commit d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

x86/entry/64: Don't use IST entry for #BP stack

There's nothing IST-worthy about #BP/int3. We don't allow kprobes
in the small handful of places in the kernel that run at CPL0 with
an invalid stack, and 32-bit kernels have used normal interrupt
gates for #BP forever.

Furthermore, we don't allow kprobes in places that have usergs while
in kernel mode, so "paranoid" is also unnecessary.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org

authored by Andy Lutomirski and committed by Thomas Gleixner 7 years ago d8ba61ba 06ace26f

+9 -10

3 changed files

expand all

unified split

arch

x86

entry

entry_64.S

kernel

idt.c

traps.c

+1 -1

arch/x86/entry/entry_64.S

··· 1138 1138 #endif /* CONFIG_HYPERV */ 1139 1139 1140 1140 idtentry debug do_debug has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK 1141 - idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK 1141 + idtentry int3 do_int3 has_error_code=0 1142 1142 idtentry stack_segment do_stack_segment has_error_code=1 1143 1143 1144 1144 #ifdef CONFIG_XEN

-2

arch/x86/kernel/idt.c

··· 160 160 */ 161 161 static const __initconst struct idt_data dbg_idts[] = { 162 162 INTG(X86_TRAP_DB, debug), 163 - INTG(X86_TRAP_BP, int3), 164 163 }; 165 164 #endif 166 165 ··· 182 183 static const __initconst struct idt_data ist_idts[] = { 183 184 ISTG(X86_TRAP_DB, debug, DEBUG_STACK), 184 185 ISTG(X86_TRAP_NMI, nmi, NMI_STACK), 185 - SISTG(X86_TRAP_BP, int3, DEBUG_STACK), 186 186 ISTG(X86_TRAP_DF, double_fault, DOUBLEFAULT_STACK), 187 187 #ifdef CONFIG_X86_MCE 188 188 ISTG(X86_TRAP_MC, &machine_check, MCE_STACK),

+8 -7

arch/x86/kernel/traps.c

··· 577 577 } 578 578 NOKPROBE_SYMBOL(do_general_protection); 579 579 580 - /* May run on IST stack. */ 581 580 dotraplinkage void notrace do_int3(struct pt_regs *regs, long error_code) 582 581 { 583 582 #ifdef CONFIG_DYNAMIC_FTRACE ··· 591 592 if (poke_int3_handler(regs)) 592 593 return; 593 594 595 + /* 596 + * Use ist_enter despite the fact that we don't use an IST stack. 597 + * We can be called from a kprobe in non-CONTEXT_KERNEL kernel 598 + * mode or even during context tracking state changes. 599 + * 600 + * This means that we can't schedule. That's okay. 601 + */ 594 602 ist_enter(regs); 595 603 RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU"); 596 604 #ifdef CONFIG_KGDB_LOW_LEVEL_TRAP ··· 615 609 SIGTRAP) == NOTIFY_STOP) 616 610 goto exit; 617 611 618 - /* 619 - * Let others (NMI) know that the debug stack is in use 620 - * as we may switch to the interrupt stack. 621 - */ 622 - debug_stack_usage_inc(); 623 612 cond_local_irq_enable(regs); 624 613 do_trap(X86_TRAP_BP, SIGTRAP, "int3", regs, error_code, NULL); 625 614 cond_local_irq_disable(regs); 626 - debug_stack_usage_dec(); 615 + 627 616 exit: 628 617 ist_exit(regs); 629 618 }