From patchwork Sat Oct 25 06:42:53 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Wang Nan <wangnan0@huawei.com>
X-Patchwork-Id: 39512
Return-Path: <patchwork-forward+bncBD2YXXXCQEBBB3MPVWRAKGQE5M5IX3A@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f199.google.com (mail-wi0-f199.google.com
 [209.85.212.199])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B12D12405F
 for <linaro@patches.linaro.org>; Sat, 25 Oct 2014 06:49:18 +0000 (UTC)
Received: by mail-wi0-f199.google.com with SMTP id r20sf314798wiv.2
 for <linaro@patches.linaro.org>; Fri, 24 Oct 2014 23:49:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:subject:date:message-id
 :in-reply-to:references:mime-version:cc:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :sender:errors-to:x-original-sender
 :x-original-authentication-results:mailing-list:content-type
 :content-transfer-encoding;
 bh=3YWPTM1iVdYJfOzRoYMm4EeLuS+9ylboVj5EX7zMr1U=;
 b=ZtMVdEsRvunYn5ipEQ5aN7BWsLywpBhZ6SAnmAL8xQ4w494XzaIbXzOwuz6Marx/pf
 mRomHzqPhtqN56jwA/gbqb2cvp1QgUH1wohnpSJ9R9Pm1cgmbzXsFzFbxW0pNhE7y90S
 aU757F19MUddwZ/PxHxL6ebew+qRnXPKVKveXm0iR+zAZLryJE1mOvQtWNHhKqH+5KgY
 tHirFbR+aVLDvlNr9i3JbnE/kAyrphjKo5N57gtLWpXWNiCSt4tjubiZ2DqYcNxVfCbS
 3gK/SClik9pvJug6xw+WXdg5gMAgxD6Agj8y+KoumqJcHojNNagUrA4sSWXJyfIr3WAX
 dWXg==
X-Gm-Message-State: ALoCoQm1yP1QIGYeQukBwiZ6EwYVvhx7YLhPO1LL3myA9xqS6qfqsGWPXHWHzgv9bxdzP+WbVBr/
X-Received: by 10.112.225.135 with SMTP id rk7mr3302942lbc.6.1414219757791; 
 Fri, 24 Oct 2014 23:49:17 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.7.37 with SMTP id g5ls545178laa.91.gmail;
 Fri, 24 Oct 2014 23:49:17 -0700 (PDT)
X-Received: by 10.113.5.7 with SMTP id ci7mr9282355lbd.9.1414219757431;
 Fri, 24 Oct 2014 23:49:17 -0700 (PDT)
Received: from mail-la0-f42.google.com (mail-la0-f42.google.com.
 [209.85.215.42]) by mx.google.com with ESMTPS id
 xk6si10047483lbb.22.2014.10.24.23.49.17
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 24 Oct 2014 23:49:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.42 as permitted sender) client-ip=209.85.215.42; 
Received: by mail-la0-f42.google.com with SMTP id gf13so4094507lab.15
 for <patchwork-forward@linaro.org>;
 Fri, 24 Oct 2014 23:49:17 -0700 (PDT)
X-Received: by 10.112.221.197 with SMTP id qg5mr9085487lbc.32.1414219756976; 
 Fri, 24 Oct 2014 23:49:16 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.84.229 with SMTP id c5csp1699lbz;
 Fri, 24 Oct 2014 23:49:16 -0700 (PDT)
X-Received: by 10.66.139.162 with SMTP id qz2mr9617292pab.92.1414219755390; 
 Fri, 24 Oct 2014 23:49:15 -0700 (PDT)
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2001:1868:205::9]) by mx.google.com with ESMTPS id
 gp1si5932869pbd.24.2014.10.24.23.49.14 for <patch@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 24 Oct 2014 23:49:15 -0700 (PDT)
Received-SPF: none (google.com:
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 does not designate permitted sender hosts)
 client-ip=2001:1868:205::9; 
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1Xhv72-0008L3-Oc; Sat, 25 Oct 2014 06:46:08 +0000
Received: from szxga03-in.huawei.com ([119.145.14.66])
 by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
 Linux)) id 1Xhv6o-00082s-4Z for linux-arm-kernel@lists.infradead.org;
 Sat, 25 Oct 2014 06:45:55 +0000
Received: from 172.24.2.119 (EHLO lggeml421-hub.china.huawei.com)
 ([172.24.2.119])
 by szxrg03-dlp.huawei.com (MOS 4.4.3-GA FastPath queued)
 with ESMTP id AWB64682; Sat, 25 Oct 2014 14:44:46 +0800 (CST)
Received: from kernel-host.huawei (10.107.197.247) by
 lggeml421-hub.china.huawei.com (10.72.61.31) with Microsoft SMTP
 Server id 14.3.158.1; Sat, 25 Oct 2014 14:44:34 +0800
From: Wang Nan <wangnan0@huawei.com>
To: <masami.hiramatsu.pt@hitachi.com>, <tixy@linaro.org>
Subject: [PATCH 4/4] ARM: kprobes: disallow probing stack consuming
 instructions
Date: Sat, 25 Oct 2014 14:42:53 +0800
Message-ID: <1414219373-20070-5-git-send-email-wangnan0@huawei.com>
X-Mailer: git-send-email 1.8.4
In-Reply-To: <1414219373-20070-1-git-send-email-wangnan0@huawei.com>
References: <1414219373-20070-1-git-send-email-wangnan0@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.107.197.247]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
 refid=str=0001.0A020202.544B46E0.0121, ss=1, re=0.000, recu=0.000,
 reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0,
 so=2013-05-26 15:14:31, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 76036ec598f800814f8cc8e2b69bbf95
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20141024_234554_554582_084CF559
X-CRM114-Status: UNSURE (   9.30  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -2.1 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
 Content analysis details:   (-2.1 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
 low trust [119.145.14.66 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [119.145.14.66 listed in wl.mailspike.net]
 -1.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay
 domain
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
Cc: lizefan@huawei.com, linux@arm.linux.org.uk, taras.kondratiuk@linaro.org, 
 will.deacon@arm.com, linux-kernel@vger.kernel.org, rabin@rab.in,
 ben.dooks@codethink.co.uk, dave.long@linaro.org, cl@linux.com,
 davem@davemloft.net, linux-arm-kernel@lists.infradead.org
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: wangnan0@huawei.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.42 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

