releases/4.9.171/kprobes-fix-error-check-when-reusing-optimized-probes.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 5f843ed415581cfad4ef8fefe31c138a8346ca8a Mon Sep 17 00:00:00 2001
 From: Masami Hiramatsu <mhiramat@kernel.org>
 Date: Mon, 15 Apr 2019 15:01:25 +0900
 Subject: kprobes: Fix error check when reusing optimized probes

 From: Masami Hiramatsu <mhiramat@kernel.org>

 commit 5f843ed415581cfad4ef8fefe31c138a8346ca8a upstream.

 The following commit introduced a bug in one of our error paths:

   819319fc9346 ("kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()")

 it missed to handle the return value of kprobe_optready() as
 error-value. In reality, the kprobe_optready() returns a bool
 result, so "true" case must be passed instead of 0.

 This causes some errors on kprobe boot-time selftests on ARM:

  [   ] Beginning kprobe tests...
  [   ] Probe ARM code
  [   ]     kprobe
  [   ]     kretprobe
  [   ] ARM instruction simulation
  [   ]     Check decoding tables
  [   ]     Run test cases
  [   ] FAIL: test_case_handler not run
  [   ] FAIL: Test andge	r10, r11, r14, asr r7
  [   ] FAIL: Scenario 11
  ...
  [   ] FAIL: Scenario 7
  [   ] Total instruction simulation tests=1631, pass=1433 fail=198
  [   ] kprobe tests failed

 This can happen if an optimized probe is unregistered and next
 kprobe is registered on same address until the previous probe
 is not reclaimed.

 If this happens, a hidden aggregated probe may be kept in memory,
 and no new kprobe can probe same address. Also, in that case
 register_kprobe() will return "1" instead of minus error value,
 which can mislead caller logic.

 Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
 Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
 Cc: David S . Miller <davem@davemloft.net>
 Cc: Linus Torvalds <torvalds@linux-foundation.org>
 Cc: Naveen N . Rao <naveen.n.rao@linux.vnet.ibm.com>
 Cc: Peter Zijlstra <peterz@infradead.org>
 Cc: Thomas Gleixner <tglx@linutronix.de>
 Cc: stable@vger.kernel.org # v5.0+
 Fixes: 819319fc9346 ("kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()")
 Link: http://lkml.kernel.org/r/155530808559.32517.539898325433642204.stgit@devnote2
 Signed-off-by: Ingo Molnar <mingo@kernel.org>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  kernel/kprobes.c |    6 ++----
  1 file changed, 2 insertions(+), 4 deletions(-)

 --- a/kernel/kprobes.c
 +++ b/kernel/kprobes.c
 @@ -668,7 +668,6 @@ static void unoptimize_kprobe(struct kpr
  static int reuse_unused_kprobe(struct kprobe *ap)
  {
  	struct optimized_kprobe *op;
 -	int ret;

  	BUG_ON(!kprobe_unused(ap));
  	/*
 @@ -682,9 +681,8 @@ static int reuse_unused_kprobe(struct kp
  	/* Enable the probe again */
  	ap->flags &= ~KPROBE_FLAG_DISABLED;
  	/* Optimize it again (remove from op->list) */
 -	ret = kprobe_optready(ap);
 -	if (ret)
 -		return ret;
 +	if (!kprobe_optready(ap))
 +		return -EINVAL;

  	optimize_kprobe(ap);
  	return 0;
	From 5f843ed415581cfad4ef8fefe31c138a8346ca8a Mon Sep 17 00:00:00 2001
	From: Masami Hiramatsu <mhiramat@kernel.org>
	Date: Mon, 15 Apr 2019 15:01:25 +0900
	Subject: kprobes: Fix error check when reusing optimized probes

	From: Masami Hiramatsu <mhiramat@kernel.org>

	commit 5f843ed415581cfad4ef8fefe31c138a8346ca8a upstream.

	The following commit introduced a bug in one of our error paths:

	819319fc9346 ("kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()")

	it missed to handle the return value of kprobe_optready() as
	error-value. In reality, the kprobe_optready() returns a bool
	result, so "true" case must be passed instead of 0.

	This causes some errors on kprobe boot-time selftests on ARM:

	[ ] Beginning kprobe tests...
	[ ] Probe ARM code
	[ ] kprobe
	[ ] kretprobe
	[ ] ARM instruction simulation
	[ ] Check decoding tables
	[ ] Run test cases
	[ ] FAIL: test_case_handler not run
	[ ] FAIL: Test andge r10, r11, r14, asr r7
	[ ] FAIL: Scenario 11
	...
	[ ] FAIL: Scenario 7
	[ ] Total instruction simulation tests=1631, pass=1433 fail=198
	[ ] kprobe tests failed

	This can happen if an optimized probe is unregistered and next
	kprobe is registered on same address until the previous probe
	is not reclaimed.

	If this happens, a hidden aggregated probe may be kept in memory,
	and no new kprobe can probe same address. Also, in that case
	register_kprobe() will return "1" instead of minus error value,
	which can mislead caller logic.

	Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
	Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
	Cc: David S . Miller <davem@davemloft.net>
	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	Cc: Naveen N . Rao <naveen.n.rao@linux.vnet.ibm.com>
	Cc: Peter Zijlstra <peterz@infradead.org>
	Cc: Thomas Gleixner <tglx@linutronix.de>
	Cc: stable@vger.kernel.org # v5.0+
	Fixes: 819319fc9346 ("kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()")
	Link: http://lkml.kernel.org/r/155530808559.32517.539898325433642204.stgit@devnote2
	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	kernel/kprobes.c \| 6 ++----
	1 file changed, 2 insertions(+), 4 deletions(-)

	--- a/kernel/kprobes.c
	+++ b/kernel/kprobes.c
	@@ -668,7 +668,6 @@ static void unoptimize_kprobe(struct kpr
	static int reuse_unused_kprobe(struct kprobe *ap)
	{
	struct optimized_kprobe *op;
	- int ret;

	BUG_ON(!kprobe_unused(ap));
	/*
	@@ -682,9 +681,8 @@ static int reuse_unused_kprobe(struct kp
	/* Enable the probe again */
	ap->flags &= ~KPROBE_FLAG_DISABLED;
	/* Optimize it again (remove from op->list) */
	- ret = kprobe_optready(ap);
	- if (ret)
	- return ret;
	+ if (!kprobe_optready(ap))
	+ return -EINVAL;

	optimize_kprobe(ap);
	return 0;