xol_add_vma() asks; the 1st slot = 0x7fffffffe080
	 *
	 * so we can target the non-canonical address from xol_vma using
	 * the simple math below, 100 * 4096 is just the random offset
	 */
	asm (".org . + 0x800000000000 - 0x7fffffffe080 - 5 - 1  + 100 * 4096\n");

	void callee(void)
	{
		failed = 0;
	}

	int main(void)
	{
		probe_func();
		return failed;
	}

It SIGSEGV's if you probe "probe_func" (although this is not very reliable,
randomize_va_space/etc can change the placement of xol area).

Note: as Denys Vlasenko pointed out, amd and intel treat "callw" (0x66 0xe8)
differently. This patch relies on lib/insn.c and thus implements the intel's
behaviour: 0x66 is simply ignored. Fortunately nothing sane should ever use
this insn, so we postpone the fix until we decide what should we do; emulate
or not, support or not, etc.

Reported-by: Jonathan Lebon <jlebon@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Jim Keniston <jkenisto@us.ibm.com>
2014-04-17 21:58:23 +02:00
..
crypto crypto: move x86 to the generic version of ablk_helper 2013-09-24 06:02:24 +10:00
numachip
trace ftrace, perf: Avoid infinite event generation loop 2013-11-19 16:57:40 +01:00
uv x86/uv/nmi: Fix Sparse warnings 2014-01-25 08:55:10 +01:00
xen xen/grant-table: Refactor gnttab_[un]map_refs to avoid m2p_override 2014-03-18 14:40:19 +00:00
a.out-core.h
acpi.h ACPI / x86: Increase override tables number limit 2013-09-25 16:59:39 +02:00
agp.h
alternative-asm.h
alternative.h
amd_nb.h x86/AMD/NB: Fix amd_set_subcaches() parameter type 2014-01-25 08:50:09 +01:00
apb_timer.h
apic_flat_64.h
apic.h x86/apic: Always define nox2apic and define it as initdata 2014-02-09 15:15:11 +01:00
apicdef.h
apm.h
arch_hweight.h
archrandom.h random: Add arch_has_random[_seed]() 2014-03-19 22:24:08 -04:00
asm-offsets.h
asm.h x86, asm: Extend definitions of _ASM_* with a raw format 2013-08-29 13:26:32 -07:00
atomic64_32.h
atomic64_64.h x86, bitops: Correct the assembly constraints to testing bitops 2013-12-04 14:31:28 -08:00
atomic.h x86, bitops: Correct the assembly constraints to testing bitops 2013-12-04 14:31:28 -08:00
barrier.h x86: Remove CONFIG_X86_OOSTORE 2014-03-11 10:16:18 -07:00
bios_ebda.h
bitops.h x86, bitops: Correct the assembly constraints to testing bitops 2013-12-04 14:31:28 -08:00
boot.h
bootparam_utils.h
bug.h x86: always define BUG() and HAVE_ARCH_BUG, even with !CONFIG_BUG 2014-04-07 16:36:10 -07:00
bugs.h
cache.h
cacheflush.h
calgary.h
calling.h sched, x86: Optimize the preempt_schedule() call 2013-09-25 14:23:07 +02:00
ce4100.h
checksum_32.h x86, smap: Handle csum_partial_copy_*_user() 2013-09-01 14:09:48 -07:00
checksum_64.h
checksum.h
clocksource.h x86, vdso: Make vsyscall_gtod_data handling x86 generic 2014-03-18 12:51:52 -07:00
cmpxchg_32.h
cmpxchg_64.h
cmpxchg.h
compat.h
context_tracking.h
cpu_device_id.h
cpu.h
cpufeature.h Driver core / sysfs patches for 3.15-rc1 2014-04-01 16:28:19 -07:00
cpumask.h
current.h
debugreg.h
delay.h
desc_defs.h
