Commit 250bbd12 authored by Denys Vlasenko's avatar Denys Vlasenko Committed by Oleg Nesterov

uprobes/x86: Refuse to attach uprobe to "word-sized" branch insns

All branch insns on x86 can be prefixed with the operand-size
override prefix, 0x66. It was only ever useful for performing
jumps to 32-bit offsets in 16-bit code segments.

In 32-bit code, such instructions are useless since
they cause IP truncation to 16 bits, and in case of call insns,
they save only 16 bits of return address and misalign
the stack pointer as a "bonus".

In 64-bit code, such instructions are treated differently by Intel
and AMD CPUs: Intel ignores the prefix altogether,
AMD treats them the same as in 32-bit mode.

Before this patch, the emulation code would execute
the instructions as if they have no 0x66 prefix.

With this patch, we refuse to attach uprobes to such insns.
Signed-off-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
Acked-by: default avatarJim Keniston <jkenisto@us.ibm.com>
Acked-by: default avatarMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
parent 20113199
...@@ -583,6 +583,7 @@ static struct uprobe_xol_ops branch_xol_ops = { ...@@ -583,6 +583,7 @@ static struct uprobe_xol_ops branch_xol_ops = {
static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn) static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn)
{ {
u8 opc1 = OPCODE1(insn); u8 opc1 = OPCODE1(insn);
int i;
/* has the side-effect of processing the entire instruction */ /* has the side-effect of processing the entire instruction */
insn_get_length(insn); insn_get_length(insn);
...@@ -612,6 +613,16 @@ static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn) ...@@ -612,6 +613,16 @@ static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn)
return -ENOSYS; return -ENOSYS;
} }
/*
* 16-bit overrides such as CALLW (66 e8 nn nn) are not supported.
* Intel and AMD behavior differ in 64-bit mode: Intel ignores 66 prefix.
* No one uses these insns, reject any branch insns with such prefix.
*/
for (i = 0; i < insn->prefixes.nbytes; i++) {
if (insn->prefixes.bytes[i] == 0x66)
return -ENOTSUPP;
}
auprobe->branch.opc1 = opc1; auprobe->branch.opc1 = opc1;
auprobe->branch.ilen = insn->length; auprobe->branch.ilen = insn->length;
auprobe->branch.offs = insn->immediate.value; auprobe->branch.offs = insn->immediate.value;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment