On Wed, Feb 24, 2021, Nadav Amit wrote:
> From: Nadav Amit <namit@xxxxxxxxxx>
>
> Apparently, the assembly considers __ex_table as the location when the
> pushsection directive was issued. Therefore when there is more than a
> single entry in the vDSO exception table, the calculations of the base
> and fixup are wrong.
>
> Fix the calculations of the expected fault IP and new IP by adjusting
> the base after each entry.
>
> Cc: Andy Lutomirski <luto@xxxxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Sean Christopherson <seanjc@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: x86@xxxxxxxxxx
> Signed-off-by: Nadav Amit <namit@xxxxxxxxxx>
> ---
> arch/x86/entry/vdso/extable.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/entry/vdso/extable.c b/arch/x86/entry/vdso/extable.c
> index afcf5b65beef..c81e78636220 100644
> --- a/arch/x86/entry/vdso/extable.c
> +++ b/arch/x86/entry/vdso/extable.c
> @@ -32,7 +32,7 @@ bool fixup_vdso_exception(struct pt_regs *regs, int trapnr,
> nr_entries = image->extable_len / (sizeof(*extable));
> extable = image->extable;
>
> - for (i = 0; i < nr_entries; i++) {
> + for (i = 0; i < nr_entries; i++, base += sizeof(*extable)) {
It's been literally years since I wrote this code, but I distinctly remember the
addresses being relative to the base. I also remember testing multiple entries,
but again, that was a long time ago.
Assuming things have changed, or I was flat out wrong, the comment above the
macro magic should also be updated.
/*
* Inject exception fixup for vDSO code. Unlike normal exception fixup,
* vDSO uses a dedicated handler the addresses are relative to the overall
* exception table, not each individual entry.
*/
> if (regs->ip == base + extable[i].insn) {
> regs->ip = base + extable[i].fixup;
> regs->di = trapnr;
> --
> 2.25.1
>
