diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-01-05 20:07:59 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-01-05 20:07:59 +0300 |
| commit | 7131c2e9bba7aef8669fc8b21a52de5cf134b010 (patch) | |
| tree | b142e7cd4a84b3ba2fa3103551164d87fa46fd06 | |
| parent | 3eca89454aec4278c0debc918b4978a3f4a0581e (diff) | |
| parent | f5d03da48d062966c94f0199d20be0b3a37a7982 (diff) | |
| download | linux-7131c2e9bba7aef8669fc8b21a52de5cf134b010.tar.xz | |
Merge tag 'probes-fixes-v6.7-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull kprobes/x86 fix from Masami Hiramatsu:
- Fix to emulate indirect call which size is not 5 byte.
Current code expects the indirect call instructions are 5 bytes, but
that is incorrect. Usually indirect call based on register is shorter
than that, thus the emulation causes a kernel crash by accessing
wrong instruction boundary. This uses the instruction size to
calculate the return address correctly.
* tag 'probes-fixes-v6.7-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect
| -rw-r--r-- | arch/x86/kernel/kprobes/core.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c index e8babebad7b8..a0ce46c0a2d8 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -576,7 +576,8 @@ static void kprobe_emulate_call_indirect(struct kprobe *p, struct pt_regs *regs) { unsigned long offs = addrmode_regoffs[p->ainsn.indirect.reg]; - int3_emulate_call(regs, regs_get_register(regs, offs)); + int3_emulate_push(regs, regs->ip - INT3_INSN_SIZE + p->ainsn.size); + int3_emulate_jmp(regs, regs_get_register(regs, offs)); } NOKPROBE_SYMBOL(kprobe_emulate_call_indirect); |