aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Keniston <jkenisto@us.ibm.com>2005-09-06 18:19:34 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-07 19:58:01 -0400
commitbce0649417d6e71f6df8ab7b11103d247913b142 (patch)
tree529573458558f625f784f1f977a0d0a72e753e2b
parent661e5a3d9958dc83d610992da85625c0ada9bb06 (diff)
[PATCH] kprobes: fix handling of simultaneous probe hit/unregister
This patch fixes a bug in kprobes's handling of a corner case on i386 and x86_64. On an SMP system, if one CPU unregisters a kprobe just after another CPU hits that probepoint, kprobe_handler() on the latter CPU sees that the kprobe has been unregistered, and attempts to let the CPU continue as if the probepoint hadn't been hit. The bug is that on i386 and x86_64, we were neglecting to set the IP back to the beginning of the probed instruction. This could cause an oops or crash. This bug doesn't exist on ppc64 and ia64, where a breakpoint instruction leaves the IP pointing to the beginning of the instruction. I don't know about sparc64. (Dave, could you please advise?) This fix has been tested on i386 and x86_64 SMP systems. To reproduce the problem, set one CPU to work registering and unregistering a kprobe repeatedly, and another CPU pounding the probepoint in a tight loop. Acked-by: Prasanna S Panchamukhi <prasanna@in.ibm.com> Signed-off-by: Jim Keniston <jkenisto@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--arch/i386/kernel/kprobes.c3
-rw-r--r--arch/x86_64/kernel/kprobes.c3
2 files changed, 6 insertions, 0 deletions
diff --git a/arch/i386/kernel/kprobes.c b/arch/i386/kernel/kprobes.c
index 7fb5a6f4a563..e5cec32018a5 100644
--- a/arch/i386/kernel/kprobes.c
+++ b/arch/i386/kernel/kprobes.c
@@ -221,7 +221,10 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
221 * either a probepoint or a debugger breakpoint 221 * either a probepoint or a debugger breakpoint
222 * at this address. In either case, no further 222 * at this address. In either case, no further
223 * handling of this interrupt is appropriate. 223 * handling of this interrupt is appropriate.
224 * Back up over the (now missing) int3 and run
225 * the original instruction.
224 */ 226 */
227 regs->eip -= sizeof(kprobe_opcode_t);
225 ret = 1; 228 ret = 1;
226 } 229 }
227 /* Not one of ours: let kernel handle it */ 230 /* Not one of ours: let kernel handle it */
diff --git a/arch/x86_64/kernel/kprobes.c b/arch/x86_64/kernel/kprobes.c
index c21cceaea275..2d7658fbbb28 100644
--- a/arch/x86_64/kernel/kprobes.c
+++ b/arch/x86_64/kernel/kprobes.c
@@ -361,7 +361,10 @@ int __kprobes kprobe_handler(struct pt_regs *regs)
361 * either a probepoint or a debugger breakpoint 361 * either a probepoint or a debugger breakpoint
362 * at this address. In either case, no further 362 * at this address. In either case, no further
363 * handling of this interrupt is appropriate. 363 * handling of this interrupt is appropriate.
364 * Back up over the (now missing) int3 and run
365 * the original instruction.
364 */ 366 */
367 regs->rip = (unsigned long)addr;
365 ret = 1; 368 ret = 1;
366 } 369 }
367 /* Not one of ours: let kernel handle it */ 370 /* Not one of ours: let kernel handle it */