Message ID | 20200927211531.1380577-1-daniel.thompson@linaro.org |
---|---|
Headers | show |
Series | kgdb: Honour the kprobe blocklist when setting breakpoints | expand |
On Sun, Sep 27, 2020 at 10:15:28PM +0100, Daniel Thompson wrote: > kgdb has traditionally adopted a no safety rails approach to breakpoint > placement. If the debugger is commanded to place a breakpoint at an > address then it will do so even if that breakpoint results in kgdb > becoming inoperable. > > A stop-the-world debugger with memory peek/poke intrinsically provides > its operator with the means to hose their system in all manner of > exciting ways (not least because stopping-the-world is already a DoS > attack ;-) ). Nevertheless the current no safety rail approach is > difficult to defend, especially given kprobes can provide us with plenty > of machinery to mark the parts of the kernel where breakpointing is > discouraged. > > This patchset introduces some safety rails by using the existing kprobes > infrastructure and ensures this will be enabled by default on > architectures that implement kprobes. At present it does not cover > absolutely all locations where breakpoints can cause trouble but it will > block off several avenues, including the architecture specific parts > that are handled by arch_within_kprobe_blacklist(). > > v4: > * Fixed KConfig dependencies for HONOUR_KPROBE_BLOCKLIST on kernels > where MODULES=n > * Add additional debug_core.c functions to the blocklist (thanks Doug) > * Collected a few tags Looks like I neglected to bump the version number in the subject. For the avoidance of doubt, this comment is correct and the subject line is broken. Sorry! Daniel. > > v3: > * Dropped the single step blocklist checks. It is not proven that the > code was actually reachable without triggering the catastrophic > failure flag (which inhibits resume already). > * Update patch description for ("kgdb: Add NOKPROBE labels...") and > added symbols that are called during trap exit > * Added a new patch to push the breakpoint activation later in the > flow and ensure the I/O functions are not called with breakpoints > activated. > > v2: > * Reworked after initial RFC to make honouring the blocklist require > CONFIG_KPROBES. It is now optional but the blocklist will be enabled > by default for architectures that CONFIG_HAVE_KPROBES > > Daniel Thompson (3): > kgdb: Honour the kprobe blocklist when setting breakpoints > kgdb: Add NOKPROBE labels on the trap handler functions > kernel: debug: Centralize dbg_[de]activate_sw_breakpoints > > include/linux/kgdb.h | 18 ++++++++++++++++++ > kernel/debug/debug_core.c | 22 ++++++++++++++++++++++ > kernel/debug/gdbstub.c | 1 - > kernel/debug/kdb/kdb_bp.c | 9 +++++++++ > kernel/debug/kdb/kdb_debugger.c | 2 -- > lib/Kconfig.kgdb | 15 +++++++++++++++ > 6 files changed, 64 insertions(+), 3 deletions(-) > > -- > 2.25.4 >