patches/kernel/0047-kprobes-x86-Set-up-frame-pointer-in-kprobe-trampolin.patch

   1 From f2c1440e8f0b728d48ee8ce295f4dfe495949e1f Mon Sep 17 00:00:00 2001
   2 From: Josh Poimboeuf <jpoimboe@redhat.com>
   3 Date: Tue, 3 Oct 2017 08:51:43 -0500
   4 Subject: [PATCH 047/241] kprobes/x86: Set up frame pointer in kprobe
   5  trampoline
   6 MIME-Version: 1.0
   7 Content-Type: text/plain; charset=UTF-8
   8 Content-Transfer-Encoding: 8bit
   9
  10 CVE-2017-5754
  11
  12 Richard Weinberger saw an unwinder warning when running bcc's opensnoop:
  13
  14   WARNING: kernel stack frame pointer at ffff99ef4076bea0 in opensnoop:2008 has bad value 0000000000000008
  15   unwind stack type:0 next_sp:          (null) mask:0x2 graph_idx:0
  16   ...
  17   ffff99ef4076be88: ffff99ef4076bea0 (0xffff99ef4076bea0)
  18   ffff99ef4076be90: ffffffffac442721 (optimized_callback +0x81/0x90)
  19   ...
  20
  21 A lockdep stack trace was initiated from inside a kprobe handler, when
  22 the unwinder noticed a bad frame pointer on the stack.  The bad frame
  23 pointer is related to the fact that the kprobe optprobe trampoline
  24 doesn't save the frame pointer before calling into optimized_callback().
  25
  26 Reported-and-tested-by: Richard Weinberger <richard@sigma-star.at>
  27 Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
  28 Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
  29 Cc: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
  30 Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
  31 Cc: David S . Miller <davem@davemloft.net>
  32 Cc: Linus Torvalds <torvalds@linux-foundation.org>
  33 Cc: Peter Zijlstra <peterz@infradead.org>
  34 Cc: Thomas Gleixner <tglx@linutronix.de>
  35 Link: http://lkml.kernel.org/r/7aef2f8ecd75c2f505ef9b80490412262cf4a44c.1507038547.git.jpoimboe@redhat.com
  36 Signed-off-by: Ingo Molnar <mingo@kernel.org>
  37 (cherry picked from commit ee213fc72fd67d0988525af501534f4cb924d1e9)
  38 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  39 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  40 (cherry picked from commit 0f7d5518c91335584b16c7bed1c54c10b78ea76a)
  41 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  42 ---
  43  arch/x86/kernel/kprobes/common.h | 13 +++++++++++--
  44  1 file changed, 11 insertions(+), 2 deletions(-)
  45
  46 diff --git a/arch/x86/kernel/kprobes/common.h b/arch/x86/kernel/kprobes/common.h
  47 index db2182d63ed0..3fc0f9a794cb 100644
  48 --- a/arch/x86/kernel/kprobes/common.h
  49 +++ b/arch/x86/kernel/kprobes/common.h
  50 @@ -3,6 +3,15 @@
  51
  52  /* Kprobes and Optprobes common header */
  53
  54 +#include <asm/asm.h>
  55 +
  56 +#ifdef CONFIG_FRAME_POINTER
  57 +# define SAVE_RBP_STRING "     push %" _ASM_BP "\n" \
  58 +                        "      mov  %" _ASM_SP ", %" _ASM_BP "\n"
  59 +#else
  60 +# define SAVE_RBP_STRING "     push %" _ASM_BP "\n"
  61 +#endif
  62 +
  63  #ifdef CONFIG_X86_64
  64  #define SAVE_REGS_STRING                       \
  65         /* Skip cs, ip, orig_ax. */             \
  66 @@ -17,7 +26,7 @@
  67         "       pushq %r10\n"                   \
  68         "       pushq %r11\n"                   \
  69         "       pushq %rbx\n"                   \
  70 -       "       pushq %rbp\n"                   \
  71 +       SAVE_RBP_STRING                         \
  72         "       pushq %r12\n"                   \
  73         "       pushq %r13\n"                   \
  74         "       pushq %r14\n"                   \
  75 @@ -48,7 +57,7 @@
  76         "       pushl %es\n"                    \
  77         "       pushl %ds\n"                    \
  78         "       pushl %eax\n"                   \
  79 -       "       pushl %ebp\n"                   \
  80 +       SAVE_RBP_STRING                         \
  81         "       pushl %edi\n"                   \
  82         "       pushl %esi\n"                   \
  83         "       pushl %edx\n"                   \
  84 --
  85 2.14.2
  86