tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[PATCH] i386/x86-64: Add user_mode checks to profile_pc for oprofile

Fixes a obscure user space triggerable crash during oprofiling.

Oprofile calls profile_pc from NMIs even when user_mode(regs) is not true and
the program counter is inside the kernel lock section. This opens
a race - when a user program jumps to a kernel lock address and
a NMI happens before the illegal page fault exception is raised
and the program has a unmapped esp or ebp then the kernel could
oops. NMIs have a higher priority than exceptions so that could
happen.

Add user_mode checks to i386/x86-64 profile_pc to prevent that.

Cc: John Levon <levon@movementarian.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by Andi Kleen and committed by Linus Torvalds d5a26017 5d2edfe0

+2 -2
unified split
+1 -1
arch/i386/kernel/time.c
··· 135 135 { 136 136 unsigned long pc = instruction_pointer(regs); 137 137 138 - if (in_lock_functions(pc)) 138 + if (!user_mode_vm(regs) && in_lock_functions(pc)) 139 139 return *(unsigned long *)(regs->ebp + 4); 140 140 141 141 return pc;
+1 -1
arch/x86_64/kernel/time.c
··· 193 193 is just accounted to the spinlock function. 194 194 Better would be to write these functions in assembler again 195 195 and check exactly. */ 196 - if (in_lock_functions(pc)) { 196 + if (!user_mode(regs) && in_lock_functions(pc)) { 197 197 char *v = *(char **)regs->rsp; 198 198 if ((v >= _stext && v <= _etext) || 199 199 (v >= _sinittext && v <= _einittext) ||