[BUGFIX][PATCH -tip] x86: kretprobe-booster interrupt emulation code fix

[BUGFIX][PATCH -tip] x86: kretprobe-booster interrupt emulation code fix

[Masami Hiramatsu]

Fix interrupt emulation code in kretprobe-booster according to
pt_regs update (es/ds change and gs adding).

This issue has been reported on systemtap-bugzilla:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=9965

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
---
 arch/x86/kernel/kprobes.c |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
index 55b9461..64dba72 100644
--- a/arch/x86/kernel/kprobes.c
+++ b/arch/x86/kernel/kprobes.c
@@ -638,13 +638,13 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 #else
 			"	pushf\n"
 			/*
-			 * Skip cs, ip, orig_ax.
+			 * Skip cs, ip, orig_ax and gs.
 			 * trampoline_handler() will plug in these values
 			 */
-			"	subl $12, %esp\n"
+			"	subl $16, %esp\n"
 			"	pushl %fs\n"
-			"	pushl %ds\n"
 			"	pushl %es\n"
+			"	pushl %ds\n"
 			"	pushl %eax\n"
 			"	pushl %ebp\n"
 			"	pushl %edi\n"
@@ -655,10 +655,10 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	movl %esp, %eax\n"
 			"	call trampoline_handler\n"
 			/* Move flags to cs */
-			"	movl 52(%esp), %edx\n"
-			"	movl %edx, 48(%esp)\n"
+			"	movl 56(%esp), %edx\n"
+			"	movl %edx, 52(%esp)\n"
 			/* Replace saved flags with true return address. */
-			"	movl %eax, 52(%esp)\n"
+			"	movl %eax, 56(%esp)\n"
 			"	popl %ebx\n"
 			"	popl %ecx\n"
 			"	popl %edx\n"
@@ -666,8 +666,8 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	popl %edi\n"
 			"	popl %ebp\n"
 			"	popl %eax\n"
-			/* Skip ip, orig_ax, es, ds, fs */
-			"	addl $20, %esp\n"
+			/* Skip ds, es, fs, gs, orig_ax and ip */
+			"	addl $24, %esp\n"
 			"	popf\n"
 #endif
 			"	ret\n");
@@ -694,6 +694,7 @@ static __used __kprobes void *trampoline_handler(struct pt_regs *regs)
 #endif
 	regs->ip = trampoline_address;
 	regs->orig_ax = ~0UL;
+	regs->gs = 0;

 	/*
 	 * It is possible to have multiple instances associated with a given


-- 
Masami Hiramatsu

Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division

e-mail: mhiramat@redhat.com

Re: [BUGFIX][PATCH -tip] x86: kretprobe-booster interrupt emulation code fix

[Bharata B Rao]

On Mon, Mar 23, 2009 at 10:14:52AM -0400, Masami Hiramatsu wrote:
> Fix interrupt emulation code in kretprobe-booster according to
> pt_regs update (es/ds change and gs adding).
> 
> This issue has been reported on systemtap-bugzilla:
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=9965

Do you want to put some of the details from the bugzilla entry
to this patch description so that one is not forced to look
at the bugzilla in future when git log is done ?

