[PATCH]Kprobes-Race in recovery of reentrant probe

[PATCH] Kprobes - Race in recovery of reentrant probes

There is window where a probe gets removed right after the
probe is hit on some different cpu. In this case probe handlers
can't find a matching probe instance related to break address.
In this case we need to read the original instruction at break
address to see if that is not a break/int3 instruction 
and recover safely.

Previous code had a bug where we were not checking for the above
race in case of reentrant probes and the below patch fixes this
race.

The below patch has been tested on IA64, Powerpc, x86_64.

Signed-off-by: Anil S Keshavamurthy <[email protected]>
-----------------------------------------------------------------
 arch/i386/kernel/kprobes.c    |   13 +++++++++++++
 arch/ia64/kernel/kprobes.c    |    7 +++++++
 arch/powerpc/kernel/kprobes.c |   12 ++++++++++++
 arch/sparc64/kernel/kprobes.c |    8 ++++++++
 arch/x86_64/kernel/kprobes.c  |    9 +++++++++
 5 files changed, 49 insertions(+)

Index: linux-2.6.15-mm1/arch/i386/kernel/kprobes.c
===================================================================
--- linux-2.6.15-mm1.orig/arch/i386/kernel/kprobes.c
+++ linux-2.6.15-mm1/arch/i386/kernel/kprobes.c
@@ -188,6 +188,19 @@ static int __kprobes kprobe_handler(stru
 			kcb->kprobe_status = KPROBE_REENTER;
 			return 1;
 		} else {
+			if (regs->eflags & VM_MASK) {
+			/* We are in virtual-8086 mode. Return 0 */
+				goto no_kprobe;
+			}
+			if (*addr != BREAKPOINT_INSTRUCTION) {
+			/* The breakpoint instruction was removed by
+			 * another cpu right after we hit, no further
+			 * handling of this interrupt is appropriate
+			 */
+				regs->eip -= sizeof(kprobe_opcode_t);
+				ret = 1;
+				goto no_kprobe;
+			}
 			p = __get_cpu_var(current_kprobe);
 			if (p->break_handler && p->break_handler(p, regs)) {
 				goto ss_probe;
Index: linux-2.6.15-mm1/arch/ia64/kernel/kprobes.c
===================================================================
--- linux-2.6.15-mm1.orig/arch/ia64/kernel/kprobes.c
+++ linux-2.6.15-mm1/arch/ia64/kernel/kprobes.c
@@ -638,6 +638,13 @@ static int __kprobes pre_kprobes_handler
 			if (p->break_handler && p->break_handler(p, regs)) {
 				goto ss_probe;
 			}
+		} else if (!is_ia64_break_inst(regs)) {
+			/* The breakpoint instruction was removed by
+			 * another cpu right after we hit, no further
+			 * handling of this interrupt is appropriate
+			 */
+			ret = 1;
+			goto no_kprobe;
 		} else {
 			/* Not our break */
 			goto no_kprobe;
Index: linux-2.6.15-mm1/arch/powerpc/kernel/kprobes.c
===================================================================
--- linux-2.6.15-mm1.orig/arch/powerpc/kernel/kprobes.c
+++ linux-2.6.15-mm1/arch/powerpc/kernel/kprobes.c
@@ -179,6 +179,18 @@ static inline int kprobe_handler(struct 
 			kcb->kprobe_status = KPROBE_REENTER;
 			return 1;
 		} else {
+			if (*addr != BREAKPOINT_INSTRUCTION) {
+				/* If trap variant, then it belongs not to us */
+				kprobe_opcode_t cur_insn = *addr;
+				if (is_trap(cur_insn))
+		       			goto no_kprobe;
+				/* The breakpoint instruction was removed by
+				 * another cpu right after we hit, no further
+				 * handling of this interrupt is appropriate
+				 */
+				ret = 1;
+				goto no_kprobe;
+			}
 			p = __get_cpu_var(current_kprobe);
 			if (p->break_handler && p->break_handler(p, regs)) {
 				goto ss_probe;
Index: linux-2.6.15-mm1/arch/sparc64/kernel/kprobes.c
===================================================================
--- linux-2.6.15-mm1.orig/arch/sparc64/kernel/kprobes.c
+++ linux-2.6.15-mm1/arch/sparc64/kernel/kprobes.c
@@ -135,6 +135,14 @@ static int __kprobes kprobe_handler(stru
 			prepare_singlestep(p, regs, kcb);
 			return 1;
 		} else {
+			if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
+			/* The breakpoint instruction was removed by
+			 * another cpu right after we hit, no further
+			 * handling of this interrupt is appropriate
+			 */
+				ret = 1;
+				goto no_kprobe;
+			}
 			p = __get_cpu_var(current_kprobe);
 			if (p->break_handler && p->break_handler(p, regs))
 				goto ss_probe;
Index: linux-2.6.15-mm1/arch/x86_64/kernel/kprobes.c
===================================================================
--- linux-2.6.15-mm1.orig/arch/x86_64/kernel/kprobes.c
+++ linux-2.6.15-mm1/arch/x86_64/kernel/kprobes.c
@@ -334,6 +334,15 @@ int __kprobes kprobe_handler(struct pt_r
 				return 1;
 			}
 		} else {
+			if (*addr != BREAKPOINT_INSTRUCTION) {
+			/* The breakpoint instruction was removed by
+			 * another cpu right after we hit, no further
+			 * handling of this interrupt is appropriate
+			 */
+				regs->rip = (unsigned long)addr;
+				ret = 1;
+				goto no_kprobe;
+			}
 			p = __get_cpu_var(current_kprobe);
 			if (p->break_handler && p->break_handler(p, regs)) {
 				goto ss_probe;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: Re: [PATCH 4/5] rcu: join rcu_ctrlblk and rcu_state
• Next by Date: Re: [PATCH 2/5] rcu: don't check ->donelist in __rcu_pending()
• Previous by thread: Re: sym53c8xx_2 is flooding my syslog ...
• Next by thread: [PATCH] Add kernel.h to plist.h
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]