ARM kprobes: don't let a single-stepped stmdb corrupt the exception stack

Mon, 28 Jan 2008 15:03:08 -0800 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d30a0c8bf99f0e6a7d8c57bd4524039585ffbced
Commit:     d30a0c8bf99f0e6a7d8c57bd4524039585ffbced
Parent:     25ce1dd71b8326f2542cf030f68e0e64c3d94dc1
Author:     Nicolas Pitre <[EMAIL PROTECTED]>
AuthorDate: Fri Dec 14 15:56:01 2007 -0500
Committer:  Russell King <[EMAIL PROTECTED]>
CommitDate: Sat Jan 26 15:25:17 2008 +0000

    ARM kprobes: don't let a single-stepped stmdb corrupt the exception stack
    
    If kprobes installs a breakpoint on a "stmdb sp!, {...}" instruction,
    and then single-step it by simulation from the exception context, it will
    corrupt the saved regs on the stack from the previous context.
    
    To avoid this, let's add an optional parameter to the svc_entry macro
    allowing for a hole to be created on the stack before saving the
    interrupted context, and use it in the undef_svc handler when kprobes
    is enabled.
    
    Signed-off-by: Nicolas Pitre <[EMAIL PROTECTED]>
---
 arch/arm/kernel/entry-armv.S |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
index 29dec08..12ecc81 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -112,8 +112,8 @@ common_invalid:
 #define SPFIX(code...)
 #endif
 
-       .macro  svc_entry
-       sub     sp, sp, #S_FRAME_SIZE
+       .macro  svc_entry, stack_hole=0
+       sub     sp, sp, #(S_FRAME_SIZE + \stack_hole)
  SPFIX(        tst     sp, #4          )
  SPFIX(        bicne   sp, sp, #4      )
        stmib   sp, {r1 - r12}
@@ -121,7 +121,7 @@ common_invalid:
        ldmia   r0, {r1 - r3}
        add     r5, sp, #S_SP           @ here for interlock avoidance
        mov     r4, #-1                 @  ""  ""      ""       ""
-       add     r0, sp, #S_FRAME_SIZE   @  ""  ""      ""       ""
+       add     r0, sp, #(S_FRAME_SIZE + \stack_hole)
  SPFIX(        addne   r0, r0, #4      )
        str     r1, [sp]                @ save the "real" r0 copied
                                        @ from the exception stack
@@ -242,7 +242,14 @@ svc_preempt:
 
        .align  5
 __und_svc:
+#ifdef CONFIG_KPROBES
+       @ If a kprobe is about to simulate a "stmdb sp..." instruction,
+       @ it obviously needs free stack space which then will belong to
+       @ the saved context.
+       svc_entry 64
+#else
        svc_entry
+#endif
 
        @
        @ call emulation code, which returns using r9 if it has emulated
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to