arch/sh: Check for kprobe trap number before trying to handle a kprobe trap

The DIE_TRAP notifier chain is run both for kprobe traps and for BUG/WARN traps. The kprobe code assumes to be only called for BREAKPOINT_INSTRUCTION, and concludes to have hit a concurrently removed kprobe if it finds anything else at the faulting locations. This includes TRAPA_BUG_OPCODE used for BUG and WARN. The consequence is that kprobe_handler returns 1. This makes kprobe_exceptions_notify return NOTIFY_STOP, and prevents handling the BUG statement. This also prevents moving $pc away from the trap instruction, so the system locks up in an endless loop Signed-off-by: Michael Karcher <kernel@mkarcher.dialup.fu-berlin.de> Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
2024-11-11 21:38:32 +08:00 · 2019-06-12 15:08:37 +02:00 · 2019-06-12 15:08:37 +02:00 · d3023897b4
commit d3023897b4
parent 7c04efc8d2
1 changed files with 2 additions and 1 deletions
--- a/arch/sh/kernel/kprobes.c
+++ b/arch/sh/kernel/kprobes.c
@ -485,7 +485,8 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();

 	addr = (kprobe_opcode_t *) (args->regs->pc);
-	if (val == DIE_TRAP) {
+	if (val == DIE_TRAP &&
+	    args->trapnr == (BREAKPOINT_INSTRUCTION & 0xff)) {
 		if (!kprobe_running()) {
 			if (kprobe_handler(args->regs)) {
 				ret = NOTIFY_STOP;