x86/kprobes: Prohibit probing on compiler generated CFI checking code
authorMasami Hiramatsu <mhiramat@kernel.org>
Tue, 11 Jul 2023 01:50:58 +0000 (10:50 +0900)
committerPeter Zijlstra <peterz@infradead.org>
Wed, 2 Aug 2023 14:27:07 +0000 (16:27 +0200)
commitb65413768abd27a55af74945aec58127a52b30a8
tree1d9c2172862d662d72a06ad9d5251bc9b152ac1e
parentd7114f83ee051dfeac82546d7ba03d74f8b92af3
x86/kprobes: Prohibit probing on compiler generated CFI checking code

Prohibit probing on the compiler generated CFI typeid checking code
because it is used for decoding typeid when CFI error happens.

The compiler generates the following instruction sequence for indirect
call checks on x86;

   movl    -<id>, %r10d       ; 6 bytes
   addl    -4(%reg), %r10d    ; 4 bytes
   je      .Ltmp1             ; 2 bytes
   ud2                        ; <- regs->ip

And handle_cfi_failure() decodes these instructions (movl and addl)
for the typeid and the target address. Thus if we put a kprobe on
those instructions, the decode will fail and report a wrong typeid
and target address.

Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/168904025785.116016.12766408611437534723.stgit@devnote2
arch/x86/kernel/kprobes/core.c
include/linux/cfi.h