mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0847230e9b5de32be80ca529f471b96bb1eed3d7
rockchip-kernel/arch/x86/kernel/kprobes/opt.c
Greg Kroah-Hartman 0847230e9b Merge 5.10.173 into android12-5.10-lts 
Changes in 5.10.173
	HID: asus: Remove check for same LED brightness on set
	HID: asus: use spinlock to protect concurrent accesses
	HID: asus: use spinlock to safely schedule workers
	powerpc/mm: Rearrange if-else block to avoid clang warning
	ARM: OMAP2+: Fix memory leak in realtime_counter_init()
	arm64: dts: qcom: qcs404: use symbol names for PCIe resets
	ARM: zynq: Fix refcount leak in zynq_early_slcr_init
	arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
	arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
	arm64: dts: qcom: sc7180: correct SPMI bus address cells
	arm64: dts: meson-gx: Fix Ethernet MAC address unit name
	arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
	arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
	arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
	arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes
	arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
	arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
	arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
	arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
	arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
	arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
	ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
	ARM: s3c: fix s3c64xx_set_timer_source prototype
	arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
	ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
	ARM: imx: Call ida_simple_remove() for ida_simple_get
	arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
	arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
	arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
	arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
	arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
	arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
	arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
	arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
	arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
	arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
	ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
	ARM: dts: imx7s: correct iomuxc gpr mux controller cells
	arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
	blk-mq: avoid sleep in blk_mq_alloc_request_hctx
	blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
	blk-mq: correct stale comment of .get_budget
	s390/dasd: Prepare for additional path event handling
	s390/dasd: Fix potential memleak in dasd_eckd_init()
	sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
	sched/rt: pick_next_rt_entity(): check list_entry
	x86/perf/zhaoxin: Add stepping check for ZXC
	block: bio-integrity: Copy flags when bio_integrity_payload is cloned
	wifi: rsi: Fix memory leak in rsi_coex_attach()
	wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
	wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
	wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
	wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
	wifi: libertas: fix memory leak in lbs_init_adapter()
	wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
	rtlwifi: fix -Wpointer-sign warning
	wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
	libbpf: Fix btf__align_of() by taking into account field offsets
	wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
	wifi: ipw2200: fix memory leak in ipw_wdev_init()
	wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
	wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
	wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
	wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
	wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
	wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
	wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
	wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
	crypto: x86/ghash - fix unaligned access in ghash_setkey()
	ACPICA: Drop port I/O validation for some regions
	genirq: Fix the return type of kstat_cpu_irqs_sum()
	rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
	rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
	rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
	lib/mpi: Fix buffer overrun when SG is too long
	crypto: ccp: Use the stack for small SEV command buffers
	crypto: ccp: Use the stack and common buffer for status commands
	crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
	crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
	ACPICA: nsrepair: handle cases without a return value correctly
	thermal/drivers/tsens: Drop msm8976-specific defines
	thermal/drivers/qcom/tsens_v1: Enable sensor 3 on MSM8976
	thermal/drivers/tsens: Add compat string for the qcom,msm8960
	thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
	wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
	wifi: orinoco: check return value of hermes_write_wordrec()
	wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
	ath9k: hif_usb: simplify if-if to if-else
	ath9k: htc: clean up statistics macros
	wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
	wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
	wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
	wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
	ACPI: battery: Fix missing NUL-termination with large strings
	crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
	crypto: essiv - Handle EBUSY correctly
	crypto: seqiv - Handle EBUSY correctly
	powercap: fix possible name leak in powercap_register_zone()
	x86/cpu: Init AP exception handling from cpu_init_secondary()
	x86/microcode: Replace deprecated CPU-hotplug functions.
	x86: Mark stop_this_cpu() __noreturn
	x86/microcode: Rip out the OLD_INTERFACE
	x86/microcode: Default-disable late loading
	x86/microcode: Print previous version of microcode after reload
	x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
	x86/microcode: Check CPU capabilities after late microcode update correctly
	x86/microcode: Adjust late loading result reporting message
	net: ethernet: ti: am65-cpsw: fix tx csum offload for multi mac mode
	net: ethernet: ti: am65-cpsw: handle deferred probe with dev_err_probe()
	net: ethernet: ti: add missing of_node_put before return
	crypto: xts - Handle EBUSY correctly
	leds: led-class: Add missing put_device() to led_put()
	crypto: ccp - Refactor out sev_fw_alloc()
	crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
	bpftool: profile online CPUs instead of possible
	net/mlx5: Enhance debug print in page allocation failure
	irqchip: Fix refcount leak in platform_irqchip_probe
	irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
	irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
	irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
	s390/vmem: fix empty page tables cleanup under KASAN
	net: add sock_init_data_uid()
	tun: tun_chr_open(): correctly initialize socket uid
	tap: tap_open(): correctly initialize socket uid
	OPP: fix error checking in opp_migrate_dentry()
	Bluetooth: L2CAP: Fix potential user-after-free
	libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
	rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
	crypto: rsa-pkcs1pad - Use akcipher_request_complete
	m68k: /proc/hardware should depend on PROC_FS
	RISC-V: time: initialize hrtimer based broadcast clock event device
	wifi: iwl3945: Add missing check for create_singlethread_workqueue
	wifi: iwl4965: Add missing check for create_singlethread_workqueue()
	wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
	selftests/bpf: Fix out-of-srctree build
	crypto: crypto4xx - Call dma_unmap_page when done
	wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
	thermal/drivers/hisi: Drop second sensor hi3660
	can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
	bpf: Fix global subprog context argument resolution logic
	irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
	irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
	selftests/net: Interpret UDP_GRO cmsg data as an int value
	l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
	net: bcmgenet: fix MoCA LED control
	selftest: fib_tests: Always cleanup before exit
	sefltests: netdevsim: wait for devlink instance after netns removal
	drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
	drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
	drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
	drm/bridge: megachips: Fix error handling in i2c_register_driver()
	drm/vkms: Fix null-ptr-deref in vkms_release()
	drm/vc4: dpi: Add option for inverting pixel clock and output enable
	drm/vc4: dpi: Fix format mapping for RGB565
	drm: tidss: Fix pixel format definition
	gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
	drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
	pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
	pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
	pinctrl: rockchip: add support for rk3568
	pinctrl: rockchip: do coding style for mux route struct
	pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
	drm/vc4: hvs: Set AXI panic modes
	drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
	drm/vc4: hdmi: Correct interlaced timings again
	ASoC: fsl_sai: initialize is_dsp_mode flag
	drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
	ALSA: hda/ca0132: minor fix for allocation size
	drm/msm/dpu: Disallow unallocated resources to be returned
	drm/bridge: lt9611: fix sleep mode setup
	drm/bridge: lt9611: fix HPD reenablement
	drm/bridge: lt9611: fix polarity programming
	drm/bridge: lt9611: fix programming of video modes
	drm/bridge: lt9611: fix clock calculation
	drm/bridge: lt9611: pass a pointer to the of node
	drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
	drm/msm: use strscpy instead of strncpy
	drm/msm/dpu: Add check for cstate
	drm/msm/dpu: Add check for pstates
	drm/msm/mdp5: Add check for kzalloc
	pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
	pinctrl: mediatek: Initialize variable pullen and pullup to zero
	pinctrl: mediatek: Initialize variable *buf to zero
	gpu: host1x: Don't skip assigning syncpoints to channels
	drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
	drm/mediatek: Use NULL instead of 0 for NULL pointer
	drm/mediatek: Drop unbalanced obj unref
	drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
	drm/mediatek: Clean dangling pointer on bind error path
	ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
	gpio: vf610: connect GPIO label to dev name
	spi: dw_bt1: fix MUX_MMIO dependencies
	ASoC: mchp-spdifrx: fix controls which rely on rsr register
	ASoC: atmel: fix spelling mistakes
	ASoC: mchp-spdifrx: fix return value in case completion times out
	ASoC: mchp-spdifrx: fix controls that works with completion mechanism
	ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
	ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
	ASoC: dt-bindings: meson: fix gx-card codec node regex
	hwmon: (ltc2945) Handle error case in ltc2945_value_store
	drm/amdgpu: fix enum odm_combine_mode mismatch
	scsi: mpt3sas: Fix a memory leak
	scsi: aic94xx: Add missing check for dma_map_single()
	spi: bcm63xx-hsspi: fix pm_runtime
	spi: bcm63xx-hsspi: Fix multi-bit mode setting
	hwmon: (mlxreg-fan) Return zero speed for broken fan
	ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
	dm: remove flush_scheduled_work() during local_exit()
	NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()
	NFSv4: keep state manager thread active if swap is enabled
	nfs4trace: fix state manager flag printing
