782a0fd167
Current implementation of jprobes allocates empty pt_regs from the stack which is then passed to kprobe_handler() and eventually to singlestep(). Now when instruction being simulated is STMFD (like in normal function prologues without CONFIG_FRAME_POINTER), stores using SP actually write over top of the fabricated pt_regs structure. This can be reproduced for example by using LKDTM module: # modprobe lkdtm # mount -t debugfs none /sys/kernel/debug # echo PANIC > /sys/kernel/debug/provoke-crash/INT_HW_IRQ_EN after this, it fails with corrupted registers (before the requested crash would occur): lkdtm: Crash point INT_HW_IRQ_EN of type PANIC hit, trigger in 9 rounds lkdtm: Crash point INT_HW_IRQ_EN of type PANIC hit, trigger in 8 rounds Internal error: Oops - undefined instruction: 0 [#1] last sysfs file: /sys/devices/platform/serial8250.0/sleep_timeout Modules linked in: lkdtm CPU: 0 Not tainted (2.6.34-rc2 #69) PC is at irq_desc+0x1638/0xeeb0 LR is at 0x25 pc : [<c050b428>] lr : [<00000025>] psr: c80a0013 sp : ce94bd60 ip : c050b3e8 fp : a0000013 r10: c0aa453c r9 : cf5d4000 r8 : ce9a1822 r7 : c050b424 r6 : 00000025 r5 : c039d8f8 r4 : c050b3e8 r3 : 00000001 r2 : cf4d0440 r1 : c039d8f8 r0 : 00000020 Flags: NZcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5387d Table: 8e804019 DAC: 00000015 Process sh (pid: 496, stack limit = 0xce94a2e8) Stack: (0xce94bd60 to 0xce94c000) [...] Code: 000002cd 00000000 00000000 00000001 (dead4ead) ---[ end trace 2b46d5f2b682f370 ]--- Kernel panic - not syncing: Fatal exception in interrupt This patch allocates enough space (2 * sizeof(struct pt_regs)) from the stack to prevent such corruption. Signed-off-by: Mika Westerberg <ext-mika.1.westerberg@nokia.com> Acked-by: Nicolas Pitre <nico@marvell.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> |
||
---|---|---|
.. | ||
.gitignore | ||
armksyms.c | ||
arthur.c | ||
asm-offsets.c | ||
atags.c | ||
atags.h | ||
bios32.c | ||
calls.S | ||
compat.c | ||
compat.h | ||
crunch-bits.S | ||
crunch.c | ||
debug.S | ||
dma-isa.c | ||
dma.c | ||
early_printk.c | ||
ecard.c | ||
ecard.h | ||
elf.c | ||
entry-armv.S | ||
entry-common.S | ||
entry-header.S | ||
etm.c | ||
fiq.c | ||
ftrace.c | ||
head-common.S | ||
head-nommu.S | ||
head.S | ||
init_task.c | ||
io.c | ||
irq.c | ||
isa.c | ||
iwmmxt.S | ||
kgdb.c | ||
kprobes-decode.c | ||
kprobes.c | ||
leds.c | ||
machine_kexec.c | ||
Makefile | ||
module.c | ||
perf_event.c | ||
pmu.c | ||
process.c | ||
ptrace.c | ||
ptrace.h | ||
relocate_kernel.S | ||
return_address.c | ||
setup.c | ||
signal.c | ||
signal.h | ||
smp_scu.c | ||
smp_twd.c | ||
smp.c | ||
stacktrace.c | ||
sys_arm.c | ||
sys_oabi-compat.c | ||
tcm.c | ||
tcm.h | ||
thumbee.c | ||
time.c | ||
traps.c | ||
unwind.c | ||
vmlinux.lds.S | ||
xscale-cp0.c |