desc.h x86, trace: Delete __trace_alloc_intr_gate() 2013-11-08 14:15:47 -08:00
device.h
div64.h
dma-contiguous.h drivers: dma-contiguous: clean source code and prepare for device tree 2013-08-27 09:18:29 +02:00
dma-mapping.h
dma.h
dmi.h firmware/dmi_scan: generalize for use by other archs 2014-01-23 16:36:57 -08:00
dwarf2.h
e820.h x86: avoid remapping data in parse_setup_data() 2013-08-13 23:29:19 -07:00
edac.h
efi.h Merge remote-tracking branch 'tip/x86/efi-mixed' into efi-for-mingo 2014-03-05 18:15:37 +00:00
elf.h x86, vdso: Remove compat vdso support 2014-03-13 16:20:09 -07:00
emergency-restart.h
entry_arch.h
exec.h
fb.h
fixmap.h x86: use generic early_ioremap 2014-04-07 16:36:15 -07:00
floppy.h x86: Remove deprecated IRQF_DISABLED 2014-03-04 21:47:51 +01:00
fpu-internal.h x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround 2014-01-11 19:15:52 -08:00
frame.h
ftrace.h
futex.h x86: replace futex_atomic_cmpxchg_inatomic() with user_atomic_cmpxchg_inatomic 2013-12-16 09:08:13 -08:00
gart.h
genapic.h
geode.h
gpio.h
hardirq.h x86: hardirq: Make irq_hv_callback_count available for CONFIG_HYPERV=m as well 2014-03-06 12:08:37 +01:00
hash.h lib: introduce arch optimized hash library 2013-12-17 14:27:17 -05:00
highmem.h
hpet.h
hugetlb.h
hw_breakpoint.h
hw_irq.h x86, platforms: Remove SGI Visual Workstation 2014-02-27 08:07:39 -08:00
hypertransport.h
hypervisor.h
i387.h
i8259.h
ia32_unistd.h
ia32.h
idle.h
inat_types.h
inat.h
init.h
insn.h
inst.h
intel_mid_vrtc.h intel_mid: Renamed *mrst* to *intel_mid* 2013-10-17 16:40:36 -07:00
intel_scu_ipc.h
intel-mid.h x86, intel-mid: Add Merrifield platform support 2014-01-15 14:38:58 -08:00
io_apic.h
io.h x86: use generic early_ioremap 2014-04-07 16:36:15 -07:00
iomap.h
iommu_table.h
iommu.h
iosf_mbi.h arch: x86: New MailBox support driver for Intel SOC's 2014-01-08 14:36:29 -08:00
ipi.h
irq_regs.h
irq_remapping.h
irq_vectors.h
irq.h x86: Add check for number of available vectors before CPU down 2014-01-15 22:24:02 -08:00
irqflags.h
ist.h
jump_label.h compiler/gcc4: Add quirk for 'asm goto' miscompilation bug 2013-10-11 07:39:14 +02:00
kbdleds.h
Kbuild x86: use generic early_ioremap 2014-04-07 16:36:15 -07:00
kdebug.h x86/dumpstack: Fix printk_address for direct addresses 2013-11-12 21:06:06 +01:00
kexec.h
kgdb.h
kmap_types.h
kmemcheck.h
kprobes.h
kvm_emulate.h kvm, emulator: Rename VendorSpecific flag 2013-10-30 18:54:40 +01:00
kvm_guest.h
kvm_host.h KVM: x86: Allow the guest to run with dirty debug registers 2014-03-11 10:46:02 +01:00
kvm_para.h x86, kvm: correctly access the KVM_CPUID_FEATURES leaf at 0x40000101 2014-01-29 18:11:55 +01:00
lguest_hcall.h
lguest.h
linkage.h
local64.h
local.h x86, bitops: Correct the assembly constraints to testing bitops 2013-12-04 14:31:28 -08:00
mach_timer.h
mach_traps.h
math_emu.h
mc146818rtc.h
mce.h x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
microcode_amd.h x86, microcode, AMD: Fix early ucode loading 2014-01-13 19:59:38 +01:00
microcode_intel.h
microcode.h x86, microcode: Share native MSR accessing variants 2014-01-13 19:57:27 +01:00
misc.h x86: Improve the printout of the SMP bootup CPU table 2013-09-28 10:10:26 +02:00
mmconfig.h
mmu_context.h
mmu.h
mmx.h
mmzone_32.h x86, platforms: Remove NUMAQ 2014-02-27 08:07:39 -08:00
mmzone_64.h
mmzone.h
module.h
mpspec_def.h
mpspec.h x86, platforms: Remove NUMAQ 2014-02-27 08:07:39 -08:00
mshyperv.h x86: hyperv: Fixup the (brain) damage caused by the irq cleanup 2014-03-05 13:42:14 +01:00
msidef.h
msr.h x86: Add another set of MSR accessor functions 2014-03-13 15:34:45 -07:00
mtrr.h
mutex_32.h
mutex_64.h compiler/gcc4: Add quirk for 'asm goto' miscompilation bug 2013-10-11 07:39:14 +02:00
mutex.h
mwait.h sched/preempt: Fix up missed PREEMPT_NEED_RESCHED folding 2014-01-13 17:38:55 +01:00
nmi.h x86/nmi: Push duration printk() to irq context 2014-02-09 13:17:22 +01:00
nops.h
numa_32.h
numa.h
olpc_ofw.h
olpc.h
page_32_types.h
page_32.h x86/mm: Implement ASLR for hugetlb mappings 2013-11-19 14:24:50 +01:00
page_64_types.h x86, kaslr: Raise the maximum virtual address to -1 GiB on x86_64 2013-10-13 03:13:13 -07:00
page_64.h
page_types.h x86: revert wrong memblock current limit setting 2014-01-27 21:02:38 -08:00
page.h x86/mm: Implement ASLR for hugetlb mappings 2013-11-19 14:24:50 +01:00
paravirt_types.h x86, asmlinkage, paravirt: Don't rely on local assembler labels 2014-01-29 22:17:17 -08:00
paravirt.h x86, asmlinkage, paravirt: Make paravirt thunks global 2014-01-29 22:17:17 -08:00
parport.h
pat.h
pci_64.h
pci_x86.h
pci-direct.h
pci-functions.h
pci.h x86/PCI: Drop return value of pcibios_scan_root() 2014-02-03 10:38:29 -07:00
percpu.h percpu: add raw_cpu_ops 2014-04-07 16:36:13 -07:00
perf_event_p4.h
perf_event.h
pgalloc.h x86, mm: enable split page table lock for PMD level 2013-11-15 09:32:15 +09:00
pgtable_32_types.h
pgtable_32.h
pgtable_64_types.h x86, kaslr: Raise the maximum virtual address to -1 GiB on x86_64 2013-10-13 03:13:13 -07:00
pgtable_64.h
pgtable_types.h Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-02 12:26:43 -07:00
pgtable-2level_types.h
pgtable-2level.h x86/mm: Unify pte_to_pgoff() and pgoff_to_pte() helpers 2013-11-19 14:24:34 +01:00
pgtable-3level_types.h
pgtable-3level.h mm: save soft-dirty bits on file pages 2013-08-13 17:57:48 -07:00
pgtable.h Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-03-31 12:26:05 -07:00
posix_types.h
preempt.h percpu: add raw_cpu_ops 2014-04-07 16:36:13 -07:00
probe_roms.h
processor-cyrix.h
processor-flags.h
processor.h x86: Keep thread_info on thread stack in x86_32 2014-03-06 16:56:55 -08:00
prom.h of: remove HAVE_ARCH_DEVTREE_FIXUPS 2013-10-09 20:04:08 -05:00
proto.h
ptrace.h x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
pvclock-abi.h
pvclock.h pvclock: detect watchdog reset at pvclock read 2013-11-06 09:48:43 +02:00
realmode.h
reboot_fixups.h
reboot.h
required-features.h
resume-trace.h
rio.h
