arch/sh: Check for kprobe trap number before trying to handle a kprob…

…e trap The DIE_TRAP notifier chain is run both for kprobe traps and for BUG/WARN traps. The kprobe code assumes to be only called for BREAKPOINT_INSTRUCTION, and concludes to have hit a concurrently removed kprobe if it finds anything else at the faulting locations. This includes TRAPA_BUG_OPCODE used for BUG and WARN. The consequence is that kprobe_handler returns 1. This makes kprobe_exceptions_notify return NOTIFY_STOP, and prevents handling the BUG statement. This also prevents moving $pc away from the trap instruction, so the system locks up in an endless loop Signed-off-by: Michael Karcher <[email protected]> Signed-off-by: Yoshinori Sato <[email protected]>
mrcsosa · Jun 26, 2019 · d302389 · d302389
1 parent 7c04efc
commit d302389
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/arch/sh/kernel/kprobes.c b/arch/sh/kernel/kprobes.c
@@ -485,7 +485,8 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 
 	addr = (kprobe_opcode_t *) (args->regs->pc);
-	if (val == DIE_TRAP) {
+	if (val == DIE_TRAP &&
+	    args->trapnr == (BREAKPOINT_INSTRUCTION & 0xff)) {
 		if (!kprobe_running()) {
 			if (kprobe_handler(args->regs)) {
 				ret = NOTIFY_STOP;