Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1272859pxj;
        Fri, 18 Jun 2021 03:33:27 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw9dLT8DYBfuNy1GY+RI5qTByLLCyGMxwNiVgQtnx1vWnmEOrJldCnNlOFliQzTTiAJx24l
X-Received: by 2002:aa7:c594:: with SMTP id g20mr3903487edq.193.1624012407585;
        Fri, 18 Jun 2021 03:33:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624012407; cv=none;
        d=google.com; s=arc-20160816;
        b=P6UAFtBgtK7fbQKnEn6oxjj8AeEQhKnxrYbl2m00suieNSqF5GjnAQPY1k6zIsMFvc
         OCmwIKiJ7RilC/EoWvXZS8gN4BCZPLr2NjmzK5IajJFpF2nY6ZbE4qF5Osnz+cXyd7Ax
         HBiP0jNwkZxdEC8yCuwBnjuXQlGJpT0aLIo7RQoXMp0fpDfWjFpqG8FP1KGBCpxHF+ry
         rtEqMqRShzMFNncwQU2Cet4QotJnynvC6FUgCPqhL7uwK+JsTYA7m10mIO3gNzqr4x+3
         2jj0fApKwpt1g3yIBMc5fIxwAxoIv1sZhATSNnRTvH3pVZLUHGRJGzn+1M06hKTHztKP
         QDSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=ilojayg4fy9hPrCZYiZZVuH0wcE2org9ZFQfNBQ6wqs=;
        b=0/Un8wpjr8oDBloMIZW+L3vCgOpeyKwSwcPhiKTblXZYpuZZRLoY/Gu9ACR54yzuDb
         4+yn4iL1b+23dHVeTQQnbRbupQBdDgrSe1OX6g3kAYj2Qvz3wPHgjCcWSLbZMn2JpB6v
         zY2WnMXrhiLTL4XdEdNe/7W7H6nxBjzMlMA7kj/12LSp1oBaL5J1Uesqfq+VOetck7Bt
         8kIcWKt5d5493q2ih5CDJwtdkuW+NWlqUMngp+dzwrS9veTrzrWTF96X7Mjfaq7p2fYS
         5KAevEndd/2qM82kLmtGkO20e0/Xm7q/Ku4ca8arRG0wtWxI9LkETDsYrWoQCe0ayMLi
         1oIA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=E6bbL3+7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q4si8816275edc.313.2021.06.18.03.33.05;
        Fri, 18 Jun 2021 03:33:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=E6bbL3+7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232993AbhFRHJW (ORCPT <rfc822;lwx169@gmail.com> + 99 others);
        Fri, 18 Jun 2021 03:09:22 -0400
Received: from mail.kernel.org ([198.145.29.99]:45840 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232968AbhFRHJK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 18 Jun 2021 03:09:10 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 419C96100A;
        Fri, 18 Jun 2021 07:06:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1624000021;
        bh=UKZBSR3BDB+o3rSD/O4eD6I+4zpVB9EWrJz0r6v2w9M=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=E6bbL3+7FVP8Ppf/ZU24U3D71avIAMR7MX5PQ9VsQtlbDj4ARCV1ukeCZnMeA9oaV
         SCCdLAj0hUeuzaFPJGkWcq6iHdsVQk22j7QwN60eZk7JfyrpgJyDMAJltUsvgGzygZ
         kvmkKqE+9bV/kYPUxIb5NwfdqSaGoOH3q9irAuIgCx41+ZBOU7FxvXUqo4KAlEt2Qu
         N+MVc4Y9IdWMy4zFYGR3vXTILGSsOLpb9uiSYyZN1yIc7XNWs3p5F+aY58IFbRfNqp
         qrYz4r+o0AZvpGWSE2Xfo/WY1NtdzUmfbXC4oCqI4qp5ECqlqo45VsmT2vAyUnjfeX
         YyKANwnDMaleQ==
From:   Masami Hiramatsu <mhiramat@kernel.org>
To:     Steven Rostedt <rostedt@goodmis.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Ingo Molnar <mingo@kernel.org>
Cc:     X86 ML <x86@kernel.org>, Masami Hiramatsu <mhiramat@kernel.org>,
        Daniel Xu <dxu@dxuuu.xyz>, linux-kernel@vger.kernel.org,
        bpf@vger.kernel.org, kuba@kernel.org, mingo@redhat.com,
        ast@kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        Peter Zijlstra <peterz@infradead.org>, kernel-team@fb.com,
        yhs@fb.com, linux-ia64@vger.kernel.org,
        Abhishek Sagar <sagar.abhishek@gmail.com>,
        Andrii Nakryiko <andrii.nakryiko@gmail.com>
Subject: [PATCH -tip v8 10/13] x86/kprobes: Push a fake return address at kretprobe_trampoline
Date:   Fri, 18 Jun 2021 16:06:56 +0900
Message-Id: <162400001661.506599.5153975410607447958.stgit@devnote2>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <162399992186.506599.8457763707951687195.stgit@devnote2>
References: <162399992186.506599.8457763707951687195.stgit@devnote2>
User-Agent: StGit/0.19
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This changes x86/kretprobe stack frame on kretprobe_trampoline
a bit, which now push the kretprobe_trampoline as a fake return
address at the bottom of the stack frame. With this fix, the ORC
unwinder will see the kretprobe_trampoline as a return address.