> 
> Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
> ---
>  arch/x86/kernel/kprobes.c |   17 +++++++++--------
>  1 files changed, 9 insertions(+), 8 deletions(-)
> 
> diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
> index 55b9461..64dba72 100644
> --- a/arch/x86/kernel/kprobes.c
> +++ b/arch/x86/kernel/kprobes.c
> @@ -638,13 +638,13 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
>  #else
>  			"	pushf\n"
>  			/*
> -			 * Skip cs, ip, orig_ax.
> +			 * Skip cs, ip, orig_ax and gs.
>  			 * trampoline_handler() will plug in these values
>  			 */
> -			"	subl $12, %esp\n"
> +			"	subl $16, %esp\n"
>  			"	pushl %fs\n"
> -			"	pushl %ds\n"
>  			"	pushl %es\n"
> +			"	pushl %ds\n"
>  			"	pushl %eax\n"
>  			"	pushl %ebp\n"
>  			"	pushl %edi\n"
> @@ -655,10 +655,10 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
>  			"	movl %esp, %eax\n"
>  			"	call trampoline_handler\n"
>  			/* Move flags to cs */
> -			"	movl 52(%esp), %edx\n"
> -			"	movl %edx, 48(%esp)\n"
> +			"	movl 56(%esp), %edx\n"
> +			"	movl %edx, 52(%esp)\n"
>  			/* Replace saved flags with true return address. */
> -			"	movl %eax, 52(%esp)\n"
> +			"	movl %eax, 56(%esp)\n"
>  			"	popl %ebx\n"
>  			"	popl %ecx\n"
>  			"	popl %edx\n"
> @@ -666,8 +666,8 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
>  			"	popl %edi\n"
>  			"	popl %ebp\n"
>  			"	popl %eax\n"
> -			/* Skip ip, orig_ax, es, ds, fs */
> -			"	addl $20, %esp\n"
> +			/* Skip ds, es, fs, gs, orig_ax and ip */
> +			"	addl $24, %esp\n"
>  			"	popf\n"
>  #endif
>  			"	ret\n");
> @@ -694,6 +694,7 @@ static __used __kprobes void *trampoline_handler(struct pt_regs *regs)
>  #endif
>  	regs->ip = trampoline_address;
>  	regs->orig_ax = ~0UL;
> +	regs->gs = 0;
> 
>  	/*
>  	 * It is possible to have multiple instances associated with a given
> 

This change works for me. I no longer see "BUG: sleeping from invalid context"
messages with kretprobe after this change.

Regards,
Bharata.

Re: [BUGFIX][PATCH -tip] x86: kretprobe-booster interrupt emulation code fix

[Masami Hiramatsu]

Bharata B Rao wrote:
> On Mon, Mar 23, 2009 at 10:14:52AM -0400, Masami Hiramatsu wrote:
>> Fix interrupt emulation code in kretprobe-booster according to
>> pt_regs update (es/ds change and gs adding).
>>
>> This issue has been reported on systemtap-bugzilla:
>> http://sources.redhat.com/bugzilla/show_bug.cgi?id=9965
> 
> Do you want to put some of the details from the bugzilla entry
> to this patch description so that one is not forced to look
> at the bugzilla in future when git log is done ?

Oh, sure. I picked up related part of this bug.

---
On a -tip kernel on x86_32, kretprobe_example (from samples) triggers the
following backtrace when its retprobing a class of functions that cause a
copy_from/to_user().

BUG: sleeping function called from invalid context at mm/memory.c:3196
in_atomic(): 0, irqs_disabled(): 1, pid: 2286, name: cat
1 lock held by cat/2286:
 #0:  (&p->lock){+.+.+.}, at: [<c04b4eb1>] seq_read+0x35/0x31d
irq event stamp: 1613
hardirqs last  enabled at (1613): [<c06b5914>] _spin_unlock_irqrestore+0x3c/0x48
hardirqs last disabled at (1612): [<c06b5a7f>] _spin_lock_irqsave+0x1a/0x3f
softirqs last  enabled at (1610): [<c04348c5>] __do_softirq+0x164/0x183
softirqs last disabled at (1603): [<c0404d2c>] do_softirq+0x68/0xc8
Pid: 2286, comm: cat Not tainted 2.6.29-rc8-tip-acde #1
Call Trace:
 [<c0429017>] __might_sleep+0xde/0xe3
 [<c048c6e1>] might_fault+0x1f/0x80
 [<c0535b87>] copy_to_user+0x2f/0x106
 [<c04b5120>] seq_read+0x2a4/0x31d
 [<c04d4882>] proc_reg_read+0x6a/0x84
 [<c04b4e7c>] ? seq_read+0x0/0x31d
 [<c04d4882>] ? proc_reg_read+0x6a/0x84
 [<c04d4818>] ? proc_reg_read+0x0/0x84
 [<c04a1f73>] vfs_read+0x90/0xef
 [<c04a208b>] sys_read+0x4e/0x75
 [<c044d338>] ? trace_hardirqs_on_caller+0x11d/0x141
 [<c0402fc4>] sysenter_do_call+0x12/0x38
 [<c0402fc4>] ? sysenter_do_call+0x12/0x38

Steps to recreate:
1. put kretprobe on meminfo_proc_show.
2. cat /proc/meminfo
3. Your dmesg should have the above trace.

Problem doesn't happen with 2.6.29-rc8.

This is a kretprobe booster bug on x86_32. Commit ccbeed3a modifies the
pt_regs, the kretprobe_trampoline() part of the kretprobe booster needs to be
updated to handle the gs register.

---

Thank you,

> 
>> Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
>> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
>> ---
>>  arch/x86/kernel/kprobes.c |   17 +++++++++--------
>>  1 files changed, 9 insertions(+), 8 deletions(-)
>>
>> diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
>> index 55b9461..64dba72 100644
>> --- a/arch/x86/kernel/kprobes.c
>> +++ b/arch/x86/kernel/kprobes.c
>> @@ -638,13 +638,13 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
>>  #else
>>  			"	pushf\n"
>>  			/*
>> -			 * Skip cs, ip, orig_ax.
>> +			 * Skip cs, ip, orig_ax and gs.
>>  			 * trampoline_handler() will plug in these values
>>  			 */
>> -			"	subl $12, %esp\n"
>> +			"	subl $16, %esp\n"
>>  			"	pushl %fs\n"
>> -			"	pushl %ds\n"
>>  			"	pushl %es\n"
>> +			"	pushl %ds\n"
>>  			"	pushl %eax\n"
>>  			"	pushl %ebp\n"
>>  			"	pushl %edi\n"
>> @@ -655,10 +655,10 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
>>  			"	movl %esp, %eax\n"
>>  			"	call trampoline_handler\n"
>>  			/* Move flags to cs */
>> -			"	movl 52(%esp), %edx\n"
>> -			"	movl %edx, 48(%esp)\n"
>> +			"	movl 56(%esp), %edx\n"
>> +			"	movl %edx, 52(%esp)\n"
>>  			/* Replace saved flags with true return address. */
>> -			"	movl %eax, 52(%esp)\n"
>> +			"	movl %eax, 56(%esp)\n"
>>  			"	popl %ebx\n"
>>  			"	popl %ecx\n"
>>  			"	popl %edx\n"
>> @@ -666,8 +666,8 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
>>  			"	popl %edi\n"
>>  			"	popl %ebp\n"
>>  			"	popl %eax\n"
>> -			/* Skip ip, orig_ax, es, ds, fs */
>> -			"	addl $20, %esp\n"
>> +			/* Skip ds, es, fs, gs, orig_ax and ip */
>> +			"	addl $24, %esp\n"
>>  			"	popf\n"
>>  #endif
>>  			"	ret\n");
>> @@ -694,6 +694,7 @@ static __used __kprobes void *trampoline_handler(struct pt_regs *regs)
>>  #endif
>>  	regs->ip = trampoline_address;
>>  	regs->orig_ax = ~0UL;
>> +	regs->gs = 0;
>>
>>  	/*
>>  	 * It is possible to have multiple instances associated with a given
>>
> 
> This change works for me. I no longer see "BUG: sleeping from invalid context"
> messages with kretprobe after this change.
> 
> Regards,
> Bharata.

-- 
Masami Hiramatsu

Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division

e-mail: mhiramat@redhat.com

Re: [BUGFIX][PATCH -tip] x86: kretprobe-booster interrupt emulation code fix

[Ananth N Mavinakayanahalli]

On Mon, Mar 23, 2009 at 10:14:52AM -0400, Masami Hiramatsu wrote:
> Fix interrupt emulation code in kretprobe-booster according to
> pt_regs update (es/ds change and gs adding).
> 
> This issue has been reported on systemtap-bugzilla:
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=9965
> 
> Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>

Tested on -tip. Thanks Masami.

Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>

Ananth

[tip:tracing/kprobes] x86: kretprobe-booster interrupt emulation code fix

[Masami Hiramatsu]

Commit-ID:  b9dad0d2955db059cd92c81c37ddcbef0abc8bf8
Gitweb:     http://git.kernel.org/tip/b9dad0d2955db059cd92c81c37ddcbef0abc8bf8
Author:     Masami Hiramatsu <mhiramat@redhat.com>
AuthorDate: Mon, 23 Mar 2009 10:14:52 -0400
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Tue, 24 Mar 2009 13:19:53 +0100

x86: kretprobe-booster interrupt emulation code fix

Fix interrupt emulation code in kretprobe-booster according to
pt_regs update (es/ds change and gs adding).

