From c342a968c4b0111f9f95b076cd9bae543abb2270 Mon Sep 17 00:00:00 2001 From: John Paul Adrian Glaubitz Date: Sat, 22 Jun 2019 23:25:04 +0200 Subject: [PATCH] [sh4]: Check for kprobe trap number before trying to handle a kprobe trap --- debian/changelog | 3 ++ ...efore-trying-to-handle-a-kprobe-trap.patch | 40 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 44 insertions(+) create mode 100644 debian/patches/bugfix/sh/sh-check-for-kprobe-trap-number-before-trying-to-handle-a-kprobe-trap.patch diff --git a/debian/changelog b/debian/changelog index edf06aaea..0dbc16aba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,8 @@ linux (4.19.37-6) UNRELEASED; urgency=medium + [ John Paul Adrian Glaubitz ] + * [sh4]: Check for kprobe trap number before trying to handle a kprobe trap + [ Salvatore Bonaccorso ] * tcp: refine memory limit test in tcp_fragment() (Closes: #930904) diff --git a/debian/patches/bugfix/sh/sh-check-for-kprobe-trap-number-before-trying-to-handle-a-kprobe-trap.patch b/debian/patches/bugfix/sh/sh-check-for-kprobe-trap-number-before-trying-to-handle-a-kprobe-trap.patch new file mode 100644 index 000000000..4814e59cc --- /dev/null +++ b/debian/patches/bugfix/sh/sh-check-for-kprobe-trap-number-before-trying-to-handle-a-kprobe-trap.patch @@ -0,0 +1,40 @@ +From 6d7cc74d8aad33589c6cc6f38e33c4284abc07b8 Mon Sep 17 00:00:00 2001 +From: Michael Karcher +Date: Wed, 12 Jun 2019 15:08:37 +0200 +Subject: [PATCH 1/1] arch/sh: Check for kprobe trap number before trying to + handle a kprobe trap +Origin: https://marc.info/?l=linux-sh&m=156034655921917&w=2 + +The DIE_TRAP notifier chain is run both for kprobe traps and for BUG/WARN +traps. The kprobe code assumes to be only called for +BREAKPOINT_INSTRUCTION, and concludes to have hit a concurrently removed +kprobe if it finds anything else at the faulting locations. This includes +TRAPA_BUG_OPCODE used for BUG and WARN. + +The consequence is that kprobe_handler returns 1. This makes +kprobe_exceptions_notify return NOTIFY_STOP, and prevents handling the BUG +statement. This also prevents moving $pc away from the trap instruction, +so the system locks up in an endless loop + +Signed-off-by: Michael Karcher +--- + arch/sh/kernel/kprobes.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/sh/kernel/kprobes.c b/arch/sh/kernel/kprobes.c +index 1f8c0d30567f..318296f48f1a 100644 +--- a/arch/sh/kernel/kprobes.c ++++ b/arch/sh/kernel/kprobes.c +@@ -485,7 +485,8 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self, + struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); + + addr = (kprobe_opcode_t *) (args->regs->pc); +- if (val == DIE_TRAP) { ++ if (val == DIE_TRAP && ++ args->trapnr == (BREAKPOINT_INSTRUCTION & 0xff)) { + if (!kprobe_running()) { + if (kprobe_handler(args->regs)) { + ret = NOTIFY_STOP; +-- +2.11.0 + diff --git a/debian/patches/series b/debian/patches/series index c2e995b4e..6834501b3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -69,6 +69,7 @@ bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v510-15ikb-t.patch bugfix/x86/platform-x86-ideapad-laptop-add-several-models-to-no.patch bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch +bugfix/sh/sh-check-for-kprobe-trap-number-before-trying-to-handle-a-kprobe-trap.patch bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch