Placing a kprobe on "bc" instruction (s390/s390x) can cause an oops.
The instruction length is encoded into the first two bits of the s390
instruction. Kprobe is incorrectly computing the instruction length.
The instruction length is used for determining what type of "fix-up" is
needed for conditional branch instruction. The problem can bee seen by
placing a kprobe on a "bc" instruction that will not branch. The
results is that Kprobe incorrectly computes the new instruction
pointer (psw.addr) after single stepping the instruction. The problem
is corrected with this patch.
On Wed, Aug 15, 2007 at 02:31:40PM -0700, David Wilder wrote:
> Placing a kprobe on "bc" instruction (s390/s390x) can cause an oops.
> The instruction length is encoded into the first two bits of the s390
> instruction. Kprobe is incorrectly computing the instruction length.
> The instruction length is used for determining what type of "fix-up" is
> needed for conditional branch instruction. The problem can bee seen by
> placing a kprobe on a "bc" instruction that will not branch. The results
> is that Kprobe incorrectly computes the new instruction pointer
> (psw.addr) after single stepping the instruction. The problem is
> corrected with this patch.
>
> /* save the instruction length (pop 5-5) in bytes */
> - switch (*(__u8 *) (ainsn->insn) >> 4) {
> + switch (*(__u8 *) (ainsn->insn) >> 6) {
> case 0:
Added to the s390 patch queue. Thanks! :)