linux/arch/arm/kernel
Mika Westerberg 782a0fd167 ARM: 6005/1: arm: kprobes: fix register corruption with jprobes
Current implementation of jprobes allocates empty pt_regs from the
stack which is then passed to kprobe_handler() and eventually to
singlestep().  Now when instruction being simulated is STMFD (like
in normal function prologues without CONFIG_FRAME_POINTER), stores
using SP actually write over top of the fabricated pt_regs
structure.

This can be reproduced for example by using LKDTM module:
    # modprobe lkdtm
    # mount -t debugfs none /sys/kernel/debug
    # echo PANIC > /sys/kernel/debug/provoke-crash/INT_HW_IRQ_EN

after this, it fails with corrupted registers (before the requested crash would occur):

lkdtm: Crash point INT_HW_IRQ_EN of type PANIC hit, trigger in 9 rounds
lkdtm: Crash point INT_HW_IRQ_EN of type PANIC hit, trigger in 8 rounds
Internal error: Oops - undefined instruction: 0 [#1]
last sysfs file: /sys/devices/platform/serial8250.0/sleep_timeout
Modules linked in: lkdtm
CPU: 0    Not tainted  (2.6.34-rc2 #69)
PC is at irq_desc+0x1638/0xeeb0
LR is at 0x25
pc : [<c050b428>]    lr : [<00000025>]    psr: c80a0013
sp : ce94bd60  ip : c050b3e8  fp : a0000013
r10: c0aa453c  r9 : cf5d4000  r8 : ce9a1822
r7 : c050b424  r6 : 00000025  r5 : c039d8f8  r4 : c050b3e8
r3 : 00000001  r2 : cf4d0440  r1 : c039d8f8  r0 : 00000020
Flags: NZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c5387d  Table: 8e804019  DAC: 00000015
Process sh (pid: 496, stack limit = 0xce94a2e8)
Stack: (0xce94bd60 to 0xce94c000)
[...]
Code: 000002cd 00000000 00000000 00000001 (dead4ead)
---[ end trace 2b46d5f2b682f370 ]---
Kernel panic - not syncing: Fatal exception in interrupt

This patch allocates enough space (2 * sizeof(struct pt_regs)) from
the stack to prevent such corruption.

Signed-off-by: Mika Westerberg <ext-mika.1.westerberg@nokia.com>
Acked-by: Nicolas Pitre <nico@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2010-03-29 17:33:33 +01:00
..
.gitignore
armksyms.c ARM: unexport symbols used to implement floating point emulation 2009-12-15 16:28:22 +10:30
arthur.c
asm-offsets.c ARM: dma-mapping: provide per-cpu type map/unmap functions 2010-02-15 15:22:20 +00:00
atags.c
atags.h
bios32.c resource/PCI: mark struct resource as const 2010-02-22 16:16:57 -08:00
calls.S Add generic sys_old_mmap() 2010-03-12 15:52:32 -08:00
compat.c
compat.h
crunch-bits.S
crunch.c ARM: Convert VFP/Crunch/XscaleCP thread_release() to exit_thread() 2009-12-18 14:53:41 +00:00
debug.S ARM: 5910/1: ARM: Add tmp register for addruart and loadsp 2010-02-12 17:27:52 +00:00
dma-isa.c ARM: dma-isa: request cascade channel after registering it 2009-12-24 18:34:08 +00:00
dma.c
early_printk.c ARM: Add an earlyprintk debug console 2009-12-09 10:02:18 +00:00
ecard.c
ecard.h
elf.c ARM: 5883/1: Revert "disable NX support for OABI-supporting kernels" 2010-01-18 14:12:11 +00:00
entry-armv.S ARM: Fix wrong dmb 2010-01-12 18:59:16 +00:00
entry-common.S Unify sys_mmap* 2009-12-11 06:44:29 -05:00
entry-header.S ARM: 5991/1: Fix regression in restore_user_regs macro 2010-03-15 17:20:08 +00:00
etm.c ARM: 5841/1: a driver for on-chip ETM and ETB 2009-12-02 10:25:22 +00:00
fiq.c
ftrace.c
head-common.S ARM: 5784/1: fix early boot machine ID mismatch error display 2009-11-08 11:58:54 +00:00
head-nommu.S ARM: convert to use __HEAD and HEAD_TEXT macros. 2009-11-23 20:33:34 +00:00
head.S ARM: convert to use __HEAD and HEAD_TEXT macros. 2009-11-23 20:33:34 +00:00
init_task.c Use new __init_task_data macro in arch init_task.c files. 2009-09-21 06:27:08 +02:00
io.c
irq.c genirq: Convert irq_desc.lock to raw_spinlock 2009-12-14 23:55:33 +01:00
isa.c sysctl: Drop & in front of every proc_handler. 2009-11-18 08:37:40 -08:00
iwmmxt.S
kgdb.c ARM: 5989/1: ARM: KGDB: add support for SMP platforms 2010-03-15 14:33:04 +00:00
kprobes-decode.c
kprobes.c ARM: 6005/1: arm: kprobes: fix register corruption with jprobes 2010-03-29 17:33:33 +01:00
leds.c ARM: move LED support code out of arch/arm/kernel/time.c 2010-02-15 21:39:12 +00:00
machine_kexec.c
Makefile Merge branch 'misc2' into devel 2010-02-25 22:09:41 +00:00
module.c Thumb-2: Add support for loadable modules 2009-07-24 12:32:59 +01:00
perf_event.c Merge master.kernel.org:/pub/scm/linux/kernel/git/lethal/genesis-2.6 2010-03-15 14:27:06 +00:00
pmu.c ARM: 5899/2: arm: provide a mechanism to reserve performance counters 2010-02-12 17:23:43 +00:00
process.c ARM: 5868/1: ARM: fix "BUG: using smp_processor_id() in preemptible code" 2010-01-08 16:14:29 +00:00
ptrace.c arm: use generic ptrace_resume code 2010-03-12 15:52:38 -08:00
ptrace.h arm: use generic ptrace_resume code 2010-03-12 15:52:38 -08:00
relocate_kernel.S
return_address.c [ARM] 5613/1: implement CALLER_ADDRESSx 2009-07-21 17:21:28 +01:00
setup.c Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm 2010-03-01 09:15:15 -08:00
signal.c ARM: 5793/1: ARM: Check put_user fail in do_signal when enable OABI_COMPAT 2009-11-23 17:28:23 +00:00
signal.h ARM: Fix signal restart issues with NX and OABI compat 2009-10-25 15:39:37 +00:00
smp_scu.c Check whether the SCU was already initialised 2009-11-05 10:10:36 +00:00
smp_twd.c ARM: Do not allow the probing of the local timer 2009-12-09 13:19:31 +00:00
smp.c ARM: Add L2 cache handling to smp boot support 2010-03-14 19:42:35 +00:00
stacktrace.c [ARM] 5613/1: implement CALLER_ADDRESSx 2009-07-21 17:21:28 +01:00
sys_arm.c Add generic sys_ipc wrapper 2010-03-12 15:52:32 -08:00
sys_oabi-compat.c Add generic sys_ipc wrapper 2010-03-12 15:52:32 -08:00
tcm.c ARM: 5580/2: ARM TCM (Tightly-Coupled Memory) support v3 2009-09-15 22:11:05 +01:00
tcm.h ARM: 5580/2: ARM TCM (Tightly-Coupled Memory) support v3 2009-09-15 22:11:05 +01:00
thumbee.c
time.c ARM: move LED support code out of arch/arm/kernel/time.c 2010-02-15 21:39:12 +00:00
traps.c ARM: add notify_die() support 2010-02-15 21:39:14 +00:00
unwind.c ARM: 5977/1: arm: Enable backtrace printing on oops when PC is corrupted 2010-03-07 10:22:00 +00:00
vmlinux.lds.S ARM: 5880/1: arm: use generic infrastructure for early params 2010-02-15 21:39:13 +00:00
xscale-cp0.c ARM: Convert VFP/Crunch/XscaleCP thread_release() to exit_thread() 2009-12-18 14:53:41 +00:00