[PATCH 3.2 070/104] kprobes/x86: Blacklist indirect thunk functions for kprobes

3.2.101-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Masami Hiramatsu mhiramat@kernel.org

commit c1804a236894ecc942da7dc6c5abe209e56cba93 upstream.

Mark __x86_indirect_thunk_* functions as blacklist for kprobes because those functions can be called from anywhere in the kernel including blacklist functions of kprobes.

Signed-off-by: Masami Hiramatsu mhiramat@kernel.org Signed-off-by: Thomas Gleixner tglx@linutronix.de Acked-by: David Woodhouse dwmw@amazon.co.uk Cc: Andi Kleen ak@linux.intel.com Cc: Peter Zijlstra peterz@infradead.org Cc: Ananth N Mavinakayanahalli ananth@linux.vnet.ibm.com Cc: Arjan van de Ven arjan@linux.intel.com Cc: Greg Kroah-Hartman gregkh@linux-foundation.org Link: https://lkml.kernel.org/r/151629209111.10241.5444852823378068683.stgit@devbo... [bwh: Backported to 3.2: We don't have _ASM_NOKPROBE etc., so add indirect thunks to the built-in blacklist] Signed-off-by: Ben Hutchings ben@decadent.org.uk --- --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -53,6 +53,9 @@ #include <asm/cacheflush.h> #include <asm/errno.h> #include <asm/uaccess.h> +#ifdef CONFIG_RETPOLINE +#include <asm/nospec-branch.h> +#endif

#define KPROBE_HASH_BITS 6 #define KPROBE_TABLE_SIZE (1 << KPROBE_HASH_BITS) @@ -99,6 +102,11 @@ static struct kprobe_blackpoint kprobe_b {"irq_entries_start",}, {"common_interrupt",}, {"mcount",}, /* mcount can be called from everywhere */ +#ifdef CONFIG_RETPOLINE + {"__indirect_thunk_start", + /* Linker scripts can't set symbol sizes */ + .range = (size_t)__indirect_thunk_size}, +#endif {NULL} /* Terminator */ };

@@ -1986,7 +1994,7 @@ static int __init init_kprobes(void) &size, &offset, &modname, namebuf); if (!symbol_name) kb->range = 0; - else + else if (size) kb->range = size; }

--- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -173,6 +173,7 @@ enum spectre_v2_mitigation {

extern char __indirect_thunk_start[]; extern char __indirect_thunk_end[]; +extern char __indirect_thunk_size[];

/* * On VMEXIT we must ensure that no RSB predictions learned in the guest --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -112,6 +112,7 @@ SECTIONS __indirect_thunk_start = .; *(.text.__x86.indirect_thunk) __indirect_thunk_end = .; + __indirect_thunk_size = __indirect_thunk_end - __indirect_thunk_start; #endif

/* End of text section */