diff options
| author | Oleg Nesterov <oleg@redhat.com> | 2012-09-03 09:24:17 -0400 |
|---|---|---|
| committer | Oleg Nesterov <oleg@redhat.com> | 2012-09-15 11:37:30 -0400 |
| commit | 9bd1190a11c9d2c59d35cb999b8d170ad52aab5f (patch) | |
| tree | 2a7999451f98ca752d1ea2ddd49ef4c349e18e40 | |
| parent | 95cf00fa5d5e2a200a2c044c84bde8389a237e02 (diff) | |
uprobes/x86: Do not (ab)use TIF_SINGLESTEP/user_*_single_step() for single-stepping
user_enable/disable_single_step() was designed for ptrace, it assumes
a single user and does unnecessary and wrong things for uprobes. For
example:
- arch_uprobe_enable_step() can't trust TIF_SINGLESTEP, an
application itself can set X86_EFLAGS_TF which must be
preserved after arch_uprobe_disable_step().
- we do not want to set TIF_SINGLESTEP/TIF_FORCED_TF in
arch_uprobe_enable_step(), this only makes sense for ptrace.
- otoh we leak TIF_SINGLESTEP if arch_uprobe_disable_step()
doesn't do user_disable_single_step(), the application will
be killed after the next syscall.
- arch_uprobe_enable_step() does access_process_vm() we do
not need/want.
Change arch_uprobe_enable/disable_step() to set/clear X86_EFLAGS_TF
directly, this is much simpler and more correct. However, we need to
clear TIF_BLOCKSTEP/DEBUGCTLMSR_BTF before executing the probed insn,
add set_task_blockstep(false).
Note: with or without this patch, there is another (hopefully minor)
problem. A probed "pushf" insn can see the wrong X86_EFLAGS_TF set by
uprobes. Perhaps we should change _disable to update the stack, or
teach arch_uprobe_skip_sstep() to emulate this insn.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
| -rw-r--r-- | arch/x86/include/asm/processor.h | 2 | ||||
| -rw-r--r-- | arch/x86/kernel/step.c | 2 | ||||
| -rw-r--r-- | arch/x86/kernel/uprobes.c | 32 |
3 files changed, 21 insertions, 15 deletions
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index d048cad9bcad..433d2e5c98a7 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h | |||
| @@ -759,6 +759,8 @@ static inline void update_debugctlmsr(unsigned long debugctlmsr) | |||
| 759 | wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctlmsr); | 759 | wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctlmsr); |
| 760 | } | 760 | } |
| 761 | 761 | ||
| 762 | extern void set_task_blockstep(struct task_struct *task, bool on); | ||
| 763 | |||
| 762 | /* | 764 | /* |
| 763 | * from system description table in BIOS. Mostly for MCA use, but | 765 | * from system description table in BIOS. Mostly for MCA use, but |
| 764 | * others may find it useful: | 766 | * others may find it useful: |
diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c index f89cdc6ccd5b..cd3b2438a980 100644 --- a/arch/x86/kernel/step.c +++ b/arch/x86/kernel/step.c | |||
| @@ -157,7 +157,7 @@ static int enable_single_step(struct task_struct *child) | |||
| 157 | return 1; | 157 | return 1; |
| 158 | } | 158 | } |
| 159 | 159 | ||
| 160 | static void set_task_blockstep(struct task_struct *task, bool on) | 160 | void set_task_blockstep(struct task_struct *task, bool on) |
| 161 | { | 161 | { |
| 162 | unsigned long debugctl; | 162 | unsigned long debugctl; |
| 163 | 163 | ||
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c index 309a0e02b124..3b4aae68efe0 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c | |||
| @@ -683,26 +683,30 @@ bool arch_uprobe_skip_sstep(struct arch_uprobe *auprobe, struct pt_regs *regs) | |||
| 683 | 683 | ||
| 684 | void arch_uprobe_enable_step(struct arch_uprobe *auprobe) | 684 | void arch_uprobe_enable_step(struct arch_uprobe *auprobe) |
| 685 | { | 685 | { |
| 686 | struct uprobe_task *utask = current->utask; | 686 | struct task_struct *task = current; |
| 687 | struct arch_uprobe_task *autask = &utask->autask; | 687 | struct arch_uprobe_task *autask = &task->utask->autask; |
| 688 | struct pt_regs *regs = task_pt_regs(task); | ||
| 688 | 689 | ||
| 689 | autask->restore_flags = 0; | 690 | autask->restore_flags = 0; |
| 690 | if (!test_tsk_thread_flag(current, TIF_SINGLESTEP) && | 691 | if (!(regs->flags & X86_EFLAGS_TF) && |
| 691 | !(auprobe->fixups & UPROBE_FIX_SETF)) | 692 | !(auprobe->fixups & UPROBE_FIX_SETF)) |
| 692 | autask->restore_flags |= UPROBE_CLEAR_TF; | 693 | autask->restore_flags |= UPROBE_CLEAR_TF; |
| 693 | /* | 694 | |
| 694 | * The state of TIF_BLOCKSTEP is not saved. With the TF flag set we | 695 | regs->flags |= X86_EFLAGS_TF; |
| 695 | * would to examine the opcode and the flags to make it right. Without | 696 | if (test_tsk_thread_flag(task, TIF_BLOCKSTEP)) |
| 696 | * TF block stepping makes no sense. | 697 | set_task_blockstep(task, false); |
| 697 | */ | ||
| 698 | user_enable_single_step(current); | ||
| 699 | } | 698 | } |
| 700 | 699 | ||
| 701 | void arch_uprobe_disable_step(struct arch_uprobe *auprobe) | 700 | void arch_uprobe_disable_step(struct arch_uprobe *auprobe) |
| 702 | { | 701 | { |
| 703 | struct uprobe_task *utask = current->utask; | 702 | struct task_struct *task = current; |
| 704 | struct arch_uprobe_task *autask = &utask->autask; | 703 | struct arch_uprobe_task *autask = &task->utask->autask; |
| 705 | 704 | struct pt_regs *regs = task_pt_regs(task); | |
| 705 | /* | ||
| 706 | * The state of TIF_BLOCKSTEP was not saved so we can get an extra | ||
| 707 | * SIGTRAP if we do not clear TF. We need to examine the opcode to | ||
| 708 | * make it right. | ||
| 709 | */ | ||
| 706 | if (autask->restore_flags & UPROBE_CLEAR_TF) | 710 | if (autask->restore_flags & UPROBE_CLEAR_TF) |
| 707 | user_disable_single_step(current); | 711 | regs->flags &= ~X86_EFLAGS_TF; |
| 708 | } | 712 | } |