	NFS: fix disabling of swap
	spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
	ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
	HID: bigben: use spinlock to protect concurrent accesses
	HID: bigben_worker() remove unneeded check on report_field
	HID: bigben: use spinlock to safely schedule workers
	hid: bigben_probe(): validate report count
	nfsd: fix race to check ls_layouts
	cifs: Fix lost destroy smbd connection when MR allocate failed
	cifs: Fix warning and UAF when destroy the MR list
	gfs2: jdata writepage fix
	perf llvm: Fix inadvertent file creation
	leds: led-core: Fix refcount leak in of_led_get()
	perf tools: Fix auto-complete on aarch64
	sparc: allow PM configs for sparc32 COMPILE_TEST
	selftests/ftrace: Fix bash specific "==" operator
	printf: fix errname.c list
	objtool: add UACCESS exceptions for __tsan_volatile_read/write
	mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
	clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
	clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
	RISC-V: fix funct4 definition for c.jalr in parse_asm.h
	mtd: rawnand: sunxi: Fix the size of the last OOB region
	Input: iqs269a - drop unused device node references
	Input: iqs269a - increase interrupt handler return delay
	Input: iqs269a - configure device with a single block write
	linux/kconfig.h: replace IF_ENABLED() with PTR_IF() in <linux/kernel.h>
	clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
	clk: renesas: cpg-mssr: Remove superfluous check in resume code
	clk: imx: avoid memory leak
	Input: ads7846 - don't report pressure for ads7845
	Input: ads7846 - convert to full duplex
	Input: ads7846 - convert to one message
	Input: ads7846 - always set last command to PWRDOWN
	Input: ads7846 - don't check penirq immediately for 7845
	clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC
	clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
	powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
	clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
	powerpc/perf/hv-24x7: add missing RTAS retry status handling
	powerpc/pseries/lpar: add missing RTAS retry status handling
	powerpc/pseries/lparcfg: add missing RTAS retry status handling
	powerpc/rtas: make all exports GPL
	powerpc/rtas: ensure 4KB alignment for rtas_data_buf
	powerpc/eeh: Small refactor of eeh_handle_normal_event()
	powerpc/eeh: Set channel state after notifying the drivers
	MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
	MIPS: vpe-mt: drop physical_memsize
	vdpa/mlx5: Don't clear mr struct on destroy MR
	alpha/boot/tools/objstrip: fix the check for ELF header
	Input: iqs269a - do not poll during suspend or resume
	Input: iqs269a - do not poll during ATI
	remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
	media: ti: cal: fix possible memory leak in cal_ctx_create()
	media: platform: ti: Add missing check for devm_regulator_get
	powerpc: Remove linker flag from KBUILD_AFLAGS
	builddeb: clean generated package content
	media: max9286: Fix memleak in max9286_v4l2_register()
	media: ov2740: Fix memleak in ov2740_init_controls()
	media: ov5675: Fix memleak in ov5675_init_controls()
	media: i2c: ov772x: Fix memleak in ov772x_probe()
	media: i2c: imx219: remove redundant writes
	media: i2c: imx219: Split common registers from mode tables
	media: i2c: imx219: Fix binning for RAW8 capture
	media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
	media: i2c: ov7670: 0 instead of -EINVAL was returned
	media: usb: siano: Fix use after free bugs caused by do_submit_urb
	media: saa7134: Use video_unregister_device for radio_dev
	rpmsg: glink: Avoid infinite loop on intent for missing channel
	udf: Define EFSCORRUPTED error code
	ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
	blk-iocost: fix divide by 0 error in calc_lcoefs()
	wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
	wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
	rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
	rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
	rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
	wifi: ath11k: debugfs: fix to work with multiple PCI devices
	thermal: intel: Fix unsigned comparison with less than zero
	timers: Prevent union confusion from unexpected restart_syscall()
	x86/bugs: Reset speculation control settings on init
	wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
	wifi: mt7601u: fix an integer underflow
	inet: fix fast path in __inet_hash_connect()
	ice: add missing checks for PF vsi type
	ACPI: Don't build ACPICA with '-Os'
	clocksource: Suspend the watchdog temporarily when high read latency detected
	crypto: hisilicon: Wipe entire pool on error
	net: bcmgenet: Add a check for oversized packets
	m68k: Check syscall_trace_enter() return code
	wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
	ACPI: video: Fix Lenovo Ideapad Z570 DMI match
	net/mlx5: fw_tracer: Fix debug print
	coda: Avoid partial allocation of sig_inputArgs
	uaccess: Add minimum bounds check on kernel buffer size
	PM: EM: fix memory leak with using debugfs_lookup()
	Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
	drm/amd/display: Fix potential null-deref in dm_resume
	drm/omap: dsi: Fix excessive stack usage
	HID: Add Mapping for System Microphone Mute
	drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
	drm/radeon: free iio for atombios when driver shutdown
	drm: amd: display: Fix memory leakage
	drm/msm/dsi: Add missing check for alloc_ordered_workqueue
	docs/scripts/gdb: add necessary make scripts_gdb step
	ASoC: kirkwood: Iterate over array indexes instead of using pointer math
	regulator: max77802: Bounds check regulator id against opmode
	regulator: s5m8767: Bounds check id indexing into arrays
	gfs2: Improve gfs2_make_fs_rw error handling
	hwmon: (coretemp) Simplify platform device handling
	pinctrl: at91: use devm_kasprintf() to avoid potential leaks
