[PATCH] kprobes: fix race in recovery of reentrant probe

There is a window where a probe gets removed right after the probe is hit on some different cpu. In this case probe handlers can't find a matching probe instance related to break address. In this case we need to read the original instruction at break address to see if that is not a break/int3 instruction and recover safely. Previous code had a bug where we were not checking for the above race in case of reentrant probes and the below patch fixes this race. Tested on IA64, Powerpc, x86_64. Signed-off-by: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Keshavamurthy Anil S <anil.s.keshavamurthy@intel.com> 2006-01-11 15:17:42 -0500
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-01-11 21:42:12 -0500
commit: eb3a72921c8276bf2cd028a458bb83435f16c91c (patch)
tree: 634eff43e1926bdb400d038eb08115193b6a7506
parent: df019b1d8b893d0f0ee5a9b0f71486f0892561ae (diff)
5 files changed, 49 insertions, 0 deletions
diff --git a/arch/i386/kernel/kprobes.c b/arch/i386/kernel/kprobes.c
index 2f372dbd34fd..6483eeb1a4e8 100644
--- a/arch/i386/kernel/kprobes.c
+++ b/arch/i386/kernel/kprobes.c
@@ -188,6 +188,19 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
                        kcb->kprobe_status = KPROBE_REENTER;
                        return 1;
                } else {
+                        if (regs->eflags & VM_MASK) {
+                        /* We are in virtual-8086 mode. Return 0 */
+                                goto no_kprobe;
+                        }
+                        if (*addr != BREAKPOINT_INSTRUCTION) {
+                        /* The breakpoint instruction was removed by
+                         * another cpu right after we hit, no further
+                         * handling of this interrupt is appropriate
+                         */
+                                regs->eip -= sizeof(kprobe_opcode_t);
+                                ret = 1;
+                                goto no_kprobe;
+                        }
                        p = __get_cpu_var(current_kprobe);
                        if (p->break_handler && p->break_handler(p, regs)) {
                                goto ss_probe;
diff --git a/arch/ia64/kernel/kprobes.c b/arch/ia64/kernel/kprobes.c
index 4de7f6759093..346fedf9ea47 100644
--- a/arch/ia64/kernel/kprobes.c
+++ b/arch/ia64/kernel/kprobes.c
@@ -638,6 +638,13 @@ static int __kprobes pre_kprobes_handler(struct die_args *args)
                        if (p->break_handler && p->break_handler(p, regs)) {
                                goto ss_probe;
                        }
+                } else if (!is_ia64_break_inst(regs)) {
+                        /* The breakpoint instruction was removed by
+                         * another cpu right after we hit, no further
+                         * handling of this interrupt is appropriate
+                         */
+                        ret = 1;
+                        goto no_kprobe;
                } else {
                        /* Not our break */
                        goto no_kprobe;
diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
index 27b0c40601fb..cfab48566db1 100644
--- a/arch/powerpc/kernel/kprobes.c
+++ b/arch/powerpc/kernel/kprobes.c
@@ -179,6 +179,18 @@ static inline int kprobe_handler(struct pt_regs *regs)
                        kcb->kprobe_status = KPROBE_REENTER;
                        return 1;
                } else {
+                        if (*addr != BREAKPOINT_INSTRUCTION) {
+                                /* If trap variant, then it belongs not to us */
+                                kprobe_opcode_t cur_insn = *addr;
+                                if (is_trap(cur_insn))
+                                        goto no_kprobe;
+                                /* The breakpoint instruction was removed by
+                                 * another cpu right after we hit, no further
+                                 * handling of this interrupt is appropriate
+                                 */
+                                ret = 1;
+                                goto no_kprobe;
+                        }
                        p = __get_cpu_var(current_kprobe);
                        if (p->break_handler && p->break_handler(p, regs)) {
                                goto ss_probe;
diff --git a/arch/sparc64/kernel/kprobes.c b/arch/sparc64/kernel/kprobes.c
index ff5e9d5cad50..b9a9ce70e55c 100644
--- a/arch/sparc64/kernel/kprobes.c
+++ b/arch/sparc64/kernel/kprobes.c
@@ -135,6 +135,14 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
                        prepare_singlestep(p, regs, kcb);
                        return 1;
                } else {
+                        if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
+                        /* The breakpoint instruction was removed by
+                         * another cpu right after we hit, no further
+                         * handling of this interrupt is appropriate
+                         */
+                                ret = 1;
+                                goto no_kprobe;
+                        }
                        p = __get_cpu_var(current_kprobe);
                        if (p->break_handler && p->break_handler(p, regs))
                                goto ss_probe;
diff --git a/arch/x86_64/kernel/kprobes.c b/arch/x86_64/kernel/kprobes.c
index b7dc1f816d13..8b866a8572cf 100644
--- a/arch/x86_64/kernel/kprobes.c
+++ b/arch/x86_64/kernel/kprobes.c
@@ -334,6 +334,15 @@ int __kprobes kprobe_handler(struct pt_regs *regs)
                                return 1;
                        }
                } else {
+                        if (*addr != BREAKPOINT_INSTRUCTION) {
+                        /* The breakpoint instruction was removed by
+                         * another cpu right after we hit, no further
+                         * handling of this interrupt is appropriate
+                         */
+                                regs->rip = (unsigned long)addr;
+                                ret = 1;
+                                goto no_kprobe;
+                        }
                        p = __get_cpu_var(current_kprobe);
                        if (p->break_handler && p->break_handler(p, regs)) {
                                goto ss_probe;
author	Keshavamurthy Anil S <anil.s.keshavamurthy@intel.com>	2006-01-11 15:17:42 -0500
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-01-11 21:42:12 -0500
commit	eb3a72921c8276bf2cd028a458bb83435f16c91c (patch)
tree	634eff43e1926bdb400d038eb08115193b6a7506
parent	df019b1d8b893d0f0ee5a9b0f71486f0892561ae (diff)

