Commit 3d7e3382 authored by Michael Ellerman's avatar Michael Ellerman Committed by Linus Torvalds
Browse files

jprobes: make jprobes a little safer for users 



I realise jprobes are a razor-blades-included type of interface, but that
doesn't mean we can't try and make them safer to use.  This guy I know once
wrote code like this:

struct jprobe jp = { .kp.symbol_name = "foo", .entry = "jprobe_foo" };

And then his kernel exploded. Oops.

This patch adds an arch hook, arch_deref_entry_point() (I don't like it
either) which takes the void * in a struct jprobe, and gives back the text
address that it represents.

We can then use that in register_jprobe() to check that the entry point we're
passed is actually in the kernel text, rather than just some random value.

Signed-off-by: default avatarMichael Ellerman <michael@ellerman.id.au>
Cc: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Acked-by: default avatarAnanth N Mavinakayanahalli <ananth@in.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 9e367d85

arch/ia64/kernel/kprobes.c

+6 −1
Original line number Diff line number Diff line
@@ -936,10 +936,15 @@ static void ia64_get_bsp_cfm(struct unw_frame_info *info, void *arg) 
	return;

}



unsigned long arch_deref_entry_point(void *entry)

{

	return ((struct fnptr *)entry)->ip;

}



int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)

{

	struct jprobe *jp = container_of(p, struct jprobe, kp);

	unsigned long addr = ((struct fnptr *)(jp->entry))->ip;

	unsigned long addr = arch_deref_entry_point(jp->entry);

	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();

	struct param_bsp_cfm pa;

	int bytes;

arch/powerpc/kernel/kprobes.c

+8 −3
Original line number Diff line number Diff line
@@ -492,6 +492,13 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self, 
	return ret;

}



#ifdef CONFIG_PPC64

unsigned long arch_deref_entry_point(void *entry)

{

	return (unsigned long)(((func_descr_t *)entry)->entry);

}

#endif



int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)

{

	struct jprobe *jp = container_of(p, struct jprobe, kp);
@@ -500,11 +507,9 @@ int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs) 
	memcpy(&kcb->jprobe_saved_regs, regs, sizeof(struct pt_regs));



	/* setup return addr to the jprobe handler routine */

	regs->nip = arch_deref_entry_point(jp->entry);

#ifdef CONFIG_PPC64

	regs->nip = (unsigned long)(((func_descr_t *)jp->entry)->entry);

	regs->gpr[2] = (unsigned long)(((func_descr_t *)jp->entry)->toc);

#else

	regs->nip = (unsigned long)jp->entry;

#endif



	return 1;

include/linux/kprobes.h

+1 −0
Original line number Diff line number Diff line
@@ -214,6 +214,7 @@ int longjmp_break_handler(struct kprobe *, struct pt_regs *); 
int register_jprobe(struct jprobe *p);

void unregister_jprobe(struct jprobe *p);

void jprobe_return(void);

unsigned long arch_deref_entry_point(void *);



int register_kretprobe(struct kretprobe *rp);

void unregister_kretprobe(struct kretprobe *rp);

kernel/kprobes.c

+9 −0
Original line number Diff line number Diff line
@@ -675,9 +675,18 @@ static struct notifier_block kprobe_exceptions_nb = { 
	.priority = 0x7fffffff /* we need to be notified first */

};



unsigned long __weak arch_deref_entry_point(void *entry)

{

	return (unsigned long)entry;

}



int __kprobes register_jprobe(struct jprobe *jp)

{

	unsigned long addr = arch_deref_entry_point(jp->entry);



	if (!kernel_text_address(addr))

		return -EINVAL;



	/* Todo: Verify probepoint is a function entry point */

	jp->kp.pre_handler = setjmp_pre_handler;

	jp->kp.break_handler = longjmp_break_handler;

CRA Git | Maintained and supported by SUSTech CRA and CCSE