The patch titled
kprobes: bad manipulation of 2 byte opcode on x86_64
has been removed from the -mm tree. Its filename is
kprobes-bad-manupilation-of-2-byte-opcode-on-x86_64.patch
This patch was probably dropped from -mm because
it has now been merged into a subsystem tree or
into Linus's tree, or because it was folded into
its parent patch in the -mm tree.
------------------------------------------------------
Subject: kprobes: bad manipulation of 2 byte opcode on x86_64
From: Satoshi Oshima <soshima@xxxxxxxxxx>
Problem:
If we put a probe onto a callq instruction and the probe is executed,
kernel panic of Bad RIP value occurs.
Root cause:
If resume_execution() found 0xff at first byte of p->ainsn.insn, it must
check the _second_ byte. But current resume_execution check _first_ byte
again.
I changed it checks second byte of p->ainsn.insn.
Kprobes on i386 don't have this problem, because the implementation is a
little bit different from x86_64.
Cc: Andi Kleen <ak@xxxxxx>
Signed-off-by: Satoshi Oshima <soshima@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
arch/x86_64/kernel/kprobes.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff -puN arch/x86_64/kernel/kprobes.c~kprobes-bad-manupilation-of-2-byte-opcode-on-x86_64 arch/x86_64/kernel/kprobes.c
--- devel/arch/x86_64/kernel/kprobes.c~kprobes-bad-manupilation-of-2-byte-opcode-on-x86_64 2006-05-20 14:59:38.000000000 -0700
+++ devel-akpm/arch/x86_64/kernel/kprobes.c 2006-05-20 14:59:38.000000000 -0700
@@ -514,13 +514,13 @@ static void __kprobes resume_execution(s
*tos = orig_rip + (*tos - copy_rip);
break;
case 0xff:
- if ((*insn & 0x30) == 0x10) {
+ if ((insn[1] & 0x30) == 0x10) {
/* call absolute, indirect */
/* Fix return addr; rip is correct. */
next_rip = regs->rip;
*tos = orig_rip + (*tos - copy_rip);
- } else if (((*insn & 0x31) == 0x20) || /* jmp near, absolute indirect */
- ((*insn & 0x31) == 0x21)) { /* jmp far, absolute indirect */
+ } else if (((insn[1] & 0x31) == 0x20) || /* jmp near, absolute indirect */
+ ((insn[1] & 0x31) == 0x21)) { /* jmp far, absolute indirect */
/* rip is correct. */
next_rip = regs->rip;
}
_
Patches currently in -mm which might be from soshima@xxxxxxxxxx are
origin.patch
kprobe-boost-2byte-opcodes-on-i386.patch
kprobemulti-kprobe-posthandler-for-booster.patch
kprobemulti-kprobe-posthandler-for-booster-kprobes-bugfix-of-kprobe-booster-reenable-kprobe-booster.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
