diff options
| author | Yonghong Song <yonghong.song@linux.dev> | 2026-05-17 18:07:02 +0300 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2026-05-17 23:53:24 +0300 |
| commit | 18a37465b0ab5237a1d0ebf93a2a3b6a2da540b3 (patch) | |
| tree | 968f9ecc2cb4db4427ef463b6718aaf5792c1550 /lib/debugobjects.c | |
| parent | 50d00ea66086a90cbd18c1d06959f489d87b47e3 (diff) | |
| download | linux-18a37465b0ab5237a1d0ebf93a2a3b6a2da540b3.tar.xz | |
bpf,x86: Fix exception unwinding with outgoing stack arguments
When a main program with exception_boundary has outgoing stack
arguments (e.g. from calling subprogs with >5 args), bpf_throw() fails
to correctly restore callee-saved registers, causing a kernel crash.
The x86 JIT allocates the outgoing stack arg area below the
callee-saved registers via 'sub rsp, outgoing_rsp' in the prologue.
When bpf_throw() unwinds, it captures the main program's sp (which
includes this outgoing area) and passes it to the exception callback.
The callback gets rsp and rbp, followed by pop_callee_regs, but rsp
points into the outgoing arg area rather than the callee-saved
registers, so the pops restore garbage values. Returning to the
kernel with corrupted callee-saved registers causes a crash.
Fix this by adjusting the sp (adding stack_arg_sp_adjust) passed to
the exception callback, so it points to the bottom of the callee-saved
registers instead of the outgoing arg area. When stack_arg_sp_adjust
is 0 (the common case), this is a no-op.
Fixes: 324c3ca6eed6 ("bpf,x86: Implement JIT support for stack arguments")
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20260517150702.288031-1-yonghong.song@linux.dev
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'lib/debugobjects.c')
0 files changed, 0 insertions, 0 deletions
