From patchwork Mon Sep 14 13:01:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 249759 Delivered-To: patches@linaro.org Received: by 2002:a92:5ad1:0:0:0:0:0 with SMTP id b78csp1614454ilg; Mon, 14 Sep 2020 06:02:02 -0700 (PDT) X-Received: by 2002:a0c:f984:: with SMTP id t4mr13162579qvn.18.1600088521897; Mon, 14 Sep 2020 06:02:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600088521; cv=none; d=google.com; s=arc-20160816; b=gTqExiW1Ue77axLNBOek6CQRVUXPRpoR9AK5+bdzImFOlTRh/B3VlTSlbLhTmG7Jh1 hbCvXGGs7vmzZHXTGZDxD434AWVynoEqSvisp8UIy/dKC5qPQbNWLSFgwMhZk5jlAh5Y XUHfeb1VPtGvwSnkOylzNZwi57b8VJtZLluL7kj6h+OQGlh4pp4E1xCbDs/tqX2fA9Ww s8buL50I9c2/qbNudx3V2m0KXcOudMpwaW4RZatohkbg7wpq9ZUUtI7Jm3ti8MYG3sKU RIineA/T+BCUyVqGrvh25itw8CMDj2TnfklV9AnlgkIiAQcuiQp+UoEepIm/KszhdSxk q1Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=j11jZizj6KykwFnlMpZUSmD4ixbxGJ3f+H4sr6REKAc=; b=0BCdHcACh1ZufPKWLFpVj85aknDbcZM9KhTrIqTvwIE2GCzx3SN6t33eUNOUMAyeag B3czfnfgwOP8UMyby4PRySh6wSjPIKNVBbxmHaspWrtzw5WOjA14vu8ml13DUaIiuCdl 0LdRelSA2A6yAiVqyMrn8CIbdGEVCo80wl8FyGmq8ZilPD0mZbGAYCduprVp44jThCLe e+wQkFZWZYqXnKvzaJVuYazgOgYa+eIaChjhym8rX6rBaRbs2Ou5y8dzW2ut96WRRikr AlQeAS3J2irbcuVvZen6la2bmtJEvPUOgfARsdVt4XKhuTH2XinyZI0Nua6W7/6Pt22A Ub0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=U5sDUJFQ; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id r71sor3738105qke.179.2020.09.14.06.02.01 for (Google Transport Security); Mon, 14 Sep 2020 06:02:01 -0700 (PDT) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=U5sDUJFQ; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=j11jZizj6KykwFnlMpZUSmD4ixbxGJ3f+H4sr6REKAc=; b=U5sDUJFQGkIzR4rv2WYyCEAIfiTmifUAhGXlILPOKVoorTjbw4oLiuAFTBoRzYx0ri l7SDFvtolHpXNL6iGcVzBS1H5jSmDDlXbOqJLF1J3WwIKyFl/PPtRvncDFLus+y/CNCx o0zx8DAEFW8VIa/cwUBx81/a2fGm/vK1WaCRlHaisfadEfW6aw0YCHLQiVMXINzoytlN bDIxdwbbxzRWs7QYkW3jWldNDCu7xcwWyvbxUR1iFefkpyTfJpOrSIgaGEwJanBvHVPL u1DlClDDd/bHNPtXcaBW0N9CiYQdMp/5YFjqcwgcTab8jL0X12Qg6kGCqu0DeHiknJ3O KLpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=j11jZizj6KykwFnlMpZUSmD4ixbxGJ3f+H4sr6REKAc=; b=BvFU4+hJSeMsxFjpYiyScCat3RR50I6Gc3F8cPBs9fqw2Jh0eLiauNCUqEASvd/BeV tENiqIf8SC5zbXqAq33eizkfJ3F3cDUoOqd9VN5tE/RV9Jci7T7Y11InXajVaz+A2OsE 3UGJFBDKCf1PzB6V+bGB/KgrPQy2xpdj5ixGO+kE7gNqqzeO50iBbQwYMAShWV0wtc7Z BJ72JMe0XyDWgemMFGjPewxMlnz8rbyW9l16qPhcySfcGd2npwxm24M8C46cFIViPWbh /uNaCdzGtixKCX1bZ29Dd6xbUXHp9Eup8l1wGCTjreTRZrkMz9Ng8cW1QmxqhaSXLsL6 A7Dg== X-Gm-Message-State: AOAM530XFcM1SjmAYPTYoD2DoonlQiYqq0LV2fizABaitOdi5oglweeH 8TW4SJyWmAX83dez63whj1HIxQn9 X-Google-Smtp-Source: ABdhPJzIfCh1Zp0fe1yIl/k1EaljKHGFxBKKBpawbZYBW4iZy0TnSRtO4zLscJ9c22EXcbqJvFjplg== X-Received: by 2002:a1c:7502:: with SMTP id o2mr14623468wmc.29.1600088521467; Mon, 14 Sep 2020 06:02:01 -0700 (PDT) Return-Path: Received: from wychelm.lan (cpc141216-aztw34-2-0-cust174.18-1.cable.virginm.net. [80.7.220.175]) by smtp.gmail.com with ESMTPSA id t6sm23420983wre.30.2020.09.14.06.02.