This patch prohibit probing instructions for which the stack
requirement are unable to be determined statically. Some test cases
are found not work again after the modification, this patch also
removes them.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 arch/arm/kernel/kprobes-test-arm.c | 16 ++++++++++------
 arch/arm/kernel/kprobes.c          |  8 ++++++++
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/arch/arm/kernel/kprobes-test-arm.c b/arch/arm/kernel/kprobes-test-arm.c
index 264c064..59f9b25 100644
--- a/arch/arm/kernel/kprobes-test-arm.c
+++ b/arch/arm/kernel/kprobes-test-arm.c
@@ -476,7 +476,8 @@ void kprobe_arm_test_cases(void)
 	TEST_GROUP("Extra load/store instructions")
 
 	TEST_RPR(  "strh	r",0, VAL1,", [r",1, 48,", -r",2, 24,"]")
-	TEST_RPR(  "streqh	r",14,VAL2,", [r",13,0, ", r",12, 48,"]")
+	TEST_RPR(  "streqh	r",14,VAL2,", [r",11,0, ", r",12, 48,"]")
+	TEST_UNSUPPORTED(  "streqh	r14, [r13, r12]")
 	TEST_RPR(  "strh	r",1, VAL1,", [r",2, 24,", r",3,  48,"]!")
 	TEST_RPR(  "strneh	r",12,VAL2,", [r",11,48,", -r",10,24,"]!")
 	TEST_RPR(  "strh	r",2, VAL1,", [r",3, 24,"], r",4, 48,"")
@@ -565,7 +566,8 @@ void kprobe_arm_test_cases(void)
 
