From patchwork Fri Jun 5 13:21:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 187507 Delivered-To: patches@linaro.org Received: by 2002:a92:cf06:0:0:0:0:0 with SMTP id c6csp2377955ilo; Fri, 5 Jun 2020 06:22:23 -0700 (PDT) X-Received: by 2002:a1c:451:: with SMTP id 78mr2842779wme.83.1591363343775; Fri, 05 Jun 2020 06:22:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591363343; cv=none; d=google.com; s=arc-20160816; b=CVzDiruf3RsszGhaw0pzXsT0Kp2zTJdTtfSHIDiEwEGR0CfPQveixo58CfU9jaZX0E B3RJPnysivyrqjzKt7g5oJJP2xdKnQl9+kQq2oIbM274V1TDpuvdYJWd8zxCgRAt0R3u dpmnHludjQde7ALPeCE3BiS3NYuTDPgB61fthks28SN+iIIJw0Vyju94og7jeXrssZf1 bs8IkvbxT3BKt+ii+HBiiIQmnoE6QExAe4FMy4XErSysmmIRmmHMe8QQy3tO4Imh825S /cU30rDJkKBpMk4v5wE4bn7/Jmiib7pJkPqf/3WlRHq7f4ABDJk43wkDGZWTMpu4aXst JejQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=xAlKxt3CeRGgnokjPKgwbHDWms7QUL6gxBaF1E7hzHQ=; b=CFUKLYKEcpHqPIcWcLGdKhQ4sfdTE7C2w2Yg2RC8zAI/Dc2BkZb6B4uAK8HD3br7Gp q3BLOonfXhx6oF5EJdo7U5WnWJT9DB2zeoToxpwYp26w3wGfBtrRvUVJ4oiwtOmjb6gQ Arw4WzMBdZ2PC8mbsy1fo3a8FmGxopk6wYEyYeQQcnNAm4HMUiRybhCyEQnSeEvLnW3I 7HNTvyWEJ5iDyVmb8c0xh14KXZ1rFMCbjPmSUZX+t1IpQpW+J+wJq/g5KzXjAdkhwtPw hQEibK7bxdqeDikQEXvmr2Lg0MdTkBLk/RrQ8kf6RLNeA0LbJ3IM4cpsrSp864H/HFxk ZCLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yYiav+kM; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w7sor5352382wmk.19.2020.06.05.06.22.23 for (Google Transport Security); Fri, 05 Jun 2020 06:22:23 -0700 (PDT) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yYiav+kM; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xAlKxt3CeRGgnokjPKgwbHDWms7QUL6gxBaF1E7hzHQ=; b=yYiav+kMyZ2Ix7WiVK7dI5HnTMjAng05HBGjcV43tWiZ6XDmWimy/6ZQNI7sxlIeF0 ny/pb2rEHxegQzT78UTHLx57Bavu+D8NPjlonHJRBg6EZ9iiNlX+eQ7e1zjdEgQSejc6 f20Onq0IJRAlGwXVdIKKG73OrUMooHFJPdDDKhBMmrFbRI7PzSYUnX5X7YwtML9MBhpb N6Ue6HDCNLoLE/Pwz9P/J0wj27Hid2yPPeQdp0icf93cf5xbDIpv2D/dhNngYGAyL/sg bDY9CaZ+0Fse6H5ZAjs5SGLwks3JyrNKZq5zD9AEb66Zor5YraVenWPJFPis3j/fjPgY 0C8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xAlKxt3CeRGgnokjPKgwbHDWms7QUL6gxBaF1E7hzHQ=; b=M+cb5p1CoSlayMV244z9lEbU9CsXWRhSpVFU1d8Rf+mAHYfRr321Fu4Tiky7oPdOt9 hyQENkbkEEWcTAty5G7E/FcB/aVpIOLvwPrhkbpRIkLqBLdfyCef0N/F0o+2O67T+Acq WmM34YgRqfi5aOcwI5+JOljPm9fa6MWQG8fLJcNbvieju/VTrQaD5q4AXWjDYV1VDioV Nt7JImrxb5/stZthR8LSQhrP3u9eCc2+PWsStlxAr6QaReU/KveLK8r074Vdd4nWWHxR t5ffV8lBwEzCPAAc4EMmCqsES1jTyiTt3hsxX/1Ri4bjrYt5AzsyDx10hvAWFTRfOIHn 9mVA== X-Gm-Message-State: AOAM5337BpqoWP+s61/H0jTde8CvthMbHXs8ioBHzBuLHB3xD9TIe8KI IGZ92458PeIUTtTeGAl0bunmoNSt X-Google-Smtp-Source: ABdhPJyt8YO6c3MFb5eo6VCQfHwV4YCdIkN/j71Gnogub1Z5Ahg9B5DQxJEiYFr2NP7rx7grZEK9JQ== X-Received: by 2002:a7b:c0cc:: with SMTP id s12mr2780173wmh.111.1591363343349; Fri, 05 Jun 2020 06:22:23 -0700 (PDT) Return-Path: Received: from wychelm.lan (cpc141214-aztw34-2-0-cust773.18-1.cable.virginm.net. [86.9.19.6]) by smtp.gmail.com with ESMTPSA id 1sm11419211wmz.13.2020.06.05.06.22.