|
|
@@ -566,7 +566,7 @@ int __kprobes emulate_step(struct pt_regs *regs, unsigned int instr)
|
|
|
unsigned long int ea;
|
|
|
unsigned int cr, mb, me, sh;
|
|
|
int err;
|
|
|
- unsigned long old_ra;
|
|
|
+ unsigned long old_ra, val3;
|
|
|
long ival;
|
|
|
|
|
|
opcode = instr >> 26;
|
|
|
@@ -1486,11 +1486,43 @@ int __kprobes emulate_step(struct pt_regs *regs, unsigned int instr)
|
|
|
goto ldst_done;
|
|
|
|
|
|
case 36: /* stw */
|
|
|
- case 37: /* stwu */
|
|
|
val = regs->gpr[rd];
|
|
|
err = write_mem(val, dform_ea(instr, regs), 4, regs);
|
|
|
goto ldst_done;
|
|
|
|
|
|
+ case 37: /* stwu */
|
|
|
+ val = regs->gpr[rd];
|
|
|
+ val3 = dform_ea(instr, regs);
|
|
|
+ /*
|
|
|
+ * For PPC32 we always use stwu to change stack point with r1. So
|
|
|
+ * this emulated store may corrupt the exception frame, now we
|
|
|
+ * have to provide the exception frame trampoline, which is pushed
|
|
|
+ * below the kprobed function stack. So we only update gpr[1] but
|
|
|
+ * don't emulate the real store operation. We will do real store
|
|
|
+ * operation safely in exception return code by checking this flag.
|
|
|
+ */
|
|
|
+ if ((ra == 1) && !(regs->msr & MSR_PR) \
|
|
|
+ && (val3 >= (regs->gpr[1] - STACK_INT_FRAME_SIZE))) {
|
|
|
+ /*
|
|
|
+ * Check if we will touch kernel sack overflow
|
|
|
+ */
|
|
|
+ if (val3 - STACK_INT_FRAME_SIZE <= current->thread.ksp_limit) {
|
|
|
+ printk(KERN_CRIT "Can't kprobe this since Kernel stack overflow.\n");
|
|
|
+ err = -EINVAL;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+
|
|
|
+ /*
|
|
|
+ * Check if we already set since that means we'll
|
|
|
+ * lose the previous value.
|
|
|
+ */
|
|
|
+ WARN_ON(test_thread_flag(TIF_EMULATE_STACK_STORE));
|
|
|
+ set_thread_flag(TIF_EMULATE_STACK_STORE);
|
|
|
+ err = 0;
|
|
|
+ } else
|
|
|
+ err = write_mem(val, val3, 4, regs);
|
|
|
+ goto ldst_done;
|
|
|
+
|
|
|
case 38: /* stb */
|
|
|
case 39: /* stbu */
|
|
|
val = regs->gpr[rd];
|
Tiejun Chen