1 files changed, 10 insertions, 1 deletions

diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c
index 60c62c377fa9..2ba7deb3072e 100644
--- a/arch/arm/kernel/kprobes.c
+++ b/arch/arm/kernel/kprobes.c
@@ -22,6 +22,7 @@
 #include <linux/kernel.h>
 #include <linux/kprobes.h>
 #include <linux/module.h>
+#include <linux/slab.h>
 #include <linux/stop_machine.h>
 #include <linux/stringify.h>
 #include <asm/traps.h>
@@ -393,6 +394,14 @@ void __kprobes jprobe_return(void)
                 /*
                  * Setup an empty pt_regs. Fill SP and PC fields as
                  * they're needed by longjmp_break_handler.
+                 *
+                 * We allocate some slack between the original SP and start of
+                 * our fabricated regs. To be precise we want to have worst case
+                 * covered which is STMFD with all 16 regs so we allocate 2 *
+                 * sizeof(struct_pt_regs)).
+                 *
+                 * This is to prevent any simulated instruction from writing
+                 * over the regs when they are accessing the stack.
                  */
                 "sub    sp, %0, %1              \n\t"
                 "ldr    r0, ="__stringify(JPROBE_MAGIC_ADDR)"\n\t"
@@ -410,7 +419,7 @@ void __kprobes jprobe_return(void)
                 "ldmia  sp, {r0 - pc}           \n\t"
                 :
                 : "r" (kcb->jprobe_saved_regs.ARM_sp),
-                  "I" (sizeof(struct pt_regs)),
+                  "I" (sizeof(struct pt_regs) * 2),
                   "J" (offsetof(struct pt_regs, ARM_sp)),
                   "J" (offsetof(struct pt_regs, ARM_pc)),
                   "J" (offsetof(struct pt_regs, ARM_cpsr))