hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

x86/kprobes: Push a fake return address at kretprobe_trampoline

Browse Source 
Change __kretprobe_trampoline() to push the address of the
__kretprobe_trampoline() as a fake return address at the bottom
of the stack frame. This fake return address will be replaced
with the correct return address in the trampoline_handler().

With this change, the ORC unwinder can check whether the return
address is modified by kretprobes or not.

Link: https://lkml.kernel.org/r/163163054185.489837.14338744048957727386.stgit@devnote2

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
This commit is contained in:
Masami Hiramatsu 2021-09-14 23:42:22 +09:00 committed by Steven Rostedt (VMware)
parent df91c5bccb
commit 1f36839308
1 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
arch/x86/kernel/kprobes/core.c
View File

@ -1022,28 +1022,33 @@ asm(
".global __kretprobe_trampoline\n" ".global __kretprobe_trampoline\n"
".type __kretprobe_trampoline, @function\n" ".type __kretprobe_trampoline, @function\n"
"__kretprobe_trampoline:\n" "__kretprobe_trampoline:\n"
/* We don't bother saving the ss register */
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
" pushq %rsp\n" /* Push a fake return address to tell the unwinder it's a kretprobe. */
" pushq $__kretprobe_trampoline\n"
UNWIND_HINT_FUNC UNWIND_HINT_FUNC
/* Save the 'sp - 8', this will be fixed later. */
" pushq %rsp\n"
" pushfq\n" " pushfq\n"
SAVE_REGS_STRING SAVE_REGS_STRING
" movq %rsp, %rdi\n" " movq %rsp, %rdi\n"
" call trampoline_handler\n" " call trampoline_handler\n"
/* Replace saved sp with true return address. */
" movq %rax, 19*8(%rsp)\n"
RESTORE_REGS_STRING RESTORE_REGS_STRING
/* In trampoline_handler(), 'regs->flags' is copied to 'regs->sp'. */
" addq $8, %rsp\n"
" popfq\n" " popfq\n"
#else #else
" pushl %esp\n" /* Push a fake return address to tell the unwinder it's a kretprobe. */
" pushl $__kretprobe_trampoline\n"
UNWIND_HINT_FUNC UNWIND_HINT_FUNC
/* Save the 'sp - 4', this will be fixed later. */
" pushl %esp\n"
" pushfl\n" " pushfl\n"
SAVE_REGS_STRING SAVE_REGS_STRING
" movl %esp, %eax\n" " movl %esp, %eax\n"
" call trampoline_handler\n" " call trampoline_handler\n"
/* Replace saved sp with true return address. */
" movl %eax, 15*4(%esp)\n"
RESTORE_REGS_STRING RESTORE_REGS_STRING
/* In trampoline_handler(), 'regs->flags' is copied to 'regs->sp'. */
" addl $4, %esp\n"
" popfl\n" " popfl\n"
#endif #endif
" ret\n" " ret\n"
@ -1063,8 +1068,10 @@ STACK_FRAME_NON_STANDARD_FP(__kretprobe_trampoline);
/* /*
* Called from __kretprobe_trampoline * Called from __kretprobe_trampoline
*/ */
__used __visible void *trampoline_handler(struct pt_regs *regs) __used __visible void trampoline_handler(struct pt_regs *regs)
{ {
unsigned long *frame_pointer;
/* fixup registers */ /* fixup registers */
regs->cs = __KERNEL_CS; regs->cs = __KERNEL_CS;
#ifdef CONFIG_X86_32 #ifdef CONFIG_X86_32
@ -1072,8 +1079,17 @@ __used __visible void *trampoline_handler(struct pt_regs *regs)
#endif #endif
regs->ip = (unsigned long)&__kretprobe_trampoline; regs->ip = (unsigned long)&__kretprobe_trampoline;
regs->orig_ax = ~0UL; regs->orig_ax = ~0UL;
regs->sp += sizeof(long);
frame_pointer = &regs->sp + 1;
return (void *)kretprobe_trampoline_handler(regs, &regs->sp); /* Replace fake return address with real one. */
*frame_pointer = kretprobe_trampoline_handler(regs, frame_pointer);
/*
* Copy FLAGS to 'pt_regs::sp' so that __kretprobe_trapmoline()
* can do RET right after POPF.
*/
regs->sp = regs->flags;
} }
NOKPROBE_SYMBOL(trampoline_handler); NOKPROBE_SYMBOL(trampoline_handler);