This issue has been reported on systemtap-bugzilla:

  http://sources.redhat.com/bugzilla/show_bug.cgi?id=9965

  | On a -tip kernel on x86_32, kretprobe_example (from samples) triggers the
  | following backtrace when its retprobing a class of functions that cause a
  | copy_from/to_user().
  |
  | BUG: sleeping function called from invalid context at mm/memory.c:3196
  | in_atomic(): 0, irqs_disabled(): 1, pid: 2286, name: cat

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Tested-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Cc: systemtap-ml <systemtap@sources.redhat.com>
LKML-Reference: <49C7995C.2010601@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>


---
 arch/x86/kernel/kprobes.c |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
index 4558dd3..8bafd4a 100644
--- a/arch/x86/kernel/kprobes.c
+++ b/arch/x86/kernel/kprobes.c
@@ -638,13 +638,13 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 #else
 			"	pushf\n"
 			/*
-			 * Skip cs, ip, orig_ax.
+			 * Skip cs, ip, orig_ax and gs.
 			 * trampoline_handler() will plug in these values
 			 */
-			"	subl $12, %esp\n"
+			"	subl $16, %esp\n"
 			"	pushl %fs\n"
-			"	pushl %ds\n"
 			"	pushl %es\n"
+			"	pushl %ds\n"
 			"	pushl %eax\n"
 			"	pushl %ebp\n"
 			"	pushl %edi\n"
@@ -655,10 +655,10 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	movl %esp, %eax\n"
 			"	call trampoline_handler\n"
 			/* Move flags to cs */
-			"	movl 52(%esp), %edx\n"
-			"	movl %edx, 48(%esp)\n"
+			"	movl 56(%esp), %edx\n"
+			"	movl %edx, 52(%esp)\n"
 			/* Replace saved flags with true return address. */
-			"	movl %eax, 52(%esp)\n"
+			"	movl %eax, 56(%esp)\n"
 			"	popl %ebx\n"
 			"	popl %ecx\n"
 			"	popl %edx\n"
@@ -666,8 +666,8 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	popl %edi\n"
 			"	popl %ebp\n"
 			"	popl %eax\n"
-			/* Skip ip, orig_ax, es, ds, fs */
-			"	addl $20, %esp\n"
+			/* Skip ds, es, fs, gs, orig_ax and ip */
+			"	addl $24, %esp\n"
 			"	popf\n"
 #endif
 			"	ret\n");
@@ -694,6 +694,7 @@ static __used __kprobes void *trampoline_handler(struct pt_regs *regs)
 #endif
 	regs->ip = trampoline_address;
 	regs->orig_ax = ~0UL;
+	regs->gs = 0;
 
 	/*
 	 * It is possible to have multiple instances associated with a given

Re: [tip:tracing/kprobes] x86: kretprobe-booster interrupt emulation code fix

[Ingo Molnar]

* Masami Hiramatsu <mhiramat@redhat.com> wrote:

>  	regs->ip = trampoline_address;
>  	regs->orig_ax = ~0UL;
> +	regs->gs = 0;

hm, this wont build on 32-bit.

	Ingo

Re: [tip:tracing/kprobes] x86: kretprobe-booster interrupt emulation code fix

[Bharata B Rao]

On Tue, Mar 24, 2009 at 02:13:59PM +0100, Ingo Molnar wrote:
> 
> * Masami Hiramatsu <mhiramat@redhat.com> wrote:
> 
> >  	regs->ip = trampoline_address;
> >  	regs->orig_ax = ~0UL;
> > +	regs->gs = 0;
> 
> hm, this wont build on 32-bit.

I guess you meant 64 bit. Yes I see that it fails to build on x86_64.

Regards,
Bharata.

Re: [tip:tracing/kprobes] x86: kretprobe-booster interrupt emulation code fix

[Masami Hiramatsu]

Bharata B Rao wrote:
> On Tue, Mar 24, 2009 at 02:13:59PM +0100, Ingo Molnar wrote:
>> * Masami Hiramatsu <mhiramat@redhat.com> wrote:
>>
>>>  	regs->ip = trampoline_address;
>>>  	regs->orig_ax = ~0UL;
>>> +	regs->gs = 0;
>> hm, this wont build on 32-bit.
> 
> I guess you meant 64 bit. Yes I see that it fails to build on x86_64.
> 
> Regards,
> Bharata.