	HID: logitech-hidpp: Don't restart communication if not necessary
	drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
	dm thin: add cond_resched() to various workqueue loops
	dm cache: add cond_resched() to various workqueue loops
	nfsd: zero out pointers after putting nfsd_files on COPY setup error
	wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
	firmware: coreboot: framebuffer: Ignore reserved pixel color bits
	rtc: pm8xxx: fix set-alarm race
	ipmi_ssif: Rename idle state and check
	s390/extmem: return correct segment type in __segment_load()
	s390: discard .interp section
	s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
	s390/kprobes: fix current_kprobe never cleared after kprobes reenter
	cifs: Fix uninitialized memory read in smb3_qfs_tcon()
	ARM: dts: exynos: correct HDMI phy compatible in Exynos4
	hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
	fs: hfsplus: fix UAF issue in hfsplus_put_super
	exfat: fix reporting fs error when reading dir beyond EOF
	exfat: fix unexpected EOF while reading dir
	exfat: redefine DIR_DELETED as the bad cluster number
	exfat: fix inode->i_blocks for non-512 byte sector size device
	f2fs: fix information leak in f2fs_move_inline_dirents()
	f2fs: fix cgroup writeback accounting with fs-layer encryption
	ocfs2: fix defrag path triggering jbd2 ASSERT
	ocfs2: fix non-auto defrag path not working issue
	udf: Truncate added extents on failed expansion
	udf: Do not bother merging very long extents
	udf: Do not update file length for failed writes to inline files
	udf: Preserve link count of system files
	udf: Detect system inodes linked into directory hierarchy
	udf: Fix file corruption when appending just after end of preallocated extent
	KVM: Destroy target device if coalesced MMIO unregistration fails
	KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
	KVM: s390: disable migration mode when dirty tracking is disabled
	x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
	x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
	x86/reboot: Disable virtualization in an emergency if SVM is supported
	x86/reboot: Disable SVM, not just VMX, when stopping CPUs
	x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
	x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
	x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
	x86/microcode/AMD: Add a @cpu parameter to the reloading functions
	x86/microcode/AMD: Fix mixed steppings support
	x86/speculation: Allow enabling STIBP with legacy IBRS
	Documentation/hw-vuln: Document the interaction between IBRS and STIBP
	brd: return 0/-error from brd_insert_page()
	ima: Align ima_file_mmap() parameters with mmap_file LSM hook
	irqdomain: Fix association race
	irqdomain: Fix disassociation race
	irqdomain: Drop bogus fwspec-mapping error handling
	io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
	io_uring: mark task TASK_RUNNING before handling resume/task work
	io_uring: add a conditional reschedule to the IOPOLL cancelation loop
	io_uring/rsrc: disallow multi-source reg buffers
	io_uring: remove MSG_NOSIGNAL from recvmsg
	io_uring/poll: allow some retries for poll triggering spuriously
	ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
	ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
	jbd2: fix data missing when reusing bh which is ready to be checkpointed
	ext4: optimize ea_inode block expansion
	ext4: refuse to create ea block when umounted
	mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
	dm: add cond_resched() to dm_wq_work()
	wifi: rtl8xxxu: Use a longer retry limit of 48
	wifi: cfg80211: Fix use after free for wext
	thermal: intel: powerclamp: Fix cur_state for multi package system
	dm flakey: fix logic when corrupting a bio
	dm flakey: don't corrupt the zero page
	ARM: dts: exynos: correct TMU phandle in Exynos4210
	ARM: dts: exynos: correct TMU phandle in Exynos4
	ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
	ARM: dts: exynos: correct TMU phandle in Exynos5250
	ARM: dts: exynos: correct TMU phandle in Odroid XU
	ARM: dts: exynos: correct TMU phandle in Odroid HC1
	rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
	alpha: fix FEN fault handling
	dax/kmem: Fix leak of memory-hotplug resources
	mips: fix syscall_get_nr
	media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
	remoteproc/mtk_scp: Move clk ops outside send_lock
	docs: gdbmacros: print newest record
	mm: memcontrol: deprecate charge moving
	mm/thp: check and bail out if page in deferred queue already
	ktest.pl: Give back console on Ctrt^C on monitor
	ktest.pl: Fix missing "end_monitor" when machine check fails
	ktest.pl: Add RUN_TIMEOUT option with default unlimited
	ring-buffer: Handle race between rb_move_tail and rb_check_pages
	scsi: qla2xxx: Fix link failure in NPIV environment
	scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
	scsi: qla2xxx: Fix erroneous link down
	scsi: ses: Don't attach if enclosure has no components
	scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
	scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
	scsi: ses: Fix possible desc_ptr out-of-bounds accesses
	scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
	riscv: jump_label: Fixup unaligned arch_static_branch function
	PCI/PM: Observe reset delay irrespective of bridge_d3
	PCI: hotplug: Allow marking devices as disconnected during bind/unbind
	PCI: Avoid FLR for AMD FCH AHCI adapters
	vfio/type1: prevent underflow of locked_vm via exec()
	drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
	drm/radeon: Fix eDP for single-display iMac11,2
	drm/edid: fix AVI infoframe aspect ratio handling
	arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
	wifi: ath9k: use proper statements in conditionals
	pinctrl: rockchip: fix mux route data for rk3568
	pinctrl: rockchip: fix reading pull type on rk3568
	kbuild: Port silent mode detection to future gnu make.
	net/sched: Retire tcindex classifier
	fs/jfs: fix shift exponent db_agl2size negative
	objtool: Fix memory leak in create_static_call_sections()
	pwm: sifive: Reduce time the controller lock is held
	pwm: sifive: Always let the first pwm_apply_state succeed
	pwm: stm32-lp: fix the check on arr and cmp registers update
	f2fs: use memcpy_{to,from}_page() where possible
	fs: f2fs: initialize fsdata in pagecache_write()
	um: vector: Fix memory leak in vector_config
	ubi: ensure that VID header offset + VID header size <= alloc, size
	ubifs: Fix build errors as symbol undefined
	ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
	ubifs: Rectify space budget for ubifs_xrename()
	ubifs: Fix wrong dirty space budget for dirty inode
	ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
	ubifs: Reserve one leb for each journal head while doing budget
	ubi: Fix use-after-free when volume resizing failed
	ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
	ubifs: Fix memory leak in alloc_wbufs()
	ubi: Fix possible null-ptr-deref in ubi_free_volume()
	ubifs: Re-statistic cleaned znode count if commit failed
	ubifs: dirty_cow_znode: Fix memleak in error handling path
	ubifs: ubifs_writepage: Mark page dirty after writing inode failed
	ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
	ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
	ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
	x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
	watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
	watchdog: Fix kmemleak in watchdog_cdev_register
	watchdog: pcwd_usb: Fix attempting to access uninitialized memory
	netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
	netfilter: ebtables: fix table blob use-after-free
	ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
	sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
	net: fix __dev_kfree_skb_any() vs drop monitor
	9p/xen: fix version parsing
	9p/xen: fix connection sequence
	9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
	net/mlx5: Geneve, Fix handling of Geneve object id as error code
	nfc: fix memory leak of se_io context in nfc_genl_se_io
	net/sched: act_sample: fix action bind logic
	ARM: dts: spear320-hmi: correct STMPE GPIO compatible
	tcp: tcp_check_req() can be called from process context
	vc_screen: modify vcs_size() handling in vcs_read()
	rtc: sun6i: Always export the internal oscillator
	scsi: ipr: Work around fortify-string warning
	loop: loop_set_status_from_info() check before assignment
	ASoC: adau7118: don't disable regulators on device unbind
	ASoC: zl38060: Remove spurious gpiolib select
	ASoC: zl38060 add gpiolib dependency
	thermal: intel: quark_dts: fix error pointer dereference
	thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
	tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
	firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
	bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support
	mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
	IB/hfi1: Update RMT size calculation
	media: uvcvideo: Handle cameras with invalid descriptors
	media: uvcvideo: Handle errors from calls to usb_string
	media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
	media: uvcvideo: Silence memcpy() run-time false positive warnings
	staging: emxx_udc: Add checks for dma_alloc_coherent()
	tty: fix out-of-bounds access in tty_driver_lookup_tty()
	tty: serial: fsl_lpuart: disable the CTS when send break signal
	serial: sc16is7xx: setup GPIO controller later in probe
	mei: bus-fixup:upon error print return values of send and receive
	tools/iio/iio_utils:fix memory leak
	iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
	iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
	PCI: loongson: Prevent LS7A MRRS increases
	usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
	USB: ene_usb6250: Allocate enough memory for full object
	usb: uvc: Enumerate valid values for color matching
	usb: gadget: uvc: Make bSourceID read/write
	PCI: Align extra resources for hotplug bridges properly
	PCI: Take other bus devices into account when distributing resources
	kernel/fail_function: fix memory leak with using debugfs_lookup()
	PCI: loongson: Add more devices that need MRRS quirk
	PCI: Add ACS quirk for Wangxun NICs
	phy: rockchip-typec: Fix unsigned comparison with less than zero
	soundwire: cadence: Remove wasted space in response_buf
	soundwire: cadence: Drain the RX FIFO after an IO timeout
	net: tls: avoid hanging tasks on the tx_lock
	x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
	x86/resctl: fix scheduler confusion with 'current'
	drm/display/dp_mst: Fix down/up message handling after sink disconnect
	drm/display/dp_mst: Fix down message handling after a packet reception error
	Bluetooth: hci_sock: purge socket queues in the destruct() callback
	tcp: Fix listen() regression in 5.10.163
	drm/virtio: Fix error code in virtio_gpu_object_shmem_init()
	media: uvcvideo: Provide sync and async uvc_ctrl_status_event
	media: uvcvideo: Fix race condition with usb_kill_urb
	Revert "scsi: mpt3sas: Fix return value check of dma_get_required_mask()"
	scsi: mpt3sas: Don't change DMA mask while reallocating pools
	scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
	scsi: mpt3sas: Remove usage of dma_get_required_mask() API
	malidp: Fix NULL vs IS_ERR() checking
	usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
	Linux 5.10.173

Change-Id: Iedcbc093feb171d48c70976d0aa99e972fac3ad1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-03-22 11:21:35 +00:00

562 lines
14 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Kernel Probes Jump Optimization (Optprobes)
*
* Copyright (C) IBM Corporation, 2002, 2004
* Copyright (C) Hitachi Ltd., 2012
*/
#include <linux/kprobes.h>
#include <linux/perf_event.h>
#include <linux/ptrace.h>
#include <linux/string.h>
#include <linux/slab.h>
#include <linux/hardirq.h>
#include <linux/preempt.h>
#include <linux/extable.h>
#include <linux/kdebug.h>
#include <linux/kallsyms.h>
#include <linux/kgdb.h>
#include <linux/ftrace.h>
#include <linux/objtool.h>
#include <linux/pgtable.h>
#include <linux/static_call.h>
#include <asm/text-patching.h>
#include <asm/cacheflush.h>
#include <asm/desc.h>
#include <linux/uaccess.h>
#include <asm/alternative.h>
#include <asm/insn.h>
#include <asm/debugreg.h>
#include <asm/set_memory.h>
#include <asm/sections.h>
#include <asm/nospec-branch.h>
#include "common.h"
unsigned long __recover_optprobed_insn(kprobe_opcode_t *buf, unsigned long addr)
{
struct optimized_kprobe *op;
struct kprobe *kp;
long offs;
int i;
for (i = 0; i < JMP32_INSN_SIZE; i++) {
kp = get_kprobe((void *)addr - i);
/* This function only handles jump-optimized kprobe */
if (kp && kprobe_optimized(kp)) {
op = container_of(kp, struct optimized_kprobe, kp);
/* If op is optimized or under unoptimizing */
if (list_empty(&op->list) || optprobe_queued_unopt(op))
goto found;
}
}
return addr;
found:
/*
* If the kprobe can be optimized, original bytes which can be
* overwritten by jump destination address. In this case, original
* bytes must be recovered from op->optinsn.copied_insn buffer.
