summaryrefslogtreecommitdiff
path: root/lib/debugobjects.c
diff options
context:
space:
mode:
authorYonghong Song <yonghong.song@linux.dev>2026-05-17 18:07:02 +0300
committerAlexei Starovoitov <ast@kernel.org>2026-05-17 23:53:24 +0300
commit18a37465b0ab5237a1d0ebf93a2a3b6a2da540b3 (patch)
tree968f9ecc2cb4db4427ef463b6718aaf5792c1550 /lib/debugobjects.c
parent50d00ea66086a90cbd18c1d06959f489d87b47e3 (diff)
downloadlinux-18a37465b0ab5237a1d0ebf93a2a3b6a2da540b3.tar.xz
bpf,x86: Fix exception unwinding with outgoing stack arguments
When a main program with exception_boundary has outgoing stack arguments (e.g. from calling subprogs with >5 args), bpf_throw() fails to correctly restore callee-saved registers, causing a kernel crash. The x86 JIT allocates the outgoing stack arg area below the callee-saved registers via 'sub rsp, outgoing_rsp' in the prologue. When bpf_throw() unwinds, it captures the main program's sp (which includes this outgoing area) and passes it to the exception callback. The callback gets rsp and rbp, followed by pop_callee_regs, but rsp points into the outgoing arg area rather than the callee-saved registers, so the pops restore garbage values. Returning to the kernel with corrupted callee-saved registers causes a crash. Fix this by adjusting the sp (adding stack_arg_sp_adjust) passed to the exception callback, so it points to the bottom of the callee-saved registers instead of the outgoing arg area. When stack_arg_sp_adjust is 0 (the common case), this is a no-op. Fixes: 324c3ca6eed6 ("bpf,x86: Implement JIT support for stack arguments") Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Signed-off-by: Yonghong Song <yonghong.song@linux.dev> Link: https://lore.kernel.org/r/20260517150702.288031-1-yonghong.song@linux.dev Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'lib/debugobjects.c')
0 files changed, 0 insertions, 0 deletions