Thanks, here I updated my patch.
---

Fix interrupt emulation code in kretprobe-booster according to
pt_regs update (es/ds change and gs adding).

This issue has been reported on systemtap-bugzilla:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=9965

On a -tip kernel on x86_32, kretprobe_example (from samples) triggers the
following backtrace when its retprobing a class of functions that cause a
copy_from/to_user().

 BUG: sleeping function called from invalid context at mm/memory.c:3196
 in_atomic(): 0, irqs_disabled(): 1, pid: 2286, name: cat
 1 lock held by cat/2286:
 #0:  (&p->lock){+.+.+.}, at: [<c04b4eb1>] seq_read+0x35/0x31d
 irq event stamp: 1613
 hardirqs last  enabled at (1613): [<c06b5914>] _spin_unlock_irqrestore+0x3c/0x48
 hardirqs last disabled at (1612): [<c06b5a7f>] _spin_lock_irqsave+0x1a/0x3f
 softirqs last  enabled at (1610): [<c04348c5>] __do_softirq+0x164/0x183
 softirqs last disabled at (1603): [<c0404d2c>] do_softirq+0x68/0xc8
 Pid: 2286, comm: cat Not tainted 2.6.29-rc8-tip-acde #1
 Call Trace:
  [<c0429017>] __might_sleep+0xde/0xe3
  [<c048c6e1>] might_fault+0x1f/0x80
  [<c0535b87>] copy_to_user+0x2f/0x106
  [<c04b5120>] seq_read+0x2a4/0x31d
  [<c04d4882>] proc_reg_read+0x6a/0x84
  [<c04b4e7c>] ? seq_read+0x0/0x31d
  [<c04d4882>] ? proc_reg_read+0x6a/0x84
  [<c04d4818>] ? proc_reg_read+0x0/0x84
  [<c04a1f73>] vfs_read+0x90/0xef
  [<c04a208b>] sys_read+0x4e/0x75
  [<c044d338>] ? trace_hardirqs_on_caller+0x11d/0x141
  [<c0402fc4>] sysenter_do_call+0x12/0x38
  [<c0402fc4>] ? sysenter_do_call+0x12/0x38

Steps to recreate:
 1. put kretprobe on meminfo_proc_show.
 2. cat /proc/meminfo
 3. Your dmesg should have the above trace.

Problem doesn't happen with 2.6.29-rc8.

This is a kretprobe booster bug on x86_32. Commit ccbeed3a modifies the
pt_regs, the kretprobe_trampoline() part of the kretprobe booster needs to be
updated to handle the gs register.

changes from v1:
 - Don't set regs->gs if CONFIG_X86_64=y.

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
---

 arch/x86/kernel/kprobes.c |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)


diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
index 55b9461..7b5169d 100644
--- a/arch/x86/kernel/kprobes.c
+++ b/arch/x86/kernel/kprobes.c
@@ -638,13 +638,13 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 #else
 			"	pushf\n"
 			/*
-			 * Skip cs, ip, orig_ax.
+			 * Skip cs, ip, orig_ax and gs.
 			 * trampoline_handler() will plug in these values
 			 */
-			"	subl $12, %esp\n"
+			"	subl $16, %esp\n"
 			"	pushl %fs\n"
-			"	pushl %ds\n"
 			"	pushl %es\n"
+			"	pushl %ds\n"
 			"	pushl %eax\n"
 			"	pushl %ebp\n"
 			"	pushl %edi\n"
@@ -655,10 +655,10 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	movl %esp, %eax\n"
 			"	call trampoline_handler\n"
 			/* Move flags to cs */
-			"	movl 52(%esp), %edx\n"
-			"	movl %edx, 48(%esp)\n"
+			"	movl 56(%esp), %edx\n"
+			"	movl %edx, 52(%esp)\n"
 			/* Replace saved flags with true return address. */
-			"	movl %eax, 52(%esp)\n"
+			"	movl %eax, 56(%esp)\n"
 			"	popl %ebx\n"
 			"	popl %ecx\n"
 			"	popl %edx\n"
@@ -666,8 +666,8 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	popl %edi\n"
 			"	popl %ebp\n"
 			"	popl %eax\n"
-			/* Skip ip, orig_ax, es, ds, fs */
-			"	addl $20, %esp\n"
+			/* Skip ds, es, fs, gs, orig_ax and ip */
+			"	addl $24, %esp\n"
 			"	popf\n"
 #endif
 			"	ret\n");
@@ -691,6 +691,7 @@ static __used __kprobes void *trampoline_handler(struct pt_regs *regs)
 	regs->cs = __KERNEL_CS;
 #else
 	regs->cs = __KERNEL_CS | get_kernel_rpl();
+	regs->gs = 0;
 #endif
 	regs->ip = trampoline_address;
 	regs->orig_ax = ~0UL;