rmwcc.h x86, bitops: Correct the assembly constraints to testing bitops 2013-12-04 14:31:28 -08:00
rtc.h
rwlock.h
rwsem.h
scatterlist.h
seccomp_32.h
seccomp_64.h
seccomp.h
sections.h
segment.h x86, trace: Register exception handler to trace IDT 2013-11-08 14:15:45 -08:00
serial.h
setup_arch.h
setup.h x86, platforms: Remove SGI Visual Workstation 2014-02-27 08:07:39 -08:00
shmparam.h
sigcontext.h
sigframe.h
sighandling.h
signal.h
simd.h crypto: move x86 to the generic version of ablk_helper 2013-09-24 06:02:24 +10:00
smap.h
smp.h x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
smpboot_hooks.h
sparsemem.h
special_insns.h x86: Add support for the clflushopt instruction 2014-02-27 08:23:28 -08:00
spinlock_types.h
spinlock.h x86: Remove CONFIG_X86_OOSTORE 2014-03-11 10:16:18 -07:00
sta2x11.h
stackprotector.h
stacktrace.h
string_32.h
string_64.h
string.h
suspend_32.h
suspend_64.h
suspend.h
svm.h
swiotlb.h
switch_to.h
sync_bitops.h
sys_ia32.h
syscall.h audit: use uapi/linux/audit.h for AUDIT_ARCH declarations 2014-03-20 10:11:59 -04:00
syscalls.h
sysfb.h
tce.h
thread_info.h x86: Keep thread_info on thread stack in x86_32 2014-03-06 16:56:55 -08:00
time.h
timer.h Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-01-20 12:03:57 -08:00
timex.h
tlb.h
tlbflush.h mm, x86: Account for TLB flushes only when debugging 2014-01-25 09:10:41 +01:00
topology.h PCI changes for the v3.15 merge window: 2014-04-01 15:14:04 -07:00
trace_clock.h
traps.h x86, trace: Register exception handler to trace IDT 2013-11-08 14:15:45 -08:00
tsc.h x86, tsc: Fallback to normal calibration if fast MSR calibration fails 2014-02-19 17:12:24 +01:00
uaccess_32.h x86: Unify copy_to_user() and add size checking to it 2013-10-26 12:27:37 +02:00
uaccess_64.h x86, sparse: Do not force removal of __user when calling copy_to/from_user_nocheck() 2014-01-04 13:54:50 -08:00
uaccess.h Merge branch 'x86/mpx' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-01-20 14:46:32 -08:00
unaligned.h
unistd.h fs/compat: optional preadv64/pwrite64 compat system calls 2014-03-06 15:35:09 +01:00
uprobes.h uprobes/x86: Emulate relative call's 2014-04-17 21:58:23 +02:00
user32.h
user_32.h
user_64.h
user.h
vdso32.h x86, vdso: Add 32 bit VDSO time support for 32 bit kernel 2014-03-18 12:52:37 -07:00
vdso.h x86, vdso: Finish removing VDSO32_PRELINK 2014-03-20 20:20:18 -07:00
vga.h
vgtod.h x86, vdso: Add 32 bit VDSO time support for 64 bit kernel 2014-03-18 12:52:41 -07:00
virtext.h
vm86.h
vmx.h KVM: x86: Intel MPX vmx and msr handle 2014-02-24 12:14:00 +01:00
vsyscall.h
vvar.h x86, vdso: Add 32 bit VDSO time support for 64 bit kernel 2014-03-18 12:52:41 -07:00
word-at-a-time.h
x2apic.h
x86_init.h PCI: Drop "irq" param from *_restore_msi_irqs() 2013-12-13 08:44:30 -07:00
xcr.h
xor_32.h
xor_64.h
xor_avx.h crypto: xor - Check for osxsave as well as avx in crypto/xor 2013-08-21 21:08:35 +10:00
xor.h
xsave.h Merge tag 'kvm-3.15-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2014-04-02 14:50:10 -07:00