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Sep 2020 06:02:00 -0700 (PDT) From: Daniel Thompson To: Jason Wessel , Douglas Anderson Cc: Daniel Thompson , Peter Zijlstra , sumit.garg@linaro.org, pmladek@suse.com, sergey.senozhatsky@gmail.com, will@kernel.org, Masami Hiramatsu , kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org Subject: [PATCH v3 0/3] kgdb: Honour the kprobe blocklist when setting breakpoints Date: Mon, 14 Sep 2020 14:01:40 +0100 Message-Id: <20200914130143.1322802-1-daniel.thompson@linaro.org> X-Mailer: git-send-email 2.25.4 MIME-Version: 1.0 kgdb has traditionally adopted a no safety rails approach to breakpoint placement. If the debugger is commanded to place a breakpoint at an address then it will do so even if that breakpoint results in kgdb becoming inoperable. A stop-the-world debugger with memory peek/poke intrinsically provides its operator with the means to hose their system in all manner of exciting ways (not least because stopping-the-world is already a DoS attack ;-) ). Nevertheless the current no safety rail approach is difficult to defend, especially given kprobes can provide us with plenty of machinery to mark the parts of the kernel where breakpointing is discouraged. This patchset introduces some safety rails by using the existing kprobes infrastructure and ensures this will be enabled by default on architectures that implement kprobes. At present it does not cover absolutely all locations where breakpoints can cause trouble but it will block off several avenues, including the architecture specific parts that are handled by arch_within_kprobe_blacklist(). v3: * Dropped the single step blocklist checks. It is not proven that the code was actually reachable without triggering the catastrophic failure flag (which inhibits resume already). * Update patch description for ("kgdb: Add NOKPROBE labels...") and added symbols that are called during trap exit * Added a new patch to push the breakpoint activation later in the flow and ensure the I/O functions are not called with breakpoints activated. v2: * Reworked after initial RFC to make honouring the blocklist require CONFIG_KPROBES. It is not optional but the blocklist will be enabled by default for architectures that CONFIG_HAVE_KPROBES Daniel Thompson (3): kgdb: Honour the kprobe blocklist when setting breakpoints kgdb: Add NOKPROBE labels on the trap handler functions kernel: debug: Centralize dbg_[de]activate_sw_breakpoints include/linux/kgdb.h | 18 ++++++++++++++++++ kernel/debug/debug_core.c | 17 +++++++++++++++++ kernel/debug/gdbstub.c | 1 - kernel/debug/kdb/kdb_bp.c | 9 +++++++++ kernel/debug/kdb/kdb_debugger.c | 2 -- lib/Kconfig.kgdb | 14 ++++++++++++++ 6 files changed, 58 insertions(+), 3 deletions(-) -- 2.25.4