From: Hans-Joachim Picht <hpicht@redhat.com> Date: Fri, 16 Nov 2007 13:57:44 +0100 Subject: [s390] crash placing a kprobe on "bc" instruction Message-id: 20071116125744.GR6053@redhat.com O-Subject: [RHEL5 U2 PATCH 10/14] s390 - Placing a kprobe on "bc" instruction can crash the system. Bugzilla: 253275 Description ============ The instruction length is encoded into the first two bits of the s390 instruction. Kprobes is incorrectly computing the instruction length. The instruction length is used for determining what type of "fix-up" is needed for conditions branch instruction. The problem can be seen by placing a kprobe on a "bc" instruction that will not branch. The results is that Kprobe incorrectly computes the new instruction pointer (psw.addr) after single stepping the instruction. This problem was identified by code inspection, and later reproduced using the test code. The problem has not been seen on a production system. Bugzilla ========= BZ 253275 https://bugzilla.redhat.com/show_bug.cgi?id=253275 Upstream status of the patch: ============================= Patch is posted upstream http://lkml.org/lkml/2007/8/15/347 http://lkml.org/lkml/2007/8/15/365 Test status: ============ Kernel with patch was built and successfully tested Please ACK. With best regards, Hans diff --git a/arch/s390/kernel/kprobes.c b/arch/s390/kernel/kprobes.c index 1dc9163..66a16a8 100644 --- a/arch/s390/kernel/kprobes.c +++ b/arch/s390/kernel/kprobes.c @@ -85,7 +85,7 @@ void __kprobes get_instruction_type(struct arch_specific_insn *ainsn) ainsn->reg = (*ainsn->insn & 0xf0) >> 4; /* save the instruction length (pop 5-5) in bytes */ - switch (*(__u8 *) (ainsn->insn) >> 4) { + switch (*(__u8 *) (ainsn->insn) >> 6) { case 0: ainsn->ilen = 2; break;