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Andrii Nakryik <andrii@kernel.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
 arch/x86/kernel/kprobes/core.c |   31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index 74f049b6e77f..4d040aaf969b 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -1041,28 +1041,31 @@ asm(
 	".global kretprobe_trampoline\n"
 	".type kretprobe_trampoline, @function\n"
 	"kretprobe_trampoline:\n"
-	/* We don't bother saving the ss register */
 #ifdef CONFIG_X86_64
-	"	pushq %rsp\n"
+	/* Push fake return address to tell the unwinder it's a kretprobe */
+	"	pushq $kretprobe_trampoline\n"
 	UNWIND_HINT_FUNC
+	/* Save the sp-8, this will be fixed later */
+	"	pushq %rsp\n"
 	"	pushfq\n"
 	SAVE_REGS_STRING
 	"	movq %rsp, %rdi\n"
 	"	call trampoline_handler\n"
-	/* Replace saved sp with true return address. */
-	"	movq %rax, 19*8(%rsp)\n"
 	RESTORE_REGS_STRING
+	"	addq $8, %rsp\n"
 	"	popfq\n"
 #else
-	"	pushl %esp\n"
+	/* Push fake return address to tell the unwinder it's a kretprobe */
+	"	pushl $kretprobe_trampoline\n"
 	UNWIND_HINT_FUNC
+	/* Save the sp-4, this will be fixed later */
+	"	pushl %esp\n"
 	"	pushfl\n"
 	SAVE_REGS_STRING
 	"	movl %esp, %eax\n"
 	"	call trampoline_handler\n"
-	/* Replace saved sp with true return address. */
-	"	movl %eax, 15*4(%esp)\n"
 	RESTORE_REGS_STRING
+	"	addl $4, %esp\n"
 	"	popfl\n"
 #endif
 	"	ret\n"
@@ -1073,8 +1076,10 @@ NOKPROBE_SYMBOL(kretprobe_trampoline);
 /*
  * Called from kretprobe_trampoline
  */
-__used __visible void *trampoline_handler(struct pt_regs *regs)
+__used __visible void trampoline_handler(struct pt_regs *regs)
 {
+	unsigned long *frame_pointer;
+
 	/* fixup registers */
 	regs->cs = __KERNEL_CS;
 #ifdef CONFIG_X86_32
@@ -1082,8 +1087,16 @@ __used __visible void *trampoline_handler(struct pt_regs *regs)
 #endif
 	regs->ip = (unsigned long)&kretprobe_trampoline;
 	regs->orig_ax = ~0UL;
+	regs->sp += sizeof(long);
+	frame_pointer = ((unsigned long *)&regs->sp) + 1;
 
-	return (void *)kretprobe_trampoline_handler(regs, &regs->sp);
+	/* Replace fake return address with real one. */
+	*frame_pointer = kretprobe_trampoline_handler(regs, frame_pointer);
+	/*
+	 * Move flags to sp so that kretprobe_trapmoline can return
+	 * right after popf.
+	 */
+	regs->sp = regs->flags;
 }
 NOKPROBE_SYMBOL(trampoline_handler);