*/
if (copy_from_kernel_nofault(buf, (void *)addr,
MAX_INSN_SIZE * sizeof(kprobe_opcode_t)))
return 0UL;
if (addr == (unsigned long)kp->addr) {
buf[0] = kp->opcode;
memcpy(buf + 1, op->optinsn.copied_insn, DISP32_SIZE);
} else {
offs = addr - (unsigned long)kp->addr - 1;
memcpy(buf, op->optinsn.copied_insn + offs, DISP32_SIZE - offs);
}
return (unsigned long)buf;
}
static void synthesize_clac(kprobe_opcode_t *addr)
{
/*
* Can't be static_cpu_has() due to how objtool treats this feature bit.
* This isn't a fast path anyway.
*/
if (!boot_cpu_has(X86_FEATURE_SMAP))
return;
/* Replace the NOP3 with CLAC */
addr[0] = 0x0f;
addr[1] = 0x01;
addr[2] = 0xca;
}
/* Insert a move instruction which sets a pointer to eax/rdi (1st arg). */
static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
{
#ifdef CONFIG_X86_64
*addr++ = 0x48;
*addr++ = 0xbf;
#else
*addr++ = 0xb8;
#endif
*(unsigned long *)addr = val;
}
asm (
".pushsection .rodata\n"
"optprobe_template_func:\n"
".pushsection .discard.func_stack_frame_non_standard\n"
"__func_stack_frame_non_standard_optprobe_template_func:\n"
#ifdef CONFIG_64BIT
".quad optprobe_template_func\n"
#else
".long optprobe_template_func\n"
#endif
".popsection\n"
".global optprobe_template_entry\n"
"optprobe_template_entry:\n"
#ifdef CONFIG_X86_64
/* We don't bother saving the ss register */
" pushq %rsp\n"
" pushfq\n"
".global optprobe_template_clac\n"
"optprobe_template_clac:\n"
ASM_NOP3
SAVE_REGS_STRING
" movq %rsp, %rsi\n"
".global optprobe_template_val\n"
"optprobe_template_val:\n"
ASM_NOP5
ASM_NOP5
".global optprobe_template_call\n"
"optprobe_template_call:\n"
ASM_NOP5
/* Move flags to rsp */
" movq 18*8(%rsp), %rdx\n"
" movq %rdx, 19*8(%rsp)\n"
RESTORE_REGS_STRING
/* Skip flags entry */
" addq $8, %rsp\n"
" popfq\n"
#else /* CONFIG_X86_32 */
" pushl %esp\n"
" pushfl\n"
".global optprobe_template_clac\n"
"optprobe_template_clac:\n"
ASM_NOP3
SAVE_REGS_STRING
" movl %esp, %edx\n"
".global optprobe_template_val\n"
"optprobe_template_val:\n"
ASM_NOP5
".global optprobe_template_call\n"
"optprobe_template_call:\n"
ASM_NOP5
/* Move flags into esp */
" movl 14*4(%esp), %edx\n"
" movl %edx, 15*4(%esp)\n"
RESTORE_REGS_STRING
/* Skip flags entry */
" addl $4, %esp\n"
" popfl\n"
#endif
".global optprobe_template_end\n"
"optprobe_template_end:\n"
".popsection\n");
#define TMPL_CLAC_IDX \
((long)optprobe_template_clac - (long)optprobe_template_entry)
#define TMPL_MOVE_IDX \
((long)optprobe_template_val - (long)optprobe_template_entry)
#define TMPL_CALL_IDX \
((long)optprobe_template_call - (long)optprobe_template_entry)
#define TMPL_END_IDX \
((long)optprobe_template_end - (long)optprobe_template_entry)
/* Optimized kprobe call back function: called from optinsn */
static void
optimized_callback(struct optimized_kprobe *op, struct pt_regs *regs)
{
/* This is possible if op is under delayed unoptimizing */
if (kprobe_disabled(&op->kp))
return;
preempt_disable();
if (kprobe_running()) {
kprobes_inc_nmissed_count(&op->kp);
} else {
struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
/* Save skipped registers */
regs->cs = __KERNEL_CS;
#ifdef CONFIG_X86_32
regs->gs = 0;
#endif
regs->ip = (unsigned long)op->kp.addr + INT3_INSN_SIZE;
regs->orig_ax = ~0UL;
__this_cpu_write(current_kprobe, &op->kp);
kcb->kprobe_status = KPROBE_HIT_ACTIVE;
opt_pre_handler(&op->kp, regs);
__this_cpu_write(current_kprobe, NULL);
}
preempt_enable();
}
NOKPROBE_SYMBOL(optimized_callback);
static int copy_optimized_instructions(u8 *dest, u8 *src, u8 *real)
{
struct insn insn;
int len = 0, ret;
while (len < JMP32_INSN_SIZE) {
ret = __copy_instruction(dest + len, src + len, real + len, &insn);
if (!ret || !can_boost(&insn, src + len))
return -EINVAL;
len += ret;
}
/* Check whether the address range is reserved */
if (ftrace_text_reserved(src, src + len - 1) ||
alternatives_text_reserved(src, src + len - 1) ||
jump_label_text_reserved(src, src + len - 1) ||
static_call_text_reserved(src, src + len - 1))
return -EBUSY;
return len;
}
/* Check whether insn is indirect jump */
static int __insn_is_indirect_jump(struct insn *insn)
{
return ((insn->opcode.bytes[0] == 0xff &&
(X86_MODRM_REG(insn->modrm.value) & 6) == 4) || /* Jump */
insn->opcode.bytes[0] == 0xea); /* Segment based jump */
}
/* Check whether insn jumps into specified address range */
static int insn_jump_into_range(struct insn *insn, unsigned long start, int len)
{
unsigned long target = 0;
switch (insn->opcode.bytes[0]) {
case 0xe0: /* loopne */
case 0xe1: /* loope */
case 0xe2: /* loop */
case 0xe3: /* jcxz */
case 0xe9: /* near relative jump */
case 0xeb: /* short relative jump */
break;
case 0x0f:
if ((insn->opcode.bytes[1] & 0xf0) == 0x80) /* jcc near */
break;
return 0;
default:
if ((insn->opcode.bytes[0] & 0xf0) == 0x70) /* jcc short */
break;
return 0;
}
target = (unsigned long)insn->next_byte + insn->immediate.value;
return (start <= target && target <= start + len);
}
static int insn_is_indirect_jump(struct insn *insn)
{
int ret = __insn_is_indirect_jump(insn);
#ifdef CONFIG_RETPOLINE
/*
* Jump to x86_indirect_thunk_* is treated as an indirect jump.
* Note that even with CONFIG_RETPOLINE=y, the kernel compiled with
* older gcc may use indirect jump. So we add this check instead of
* replace indirect-jump check.
*/
if (!ret)
ret = insn_jump_into_range(insn,
(unsigned long)__indirect_thunk_start,
(unsigned long)__indirect_thunk_end -
(unsigned long)__indirect_thunk_start);
#endif
return ret;
}
/* Decode whole function to ensure any instructions don't jump into target */
static int can_optimize(unsigned long paddr)
{
unsigned long addr, size = 0, offset = 0;
struct insn insn;
kprobe_opcode_t buf[MAX_INSN_SIZE];
/* Lookup symbol including addr */
if (!kallsyms_lookup_size_offset(paddr, &size, &offset))
return 0;
/*
* Do not optimize in the entry code due to the unstable
* stack handling and registers setup.
*/
if (((paddr >= (unsigned long)__entry_text_start) &&
(paddr < (unsigned long)__entry_text_end)))
return 0;
/* Check there is enough space for a relative jump. */
if (size - offset < JMP32_INSN_SIZE)
return 0;
/* Decode instructions */
addr = paddr - offset;
while (addr < paddr - offset + size) { /* Decode until function end */
unsigned long recovered_insn;
int ret;
if (search_exception_tables(addr))
/*
* Since some fixup code will jumps into this function,
* we can't optimize kprobe in this function.
*/
return 0;
recovered_insn = recover_probed_instruction(buf, addr);
if (!recovered_insn)
return 0;
ret = insn_decode(&insn, (void *)recovered_insn, MAX_INSN_SIZE, INSN_MODE_KERN);
if (ret < 0)
return 0;
#ifdef CONFIG_KGDB
/*
* If there is a dynamically installed kgdb sw breakpoint,
* this function should not be probed.
*/
if (insn.opcode.bytes[0] == INT3_INSN_OPCODE &&
kgdb_has_hit_break(addr))
return 0;
#endif
/* Recover address */
insn.kaddr = (void *)addr;
insn.next_byte = (void *)(addr + insn.length);
/* Check any instructions don't jump into target */
if (insn_is_indirect_jump(&insn) ||
insn_jump_into_range(&insn, paddr + INT3_INSN_SIZE,
DISP32_SIZE))
return 0;
addr += insn.length;
}
return 1;
}
/* Check optimized_kprobe can actually be optimized. */
int arch_check_optimized_kprobe(struct optimized_kprobe *op)
{
int i;
struct kprobe *p;
for (i = 1; i < op->optinsn.size; i++) {
p = get_kprobe(op->kp.addr + i);
if (p && !kprobe_disarmed(p))
return -EEXIST;
}
return 0;
}
/* Check the addr is within the optimized instructions. */
int arch_within_optimized_kprobe(struct optimized_kprobe *op,
unsigned long addr)
{
return ((unsigned long)op->kp.addr <= addr &&
(unsigned long)op->kp.addr + op->optinsn.size > addr);
}
/* Free optimized instruction slot */
static
void __arch_remove_optimized_kprobe(struct optimized_kprobe *op, int dirty)
{
u8 *slot = op->optinsn.insn;
if (slot) {
int len = TMPL_END_IDX + op->optinsn.size + JMP32_INSN_SIZE;
/* Record the perf event before freeing the slot */
if (dirty)
perf_event_text_poke(slot, slot, len, NULL, 0);
free_optinsn_slot(slot, dirty);
op->optinsn.insn = NULL;
op->optinsn.size = 0;
}
}
void arch_remove_optimized_kprobe(struct optimized_kprobe *op)
{
__arch_remove_optimized_kprobe(op, 1);
}
/*
* Copy replacing target instructions
* Target instructions MUST be relocatable (checked inside)
* This is called when new aggr(opt)probe is allocated or reused.
*/
int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
struct kprobe *__unused)
{
u8 *buf = NULL, *slot;
int ret, len;
long rel;
if (!can_optimize((unsigned long)op->kp.addr))
return -EILSEQ;
buf = kzalloc(MAX_OPTINSN_SIZE, GFP_KERNEL);
if (!buf)
return -ENOMEM;
op->optinsn.insn = slot = get_optinsn_slot();
if (!slot) {
ret = -ENOMEM;
goto out;
}
/*
* Verify if the address gap is in 2GB range, because this uses
* a relative jump.
*/
rel = (long)slot - (long)op->kp.addr + JMP32_INSN_SIZE;
if (abs(rel) > 0x7fffffff) {
ret = -ERANGE;
goto err;
}
/* Copy arch-dep-instance from template */
memcpy(buf, optprobe_template_entry, TMPL_END_IDX);
/* Copy instructions into the out-of-line buffer */
ret = copy_optimized_instructions(buf + TMPL_END_IDX, op->kp.addr,
slot + TMPL_END_IDX);
if (ret < 0)
goto err;
op->optinsn.size = ret;
len = TMPL_END_IDX + op->optinsn.size;
synthesize_clac(buf + TMPL_CLAC_IDX);
/* Set probe information */
synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op);
/* Set probe function call */
synthesize_relcall(buf + TMPL_CALL_IDX,
slot + TMPL_CALL_IDX, optimized_callback);
/* Set returning jmp instruction at the tail of out-of-line buffer */
synthesize_reljump(buf + len, slot + len,
(u8 *)op->kp.addr + op->optinsn.size);
len += JMP32_INSN_SIZE;
/*
* Note len = TMPL_END_IDX + op->optinsn.size + JMP32_INSN_SIZE is also
* used in __arch_remove_optimized_kprobe().
*/
/* We have to use text_poke() for instruction buffer because it is RO */
perf_event_text_poke(slot, NULL, 0, buf, len);
text_poke(slot, buf, len);
ret = 0;
out:
kfree(buf);
return ret;
err:
__arch_remove_optimized_kprobe(op, 0);
goto out;
}
/*
* Replace breakpoints (INT3) with relative jumps (JMP.d32).
* Caller must call with locking kprobe_mutex and text_mutex.
*
* The caller will have installed a regular kprobe and after that issued
* syncrhonize_rcu_tasks(), this ensures that the instruction(s) that live in
* the 4 bytes after the INT3 are unused and can now be overwritten.
*/
void arch_optimize_kprobes(struct list_head *oplist)
{
struct optimized_kprobe *op, *tmp;
u8 insn_buff[JMP32_INSN_SIZE];
list_for_each_entry_safe(op, tmp, oplist, list) {
s32 rel = (s32)((long)op->optinsn.insn -
((long)op->kp.addr + JMP32_INSN_SIZE));
WARN_ON(kprobe_disabled(&op->kp));
/* Backup instructions which will be replaced by jump address */
memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_INSN_SIZE,
DISP32_SIZE);
insn_buff[0] = JMP32_INSN_OPCODE;
*(s32 *)(&insn_buff[1]) = rel;
text_poke_bp(op->kp.addr, insn_buff, JMP32_INSN_SIZE, NULL);
list_del_init(&op->list);
}
}
/*
* Replace a relative jump (JMP.d32) with a breakpoint (INT3).
*
* After that, we can restore the 4 bytes after the INT3 to undo what
* arch_optimize_kprobes() scribbled. This is safe since those bytes will be
* unused once the INT3 lands.
*/
void arch_unoptimize_kprobe(struct optimized_kprobe *op)
{
u8 new[JMP32_INSN_SIZE] = { INT3_INSN_OPCODE, };
u8 old[JMP32_INSN_SIZE];
u8 *addr = op->kp.addr;
memcpy(old, op->kp.addr, JMP32_INSN_SIZE);
memcpy(new + INT3_INSN_SIZE,
op->optinsn.copied_insn,
JMP32_INSN_SIZE - INT3_INSN_SIZE);
text_poke(addr, new, INT3_INSN_SIZE);
text_poke_sync();
text_poke(addr + INT3_INSN_SIZE,
new + INT3_INSN_SIZE,
JMP32_INSN_SIZE - INT3_INSN_SIZE);
text_poke_sync();
perf_event_text_poke(op->kp.addr, old, JMP32_INSN_SIZE, new, JMP32_INSN_SIZE);
}
/*
* Recover original instructions and breakpoints from relative jumps.
* Caller must call with locking kprobe_mutex.
*/
extern void arch_unoptimize_kprobes(struct list_head *oplist,
struct list_head *done_list)
{
struct optimized_kprobe *op, *tmp;
list_for_each_entry_safe(op, tmp, oplist, list) {
arch_unoptimize_kprobe(op);
list_move(&op->list, done_list);
}
}
int setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter)
{
struct optimized_kprobe *op;
if (p->flags & KPROBE_FLAG_OPTIMIZED) {
/* This kprobe is really able to run optimized path. */
op = container_of(p, struct optimized_kprobe, kp);
/* Detour through copied instructions */
regs->ip = (unsigned long)op->optinsn.insn + TMPL_END_IDX;
if (!reenter)
reset_current_kprobe();
return 1;
}
return 0;
}
NOKPROBE_SYMBOL(setup_detour_execution);
Reference in New Issue View Git Blame Copy Permalink