[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201002042915.403558-1-mark.mossberg@gmail.com>
Date: Fri, 2 Oct 2020 04:29:16 +0000
From: Mark Mossberg <mark.mossberg@...il.com>
To: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, x86@...nel.org,
linux-kernel@...r.kernel.org
Cc: hpa@...or.com, jannh@...gle.com,
Mark Mossberg <mark.mossberg@...il.com>
Subject: [PATCH v2] x86/dumpstack: Fix misleading instruction pointer error message
Printing "Bad RIP value" if copy_code() fails can be misleading for
userspace pointers, since copy_code() can fail if the instruction
pointer is valid, but the code is paged out. This is because copy_code()
calls copy_from_user_nmi() for userspace pointers, which disables page
fault handling.
This is reproducible in OOM situations, where it's plausible that the
code may be reclaimed in the time between entry into the kernel and when
this message is printed. This leaves a misleading log in dmesg that
suggests instruction pointer corruption has occurred, which may alarm
users.
This patch changes the message to state the error condition more
precisely.
Thanks to Jann Horn for help with understanding OOM reclamation.
Signed-off-by: Mark Mossberg <mark.mossberg@...il.com>
---
arch/x86/kernel/dumpstack.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
index 48ce44576947..ea8d51ec251b 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -115,7 +115,8 @@ void show_opcodes(struct pt_regs *regs, const char *loglvl)
unsigned long prologue = regs->ip - PROLOGUE_SIZE;
if (copy_code(regs, opcodes, prologue, sizeof(opcodes))) {
- printk("%sCode: Bad RIP value.\n", loglvl);
+ printk("%sCode: Unable to access opcode bytes at RIP 0x%lx.\n",
+ loglvl, prologue);
} else {
printk("%sCode: %" __stringify(PROLOGUE_SIZE) "ph <%02x> %"
__stringify(EPILOGUE_SIZE) "ph\n", loglvl, opcodes,
--
2.25.1
Powered by blists - more mailing lists