Patch "x86/dumpstack: Fix misleading instruction pointer error message" has been added to the 5.8-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 26 Oct 2020 01:33:24 -0400

This is a note to let you know that I've just added the patch titled

    x86/dumpstack: Fix misleading instruction pointer error message

to the 5.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-dumpstack-fix-misleading-instruction-pointer-err.patch
and it can be found in the queue-5.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 46f6feb45972e862250f0c9dedab2063c305033a
Author: Mark Mossberg <mark.mossberg@xxxxxxxxx>
Date:   Fri Oct 2 04:29:16 2020 +0000

    x86/dumpstack: Fix misleading instruction pointer error message
    
    [ Upstream commit 238c91115cd05c71447ea071624a4c9fe661f970 ]
    
    Printing "Bad RIP value" if copy_code() fails can be misleading for
    userspace pointers, since copy_code() can fail if the instruction
    pointer is valid but the code is paged out. This is because copy_code()
    calls copy_from_user_nmi() for userspace pointers, which disables page
    fault handling.
    
    This is reproducible in OOM situations, where it's plausible that the
    code may be reclaimed in the time between entry into the kernel and when
    this message is printed. This leaves a misleading log in dmesg that
    suggests instruction pointer corruption has occurred, which may alarm
    users.
    
    Change the message to state the error condition more precisely.
    
     [ bp: Massage a bit. ]
    
    Signed-off-by: Mark Mossberg <mark.mossberg@xxxxxxxxx>
    Signed-off-by: Borislav Petkov <bp@xxxxxxx>
    Link: https://lkml.kernel.org/r/20201002042915.403558-1-mark.mossberg@xxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
index 7401cc12c3ccf..42679610c9bea 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -115,7 +115,8 @@ void show_opcodes(struct pt_regs *regs, const char *loglvl)
 	unsigned long prologue = regs->ip - PROLOGUE_SIZE;
 
 	if (copy_code(regs, opcodes, prologue, sizeof(opcodes))) {
-		printk("%sCode: Bad RIP value.\n", loglvl);
+		printk("%sCode: Unable to access opcode bytes at RIP 0x%lx.\n",
+		       loglvl, prologue);
 	} else {
 		printk("%sCode: %" __stringify(PROLOGUE_SIZE) "ph <%02x> %"
 		       __stringify(EPILOGUE_SIZE) "ph\n", loglvl, opcodes,






