From: Jim Keniston <jkenisto@us.ibm.com>

This patch fixes a bug in kprobes's handling of a corner case on i386 and
x86_64.  On an SMP system, if one CPU unregisters a kprobe just after
another CPU hits that probepoint, kprobe_handler() on the latter CPU sees
that the kprobe has been unregistered, and attempts to let the CPU continue
as if the probepoint hadn't been hit.  The bug is that on i386 and x86_64,
we were neglecting to set the IP back to the beginning of the probed
instruction.  This could cause an oops or crash.

This bug doesn't exist on ppc64 and ia64, where a breakpoint instruction
leaves the IP pointing to the beginning of the instruction.  I don't know
about sparc64.  (Dave, could you please advise?)

This fix has been tested on i386 and x86_64 SMP systems.  To reproduce the
problem, set one CPU to work registering and unregistering a kprobe
repeatedly, and another CPU pounding the probepoint in a tight loop.

Acked-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Jim Keniston <jkenisto@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 arch/i386/kernel/kprobes.c   |    3 +++
 arch/x86_64/kernel/kprobes.c |    3 +++
 2 files changed, 6 insertions(+)

diff -puN arch/i386/kernel/kprobes.c~kprobes-fix-handling-of-simultaneous-probe-hit-unregister arch/i386/kernel/kprobes.c
--- 25/arch/i386/kernel/kprobes.c~kprobes-fix-handling-of-simultaneous-probe-hit-unregister	Wed Aug 31 15:20:28 2005
+++ 25-akpm/arch/i386/kernel/kprobes.c	Wed Aug 31 15:20:28 2005
@@ -234,7 +234,10 @@ static int __kprobes kprobe_handler(stru
 			 * either a probepoint or a debugger breakpoint
 			 * at this address.  In either case, no further
 			 * handling of this interrupt is appropriate.
+			 * Back up over the (now missing) int3 and run
+			 * the original instruction.
 			 */
+			regs->eip -= sizeof(kprobe_opcode_t);
 			ret = 1;
 		}
 		/* Not one of ours: let kernel handle it */
diff -puN arch/x86_64/kernel/kprobes.c~kprobes-fix-handling-of-simultaneous-probe-hit-unregister arch/x86_64/kernel/kprobes.c
--- 25/arch/x86_64/kernel/kprobes.c~kprobes-fix-handling-of-simultaneous-probe-hit-unregister	Wed Aug 31 15:20:28 2005
+++ 25-akpm/arch/x86_64/kernel/kprobes.c	Wed Aug 31 15:20:28 2005
@@ -361,7 +361,10 @@ int __kprobes kprobe_handler(struct pt_r
 			 * either a probepoint or a debugger breakpoint
 			 * at this address.  In either case, no further
 			 * handling of this interrupt is appropriate.
+			 * Back up over the (now missing) int3 and run
+			 * the original instruction.
 			 */
+			regs->rip = (unsigned long)addr;
 			ret = 1;
 		}
 		/* Not one of ours: let kernel handle it */
_