x86_64: Add gap to int3 to allow for call emulation

commit 2700fefdb2d9751c416ad56897e27d41e409324a upstream. To allow an int3 handler to emulate a call instruction, it must be able to push a return address onto the stack. Add a gap to the stack to allow the int3 handler to push the return address and change the return from int3 to jump straight to the emulated called function target. Link: http://lkml.kernel.org/r/20181130183917.hxmti5josgq4clti@treble Link: http://lkml.kernel.org/r/20190502162133.GX2623@hirez.programming.kicks-ass.net [ Note, this is needed to allow Live Kernel Patching to not miss calling a patched function when tracing is enabled. -- Steven Rostedt ] Cc: stable@vger.kernel.org Fixes: b700e7f0 ("livepatch: kernel: add support for live patching") Tested-by: N Nicolai Stange <nstange@suse.de> Reviewed-by: N Nicolai Stange <nstange@suse.de> Reviewed-by: N Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: N Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: N Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

x86_64: Add gap to int3 to allow for call emulation
commit 2700fefdb2d9751c416ad56897e27d41e409324a upstream. To allow an int3 handler to emulate a call instruction, it must be able to push a return address onto the stack. Add a gap to the stack to allow the int3 handler to push the return address and change the return from int3 to jump straight to the emulated called function target. Link: http://lkml.kernel.org/r/20181130183917.hxmti5josgq4clti@treble Link: http://lkml.kernel.org/r/20190502162133.GX2623@hirez.programming.kicks-ass.net [ Note, this is needed to allow Live Kernel Patching to not miss calling a patched function when tracing is enabled. -- Steven Rostedt ] Cc: stable@vger.kernel.org Fixes: b700e7f0 ("livepatch: kernel: add support for live patching") Tested-by: N Nicolai Stange <nstange@suse.de> Reviewed-by: N Nicolai Stange <nstange@suse.de> Reviewed-by: N Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: N Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: N Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
01b6fdce · Josh Poimboeuf · Greg Kroah-Hartman · 77ca9144 · 01b6fdce
隐藏空白更改
内联并排

Showing with 16 addition and 2 deletion

arch/x86/entry/entry_64.S arch/x86/entry/entry_64.S +16 -2

未找到文件。
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -905,7 +905,7 @@ apicinterrupt IRQ_WORK_VECTOR			irq_work_interrupt		smp_irq_work_interrupt
 */
 #define CPU_TSS_IST(x) PER_CPU_VAR(cpu_tss_rw) + (TSS_ist + ((x) - 1) * 8)

-.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
+.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1 create_gap=0
 ENTRY(\sym)
 	UNWIND_HINT_IRET_REGS offset=\has_error_code*8

@@ -925,6 +925,20 @@ ENTRY(\sym)
 	jnz	.Lfrom_usermode_switch_stack_\@
 	.endif

+	.if \create_gap == 1
+	/*
+	 * If coming from kernel space, create a 6-word gap to allow the
+	 * int3 handler to emulate a call instruction.
+	 */
+	testb	$3, CS-ORIG_RAX(%rsp)
+	jnz	.Lfrom_usermode_no_gap_\@
+	.rept	6
+	pushq	5*8(%rsp)
+	.endr
+	UNWIND_HINT_IRET_REGS offset=8
+.Lfrom_usermode_no_gap_\@:
+	.endif
+
 	.if \paranoid
 	call	paranoid_entry
 	.else
@@ -1154,7 +1168,7 @@ apicinterrupt3 HYPERV_STIMER0_VECTOR \
 #endif /* CONFIG_HYPERV */

 idtentry debug			do_debug		has_error_code=0	paranoid=1 shift_ist=DEBUG_STACK
-idtentry int3			do_int3			has_error_code=0
+idtentry int3			do_int3			has_error_code=0	create_gap=1
 idtentry stack_segment		do_stack_segment	has_error_code=1

 #ifdef CONFIG_XEN