-- 
Masami Hiramatsu

Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division

e-mail: mhiramat@redhat.com

[tip:tracing/kprobes] x86: kretprobe-booster interrupt emulation code fix

[Masami Hiramatsu]

Commit-ID:  fee039a1d05c6e0f71b0fe270d847742a02d56c4
Gitweb:     http://git.kernel.org/tip/fee039a1d05c6e0f71b0fe270d847742a02d56c4
Author:     Masami Hiramatsu <mhiramat@redhat.com>
AuthorDate: Mon, 23 Mar 2009 10:14:52 -0400
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Wed, 25 Mar 2009 18:53:29 +0100

x86: kretprobe-booster interrupt emulation code fix

Fix interrupt emulation code in kretprobe-booster according to
pt_regs update (es/ds change and gs adding).

This issue has been reported on systemtap-bugzilla:

  http://sources.redhat.com/bugzilla/show_bug.cgi?id=9965

  | On a -tip kernel on x86_32, kretprobe_example (from samples) triggers the
  | following backtrace when its retprobing a class of functions that cause a
  | copy_from/to_user().
  |
  | BUG: sleeping function called from invalid context at mm/memory.c:3196
  | in_atomic(): 0, irqs_disabled(): 1, pid: 2286, name: cat

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Tested-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Cc: systemtap-ml <systemtap@sources.redhat.com>
LKML-Reference: <49C7995C.2010601@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>


---
 arch/x86/kernel/kprobes.c |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
index 4558dd3..759095d 100644
--- a/arch/x86/kernel/kprobes.c
+++ b/arch/x86/kernel/kprobes.c
@@ -638,13 +638,13 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 #else
 			"	pushf\n"
 			/*
-			 * Skip cs, ip, orig_ax.
+			 * Skip cs, ip, orig_ax and gs.
 			 * trampoline_handler() will plug in these values
 			 */
-			"	subl $12, %esp\n"
+			"	subl $16, %esp\n"
 			"	pushl %fs\n"
-			"	pushl %ds\n"
 			"	pushl %es\n"
+			"	pushl %ds\n"
 			"	pushl %eax\n"
 			"	pushl %ebp\n"
 			"	pushl %edi\n"
@@ -655,10 +655,10 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	movl %esp, %eax\n"
 			"	call trampoline_handler\n"
 			/* Move flags to cs */
-			"	movl 52(%esp), %edx\n"
-			"	movl %edx, 48(%esp)\n"
+			"	movl 56(%esp), %edx\n"
+			"	movl %edx, 52(%esp)\n"
 			/* Replace saved flags with true return address. */
-			"	movl %eax, 52(%esp)\n"
+			"	movl %eax, 56(%esp)\n"
 			"	popl %ebx\n"
 			"	popl %ecx\n"
 			"	popl %edx\n"
@@ -666,8 +666,8 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
 			"	popl %edi\n"
 			"	popl %ebp\n"
 			"	popl %eax\n"
-			/* Skip ip, orig_ax, es, ds, fs */
-			"	addl $20, %esp\n"
+			/* Skip ds, es, fs, gs, orig_ax and ip */
+			"	addl $24, %esp\n"
 			"	popf\n"
 #endif
 			"	ret\n");
@@ -691,6 +691,7 @@ static __used __kprobes void *trampoline_handler(struct pt_regs *regs)
 	regs->cs = __KERNEL_CS;
 #else
 	regs->cs = __KERNEL_CS | get_kernel_rpl();
+	regs->gs = 0;
 #endif
 	regs->ip = trampoline_address;
 	regs->orig_ax = ~0UL;