[RFC PATCH v4 2/6] uretprobes/x86: hijack return address

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Anton Arapov <anton@redhat.com>
To: Anton Arapov <anton@redhat.com>, Oleg Nesterov <oleg@redhat.com>,
	Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
	Josh Stone <jistone@redhat.com>, Frank Eigler <fche@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@elte.hu>,
	Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Subject: [RFC PATCH v4 2/6] uretprobes/x86: hijack return address
Date: Mon,  4 Mar 2013 15:38:09 +0100	[thread overview]
Message-ID: <1362407893-32505-3-git-send-email-anton@redhat.com> (raw)
In-Reply-To: <1362407893-32505-1-git-send-email-anton@redhat.com>

  hijack the return address and replace it with a "trampoline"

v2:
  - remove ->doomed flag, kill task immediately

Signed-off-by: Anton Arapov <anton@redhat.com>
---
 arch/x86/include/asm/uprobes.h |  1 +
 arch/x86/kernel/uprobes.c      | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/arch/x86/include/asm/uprobes.h b/arch/x86/include/asm/uprobes.h
index 8ff8be7..c353555 100644
--- a/arch/x86/include/asm/uprobes.h
+++ b/arch/x86/include/asm/uprobes.h
@@ -55,4 +55,5 @@ extern int  arch_uprobe_post_xol(struct arch_uprobe *aup, struct pt_regs *regs);
 extern bool arch_uprobe_xol_was_trapped(struct task_struct *tsk);
 extern int  arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, void *data);
 extern void arch_uprobe_abort_xol(struct arch_uprobe *aup, struct pt_regs *regs);
+extern unsigned long arch_uretprobe_hijack_return_addr(unsigned long rp_trampoline_vaddr, struct pt_regs *regs);
 #endif	/* _ASM_UPROBES_H */
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
index 0ba4cfb..85e2153 100644
--- a/arch/x86/kernel/uprobes.c
+++ b/arch/x86/kernel/uprobes.c
@@ -697,3 +697,32 @@ bool arch_uprobe_skip_sstep(struct arch_uprobe *auprobe, struct pt_regs *regs)
 		send_sig(SIGTRAP, current, 0);
 	return ret;
 }
+
+extern unsigned long arch_uretprobe_hijack_return_addr(unsigned long
+		rp_trampoline_vaddr, struct pt_regs *regs)
+{
+	int rasize, ncopied;
+	unsigned long orig_ret_vaddr = 0; /* clear high bits for 32-bit apps */
+
+	rasize = is_ia32_task() ? 4 : 8;
+	ncopied = copy_from_user(&orig_ret_vaddr, (void __user *)regs->sp, rasize);
+	if (unlikely(ncopied))
+		return 0;
+
+	/* check whether address has been already hijacked */
+	if (orig_ret_vaddr == rp_trampoline_vaddr)
+		return orig_ret_vaddr;
+
+	ncopied = copy_to_user((void __user *)regs->sp, &rp_trampoline_vaddr, rasize);
+	if (unlikely(ncopied)) {
+		if (ncopied != rasize) {
+			printk(KERN_ERR "uretprobe: return address clobbered: "
+					"pid=%d, %%sp=%#lx, %%ip=%#lx\n",
+					current->pid, regs->sp, regs->ip);
+			/* kill task immediately */
+			send_sig(SIGSEGV, current, 0);
+		}
+	}
+
+	return orig_ret_vaddr;
+}
-- 
1.8.1.2

next prev parent reply	other threads:[~2013-03-04 14:38 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-04 14:38 [RFC PATCH v4 0/6] uprobes: return probe implementation Anton Arapov
2013-03-04 14:38 ` [RFC PATCH v4 1/6] uretprobes: preparation patch Anton Arapov
2013-03-04 14:38 ` Anton Arapov [this message]
2013-03-04 14:38 ` [RFC PATCH v4 3/6] uretprobes: generalize xol_get_insn_slot() Anton Arapov
2013-03-04 14:38 ` [RFC PATCH v4 4/6] uretprobes: return probe entry, prepare uretprobe Anton Arapov
2013-03-04 16:47   ` Oleg Nesterov
2013-03-05 13:20     ` Anton Arapov
2013-03-04 14:38 ` [RFC PATCH v4 5/6] uretprobes: invoke return probe handlers Anton Arapov
2013-03-04 16:51   ` Oleg Nesterov
2013-03-05 13:28     ` Anton Arapov
2013-03-05  7:03   ` Ananth N Mavinakayanahalli
2013-03-05 13:18     ` Anton Arapov
2013-03-04 14:38 ` [RFC PATCH v4 6/6] uretprobes: implemented, thus remove -ENOSYS Anton Arapov
2013-03-05 12:04 ` [RFC PATCH v4 0/6] uprobes: return probe implementation Ingo Molnar
2013-03-05 12:22   ` Anton Arapov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8ff8be7 dfblob:c353555 dfblob:0ba4cfb dfblob:85e2153 )
 OR (
bs:"[RFC PATCH v4 2/6] uretprobes/x86: hijack return address" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1362407893-32505-3-git-send-email-anton@redhat.com \
    --to=anton@redhat.com \
    --cc=ananth@in.ibm.com \
    --cc=fche@redhat.com \
    --cc=jistone@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=oleg@redhat.com \
    --cc=peterz@infradead.org \
    --cc=srikar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.