From d05c513069f15be5de766026a4192998688ffff1 Mon Sep 17 00:00:00 2001 From: Marcin Nowakowski Date: Fri, 30 Sep 2016 11:33:46 +0200 Subject: MIPS: tracing: disable uprobe/kprobe on compact branch instructions Current instruction decoder for uprobe/kprobe handler only handles branches with delay slots. For compact branches the behaviour is rather unpredictable - and depending on the encoding of a compact branch instruction may result in one (or more) of: - executing an instruction that follows a branch which wasn't in a delay slot and shouldn't have been executed - incorrectly emulating a branch leading to a jump to a wrong location - unexpected branching out of the single-stepped code and never reaching the breakpoint that should terminate the probe handler Results of these actions are generally unpredictable, but can end up with a probed application or kernel crash, so disable placing probes on compact branches until they are handled properly. Signed-off-by: Marcin Nowakowski Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14336/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/branch.c | 34 ++++++++++++++++++++++++++++++++++ arch/mips/kernel/kprobes.c | 6 ++++++ arch/mips/kernel/probes-common.h | 2 ++ arch/mips/kernel/uprobes.c | 6 ++++++ 4 files changed, 48 insertions(+) (limited to 'arch') diff --git a/arch/mips/kernel/branch.c b/arch/mips/kernel/branch.c index f5c68483c98e..12c718181e5e 100644 --- a/arch/mips/kernel/branch.c +++ b/arch/mips/kernel/branch.c @@ -866,3 +866,37 @@ unaligned: force_sig(SIGBUS, current); return -EFAULT; } + +#if (defined CONFIG_KPROBES) || (defined CONFIG_UPROBES) + +int __insn_is_compact_branch(union mips_instruction insn) +{ + if (!cpu_has_mips_r6) + return 0; + + switch (insn.i_format.opcode) { + case blezl_op: + case bgtzl_op: + case blez_op: + case bgtz_op: + /* + * blez[l] and bgtz[l] opcodes with non-zero rt + * are MIPS R6 compact branches + */ + if (insn.i_format.rt) + return 1; + break; + case bc6_op: + case balc6_op: + case pop10_op: + case pop30_op: + case pop66_op: + case pop76_op: + return 1; + } + + return 0; +} +EXPORT_SYMBOL_GPL(__insn_is_compact_branch); + +#endif /* CONFIG_KPROBES || CONFIG_UPROBES */ diff --git a/arch/mips/kernel/kprobes.c b/arch/mips/kernel/kprobes.c index 747e3bf7bd9f..f5c8bce70db2 100644 --- a/arch/mips/kernel/kprobes.c +++ b/arch/mips/kernel/kprobes.c @@ -106,6 +106,12 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) goto out; } + if (__insn_is_compact_branch(insn)) { + pr_notice("Kprobes for compact branches are not supported\n"); + ret = -EINVAL; + goto out; + } + /* insn: must be on special executable page on mips. */ p->ainsn.insn = get_insn_slot(); if (!p->ainsn.insn) { diff --git a/arch/mips/kernel/probes-common.h b/arch/mips/kernel/probes-common.h index c979c3790e4c..dd08e41134b6 100644 --- a/arch/mips/kernel/probes-common.h +++ b/arch/mips/kernel/probes-common.h @@ -13,6 +13,8 @@ #include +int __insn_is_compact_branch(union mips_instruction insn); + static inline int __insn_has_delay_slot(const union mips_instruction insn) { switch (insn.i_format.opcode) { diff --git a/arch/mips/kernel/uprobes.c b/arch/mips/kernel/uprobes.c index 1161c93a74cb..dbb917403131 100644 --- a/arch/mips/kernel/uprobes.c +++ b/arch/mips/kernel/uprobes.c @@ -36,6 +36,12 @@ int arch_uprobe_analyze_insn(struct arch_uprobe *aup, return -EINVAL; inst.word = aup->insn[0]; + + if (__insn_is_compact_branch(inst)) { + pr_notice("Uprobes for compact branches are not supported\n"); + return -EINVAL; + } + aup->ixol[0] = aup->insn[insn_has_delay_slot(inst)]; aup->ixol[1] = UPROBE_BRK_UPROBE_XOL; /* NOP */ -- cgit v1.2.3