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2020 06:22:22 -0700 (PDT) From: Daniel Thompson To: Jason Wessel , Douglas Anderson Cc: Daniel Thompson , Peter Zijlstra , sumit.garg@linaro.org, pmladek@suse.com, sergey.senozhatsky@gmail.com, will@kernel.org, kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org Subject: [RFC PATCH 1/4] kgdb: Honour the kprobe blacklist when setting breakpoints Date: Fri, 5 Jun 2020 14:21:27 +0100 Message-Id: <20200605132130.1411255-2-daniel.thompson@linaro.org> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200605132130.1411255-1-daniel.thompson@linaro.org> References: <20200605132130.1411255-1-daniel.thompson@linaro.org> MIME-Version: 1.0 Currently kgdb has absolutely no safety rails in place to discourage or prevent a user from placing a breakpoint in dangerous places such as the debugger's own trap entry/exit and other places where it is not safe to take synchronous traps. Modify the default implementation of kgdb_validate_break_address() so that we honour the kprobe blacklist (if there is one). The resulting blacklist will include code that kgdb could, in fact, debug but I think we can assume that anyone with sufficient knowledge to meaningfully debug that code would trivially be able to find and remove the safety rail if they need to. Suggested-by: Peter Zijlstra Signed-off-by: Daniel Thompson --- kernel/debug/debug_core.c | 11 +++++++++++ kernel/debug/kdb/kdb_bp.c | 9 +++++++++ 2 files changed, 20 insertions(+) -- 2.25.4 diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index ef94e906f05a..81f56d616e04 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include @@ -188,6 +189,16 @@ int __weak kgdb_validate_break_address(unsigned long addr) { struct kgdb_bkpt tmp; int err; + + /* + * Disallow breakpoints that are marked as unsuitable for kprobing. + * This check is a little over-zealous because it does include + * code that kgdb is entirely capable of debugging but in exchange + * we can avoid recursive trapping (and all the problems that brings). + */ + if (within_kprobe_blacklist(addr)) + return -EINVAL; + /* Validate setting the breakpoint and then removing it. If the * remove fails, the kernel needs to emit a bad message because we * are deep trouble not being able to put things back the way we diff --git a/kernel/debug/kdb/kdb_bp.c b/kernel/debug/kdb/kdb_bp.c index d7ebb2c79cb8..ec4940146612 100644 --- a/kernel/debug/kdb/kdb_bp.c +++ b/kernel/debug/kdb/kdb_bp.c @@ -306,6 +306,15 @@ static int kdb_bp(int argc, const char **argv) if (!template.bp_addr) return KDB_BADINT; + /* + * This check is redundant (since the breakpoint machinery should + * be doing the same check during kdb_bp_install) but gives the + * user immediate feedback. + */ + diag = kgdb_validate_break_address(template.bp_addr); + if (diag) + return diag; + /* * Find an empty bp structure to allocate */