 #if __LINUX_ARM_ARCH__ >= 5
 	TEST_RPR(  "strd	r",0, VAL1,", [r",1, 48,", -r",2,24,"]")
-	TEST_RPR(  "strccd	r",8, VAL2,", [r",13,0, ", r",12,48,"]")
+	TEST_RPR(  "strccd	r",8, VAL2,", [r",11,0, ", r",12,48,"]")
+	TEST_UNSUPPORTED(  "strccd r8, [r13, r12]")
 	TEST_RPR(  "strd	r",4, VAL1,", [r",2, 24,", r",3, 48,"]!")
 	TEST_RPR(  "strcsd	r",12,VAL2,", [r",11,48,", -r",10,24,"]!")
 	TEST_RPR(  "strd	r",2, VAL1,", [r",5, 24,"], r",4,48,"")
@@ -639,13 +641,15 @@ void kprobe_arm_test_cases(void)
 	TEST_RP( "str"byte"	r",2, VAL1,", [r",3, 24,"], #48")		\
 	TEST_RP( "str"byte"	r",10,VAL2,", [r",9, 64,"], #-48")		\
 	TEST_RPR("str"byte"	r",0, VAL1,", [r",1, 48,", -r",2, 24,"]")	\
-	TEST_RPR("str"byte"	r",14,VAL2,", [r",13,0, ", r",12, 48,"]")	\
+	TEST_RPR("str"byte"	r",14,VAL2,", [r",11,0, ", r",12, 48,"]")	\
+	TEST_UNSUPPORTED("str"byte" r14, [r13, r12]")	\
 	TEST_RPR("str"byte"	r",1, VAL1,", [r",2, 24,", r",3,  48,"]!")	\
 	TEST_RPR("str"byte"	r",12,VAL2,", [r",11,48,", -r",10,24,"]!")	\
 	TEST_RPR("str"byte"	r",2, VAL1,", [r",3, 24,"], r",4, 48,"")	\
 	TEST_RPR("str"byte"	r",10,VAL2,", [r",9, 48,"], -r",11,24,"")	\
 	TEST_RPR("str"byte"	r",0, VAL1,", [r",1, 24,", r",2,  32,", asl #1]")\
-	TEST_RPR("str"byte"	r",14,VAL2,", [r",13,0, ", r",12, 32,", lsr #2]")\
+	TEST_RPR("str"byte"	r",14,VAL2,", [r",11,0, ", r",12, 32,", lsr #2]")\
+	TEST_UNSUPPORTED("str"byte"	r14, [r13, r12, lsr #2]")\
 	TEST_RPR("str"byte"	r",1, VAL1,", [r",2, 24,", r",3,  32,", asr #3]!")\
 	TEST_RPR("str"byte"	r",12,VAL2,", [r",11,24,", r",10, 4,", ror #31]!")\
 	TEST_P(  "ldr"byte"	r0, [r",0,  24,", #-2]")			\
@@ -669,12 +673,12 @@ void kprobe_arm_test_cases(void)
 
 	LOAD_STORE("")
 	TEST_P(   "str	pc, [r",0,0,", #15*4]")
-	TEST_R(   "str	pc, [sp, r",2,15*4,"]")
+	TEST_UNSUPPORTED(   "str	pc, [sp, r2]")
 	TEST_BF(  "ldr	pc, [sp, #15*4]")
 	TEST_BF_R("ldr	pc, [sp, r",2,15*4,"]")
 
 	TEST_P(   "str	sp, [r",0,0,", #13*4]")
-	TEST_R(   "str	sp, [sp, r",2,13*4,"]")
+	TEST_UNSUPPORTED(   "str	sp, [sp, r2]")
 	TEST_BF(  "ldr	sp, [sp, #13*4]")
 	TEST_BF_R("ldr	sp, [sp, r",2,13*4,"]")
 
diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c
index 618531d..59f5e64 100644
--- a/arch/arm/kernel/kprobes.c
+++ b/arch/arm/kernel/kprobes.c
@@ -124,6 +124,14 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p)
 		break;
 	}
 
+	/*
+	 * Unable to instrument insn like 'str r0, [sp, +/-r1]'.
+	 * __und_svc protects 64 bytes stack, so instrumenting insn
+	 * likes 'str r0, [sp, #-68]' should be prohibited.
+	 */
+	if ((p->ainsn.stack_space < 0) || (p->ainsn.stack_space > 64))
+		return -EINVAL;
+
 	return 0;
 }