Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Date:   Sat, 24 Aug 2019 01:30:03 +0200 (CEST)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Sebastian Mayr <me@sam.st>
cc:     Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org,
        LKML <linux-kernel@vger.kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Dmitry Safonov <dsafonov@virtuozzo.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Subject: Re: [PATCH] uprobes/x86: fix detection of 32-bit user mode
In-Reply-To: <20190728152617.7308-1-me@sam.st>
Message-ID: <alpine.DEB.2.21.1908232343470.1939@nanos.tec.linutronix.de>
References: <20190728152617.7308-1-me@sam.st>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

Sebastian,

On Sun, 28 Jul 2019, Sebastian Mayr wrote:

sorry for the delay..

> 32-bit processes running on a 64-bit kernel are not always detected
> correctly, causing the process to crash when uretprobes are installed.
> The reason for the crash is that in_ia32_syscall() is used to determine
> the process's mode, which only works correctly when called from a
> syscall. In the case of uretprobes, however, the function is called from
> a software interrupt and always returns 'false' (on a 64-bit kernel). In

s/software interrupt/exception/

> consequence this leads to corruption of the process's return address.

Nice detective work and well written changelog!

> This can be fixed by using user_64bit_mode(), which should always be
> correct.

This wants to be:

  Fix this by using user_64bit_mode() which is always correct.

Be imperative, even if not entirely sure. You nicely put a disclaimer into
the discard section.

This also wants a Fixes tag and cc stable. Interestingly enough this should
have been detected by the rename with

  abfb9498ee13 ("x86/entry: Rename is_{ia32,x32}_task() to in_{ia32,x32}_syscall()")

which states in the changelog:

    The is_ia32_task()/is_x32_task() function names are a big misnomer: they
    suggests that the compat-ness of a system call is a task property, which
    is not true, the compatness of a system call purely depends on how it
    was invoked through the system call layer.
    .....

and then it went and blindly renamed every call site ....

And sadly this was already mentioned here:

   8faaed1b9f50 ("uprobes/x86: Introduce sizeof_long(), cleanup adjust_ret_addr() and arch_uretprobe_hijack_return_addr()")

where the changelog says:

       TODO: is_ia32_task() is not what we actually want, TS_COMPAT does
       not necessarily mean 32bit. Fortunately syscall-like insns can't be
       probed so it actually works, but it would be better to rename and
       use is_ia32_frame().

and goes all the way back to:

    0326f5a94dde ("uprobes/core: Handle breakpoint and singlestep exceptions")

Oh well. 7 years until someone actually tried a uretprobe on a 32bit
process on a 64bit kernel....

> -static inline int sizeof_long(void)
> +static inline int sizeof_long(struct pt_regs *regs)
>  {
> -	return in_ia32_syscall() ? 4 : 8;

  This wants a comment.

> +	return user_64bit_mode(regs) ? 8 : 4;
>  }

No need to resend, I'll fix this up while applying.

Thank you very much for digging into this!

      tglx