diff --git a/arch/i386/kernel/kprobes.c b/arch/i386/kernel/kprobes.c index 2f372dbd34fd..6483eeb1a4e8 100644 --- a/arch/i386/kernel/kprobes.c +++ b/arch/i386/kernel/kprobes.c
@@ -188,6 +188,19 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
188	kcb->kprobe_status = KPROBE_REENTER;	188	kcb->kprobe_status = KPROBE_REENTER;
189	return 1;	189	return 1;
190	} else {	190	} else {
		191	if (regs->eflags & VM_MASK) {
		192	/* We are in virtual-8086 mode. Return 0 */
		193	goto no_kprobe;
		194	}
		195	if (*addr != BREAKPOINT_INSTRUCTION) {
		196	/* The breakpoint instruction was removed by
		197	* another cpu right after we hit, no further
		198	* handling of this interrupt is appropriate
		199	*/
		200	regs->eip -= sizeof(kprobe_opcode_t);
		201	ret = 1;
		202	goto no_kprobe;
		203	}
191	p = __get_cpu_var(current_kprobe);	204	p = __get_cpu_var(current_kprobe);
192	if (p->break_handler && p->break_handler(p, regs)) {	205	if (p->break_handler && p->break_handler(p, regs)) {
193	goto ss_probe;	206	goto ss_probe;


diff --git a/arch/ia64/kernel/kprobes.c b/arch/ia64/kernel/kprobes.c index 4de7f6759093..346fedf9ea47 100644 --- a/arch/ia64/kernel/kprobes.c +++ b/arch/ia64/kernel/kprobes.c
@@ -638,6 +638,13 @@ static int __kprobes pre_kprobes_handler(struct die_args *args)
638	if (p->break_handler && p->break_handler(p, regs)) {	638	if (p->break_handler && p->break_handler(p, regs)) {
639	goto ss_probe;	639	goto ss_probe;
640	}	640	}
		641	} else if (!is_ia64_break_inst(regs)) {
		642	/* The breakpoint instruction was removed by
		643	* another cpu right after we hit, no further
		644	* handling of this interrupt is appropriate
		645	*/
		646	ret = 1;
		647	goto no_kprobe;
641	} else {	648	} else {
642	/* Not our break */	649	/* Not our break */
643	goto no_kprobe;	650	goto no_kprobe;


diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c index 27b0c40601fb..cfab48566db1 100644 --- a/arch/powerpc/kernel/kprobes.c +++ b/arch/powerpc/kernel/kprobes.c
@@ -179,6 +179,18 @@ static inline int kprobe_handler(struct pt_regs *regs)
179	kcb->kprobe_status = KPROBE_REENTER;	179	kcb->kprobe_status = KPROBE_REENTER;
180	return 1;	180	return 1;
181	} else {	181	} else {
		182	if (*addr != BREAKPOINT_INSTRUCTION) {
		183	/* If trap variant, then it belongs not to us */
		184	kprobe_opcode_t cur_insn = *addr;
		185	if (is_trap(cur_insn))
		186	goto no_kprobe;
		187	/* The breakpoint instruction was removed by
		188	* another cpu right after we hit, no further
		189	* handling of this interrupt is appropriate
		190	*/
		191	ret = 1;
		192	goto no_kprobe;
		193	}
182	p = __get_cpu_var(current_kprobe);	194	p = __get_cpu_var(current_kprobe);
183	if (p->break_handler && p->break_handler(p, regs)) {	195	if (p->break_handler && p->break_handler(p, regs)) {
184	goto ss_probe;	196	goto ss_probe;


diff --git a/arch/sparc64/kernel/kprobes.c b/arch/sparc64/kernel/kprobes.c index ff5e9d5cad50..b9a9ce70e55c 100644 --- a/arch/sparc64/kernel/kprobes.c +++ b/arch/sparc64/kernel/kprobes.c
@@ -135,6 +135,14 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
135	prepare_singlestep(p, regs, kcb);	135	prepare_singlestep(p, regs, kcb);
136	return 1;	136	return 1;
137	} else {	137	} else {
		138	if ((u32 )addr != BREAKPOINT_INSTRUCTION) {
		139	/* The breakpoint instruction was removed by
		140	* another cpu right after we hit, no further
		141	* handling of this interrupt is appropriate
		142	*/
		143	ret = 1;
		144	goto no_kprobe;
		145	}
138	p = __get_cpu_var(current_kprobe);	146	p = __get_cpu_var(current_kprobe);
139	if (p->break_handler && p->break_handler(p, regs))	147	if (p->break_handler && p->break_handler(p, regs))
140	goto ss_probe;	148	goto ss_probe;


diff --git a/arch/x86_64/kernel/kprobes.c b/arch/x86_64/kernel/kprobes.c index b7dc1f816d13..8b866a8572cf 100644 --- a/arch/x86_64/kernel/kprobes.c +++ b/arch/x86_64/kernel/kprobes.c
@@ -334,6 +334,15 @@ int __kprobes kprobe_handler(struct pt_regs *regs)
334	return 1;	334	return 1;
335	}	335	}
336	} else {	336	} else {
		337	if (*addr != BREAKPOINT_INSTRUCTION) {
		338	/* The breakpoint instruction was removed by
		339	* another cpu right after we hit, no further
		340	* handling of this interrupt is appropriate
		341	*/
		342	regs->rip = (unsigned long)addr;
		343	ret = 1;
		344	goto no_kprobe;
		345	}
337	p = __get_cpu_var(current_kprobe);	346	p = __get_cpu_var(current_kprobe);
338	if (p->break_handler && p->break_handler(p, regs)) {	347	if (p->break_handler && p->break_handler(p, regs)) {
339	goto ss_probe;	348	goto ss_probe;