kprobes/x86: Fix page-fault handling logic

Current kprobes in-kernel page fault handler doesn't expect that its single-stepping can be interrupted by an NMI handler which may cause a page fault(e.g. perf with callback tracing). In that case, the page-fault handled by kprobes and it misunderstands the page-fault has been caused by the single-stepping code and tries to recover IP address to probed address. But the truth is the page-fault has been caused by the NMI handler, and do_page_fault failes to handle real page fault because the IP address is modified and causes Kernel BUGs like below. ---- [ 2264.726905] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 2264.727190] IP: [<ffffffff813c46e0>] copy_user_generic_string+0x0/0x40 To handle this correctly, I fixed the kprobes fault handler to ensure the faulted ip address is its own single-step buffer instead of checking current kprobe state. Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Sandeepa Prabhu <sandeepa.prabhu@linaro.org> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: fche@redhat.com Cc: systemtap@sourceware.org Link: http://lkml.kernel.org/r/20140417081644.26341.52351.stgit@ltc230.yrl.intra.hitachi.co.jp Signed-off-by: Ingo Molnar <mingo@kernel.org>
author: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> 2014-04-17 04:16:44 -0400
committer: Ingo Molnar <mingo@kernel.org> 2014-04-17 04:57:02 -0400
commit: 6381c24cd6d5d6373620426ab0a96c80ed953e20 (patch)
tree: 1ec21edeac1c0d940b35689ae79f45e95c7a4d7f /arch
parent: 6ca2a88ad820af56535ed1e6936e0490cb6ec6dc (diff)
1 files changed, 7 insertions, 9 deletions
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index 79a3f9682871..61b17dc2c277 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -897,9 +897,10 @@ int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
        struct kprobe *cur = kprobe_running();
        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
-        switch (kcb->kprobe_status) {
+        if (unlikely(regs->ip == (unsigned long)cur->ainsn.insn)) {
-        case KPROBE_HIT_SS:
+                /* This must happen on single-stepping */
-        case KPROBE_REENTER:
+                WARN_ON(kcb->kprobe_status != KPROBE_HIT_SS &&
+                        kcb->kprobe_status != KPROBE_REENTER);
                /*
                 * We are here because the instruction being single
                 * stepped caused a page fault. We reset the current
@@ -914,9 +915,8 @@ int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
                else
                        reset_current_kprobe();
                preempt_enable_no_resched();
-                break;
+        } else if (kcb->kprobe_status == KPROBE_HIT_ACTIVE ||
-        case KPROBE_HIT_ACTIVE:
+                   kcb->kprobe_status == KPROBE_HIT_SSDONE) {
-        case KPROBE_HIT_SSDONE:
                /*
                 * We increment the nmissed count for accounting,
                 * we can also use npre/npostfault count for accounting
@@ -945,10 +945,8 @@ int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
                 * fixup routine could not handle it,
                 * Let do_page_fault() fix it.
                 */
-                break;
-        default:
-                break;
        }
        return 0;
 }
author	Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>	2014-04-17 04:16:44 -0400
committer	Ingo Molnar <mingo@kernel.org>	2014-04-17 04:57:02 -0400
commit	6381c24cd6d5d6373620426ab0a96c80ed953e20 (patch)
tree	1ec21edeac1c0d940b35689ae79f45e95c7a4d7f /arch
parent	6ca2a88ad820af56535ed1e6936e0490cb6ec6dc (diff)