From patchwork Thu Jul 16 15:19:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 235648 Delivered-To: patches@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp888587ilg; Thu, 16 Jul 2020 08:20:06 -0700 (PDT) X-Received: by 2002:a1c:c38a:: with SMTP id t132mr4728091wmf.1.1594912806298; Thu, 16 Jul 2020 08:20:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594912806; cv=none; d=google.com; s=arc-20160816; b=dTLLmXhK9wJfNz590vRRatB9DEypWMhERFIS+JN0IUs7pjlUMKIO475yziVtpY87mt ST5JN35XEdxRRzX54Y0hHMYJDYuT9q67CH/SmiJVyV8Wtws/NYXc4KzFEO0RPDfGXg4a oE8RUxIhiaiwxG7UCkY1DkLYzsqOqRcOFMHzJ11X8+U8K9y7FI7FDAAw3v/PdlkT2kXB F4awFR5CKt+ZCkmkcEppY4ioAZL6rgDA+INOt+vccZFgr9hGyaepOsHE1bDeBUWc1nfF gPzX3P0E/yQJ1cgbPm3Wmo8dkD0Zv9/+6ejtV7R/uI0YcOOY9DpoenYnv9mG75GrGgra GBNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Bt894HzKEOa1juEk1zUwT+0wI2k83kLqjbCs4ktmwwU=; b=zboj8hsuobHyrxUIM5oXe2+zZvJ4+Sja8wGd9DaocDEKGI+Uf7Eef3bf8bf/+qudsB PAix4UawOK/DbkmuFic32BZSHBGr1mT71f98rpg3qijs+iJ3NJEGyFmLFvOBzCbjm2rA tRm/UBfMGQ5tV2L4G2NdAH/AeL2rC2jvkehB26fN4DdVXtcVh7Shjdv0hhFnMqwMeazq 7ifHWhtZTyrT0H4RHmaC+hjyzijSwOxbUVjZpM7xrMVwZTsaFi7tEQLPctMOqvWssSOb IBE9d5MFn3oXkln8tzzzyO8/HyYtM1IquBq4DzeF67zyNwaKuUd2oTFIw3w3T2qGsUdC hVqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fxPQnWz5; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id r1sor3486140wrw.16.2020.07.16.08.20.06 for (Google Transport Security); Thu, 16 Jul 2020 08:20:06 -0700 (PDT) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fxPQnWz5; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Bt894HzKEOa1juEk1zUwT+0wI2k83kLqjbCs4ktmwwU=; b=fxPQnWz59Up3zrl0RzjlzsOI92Vi4xDMdkMXTsmF5eF0O69S/9QxQx9W5N0gO6uQYd KMdRrpjWnQyRnQJhnI6HgyildgntrisyLJWqjKqgeKOSYhViY94se2D0JSclNyQnA7db /fQRmh33E3YqGzdcKag+knbWwqpO2rA1HbbXG8iZ20YU/Zz9EcyhlYo/iDnsTKFSEgz8 +BRuUnqW73/9iSuxSWWRFjGUnIRJA12dw1cdtZODQbLbyaGOD2jj2/KVPM8esB70T8Xm 8d31C4aC+oKfEyti14BQW7FsyMfy65bFrwItW48j94uqHi2wA1eBpeyR9pj7QXhoSVIG 5u8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Bt894HzKEOa1juEk1zUwT+0wI2k83kLqjbCs4ktmwwU=; b=bVCFZOKbxbc8SkP5Kwv7M5eE4mvURtqd6vYepSHSmCNFT8aEdWGOBVpDBvfgm0a1R4 xo4qBqKW25mEaJYaBsTIGbZohazBrA5ticdm2YJ5WmLSmyM3ke9mw11iwNtYRmxSHVea 6gBKA1Vsoln4wxaKCuO42kiLFlEEVsDpFA6GccNRISqrNqHRPE9+MXr72f2CoL0c6UbW bppSSrRb92ELAOdpXvx6Gz8eTuo04l+iUp8dmSbfIK9iSMIO7Bobi8wl/fwyCFL8NUx7 nFrpp3a2jbE8/e1yj5YTZ81DuAS54vUnZI+YjIN/l6RfncAvAUVDU0en09sqloJF5uJF DBqA== X-Gm-Message-State: AOAM531+B/vZ9cCHOaZdc9tjLu/j6hBOPvmU2lFPDyeqYXiKAnb0lVdA zxpewC6bs2aqlXZBLUzbE7UDc+fz X-Google-Smtp-Source: ABdhPJxL8ueR/OcnC3ZDGghtoI6P4Ks6MOUOjDetInyQZqPmjy2evPI+PENXwSQ2/p8MNK4GuK8RpA== X-Received: by 2002:adf:f14c:: with SMTP id y12mr5460591wro.30.1594912805876; Thu, 16 Jul 2020 08:20:05 -0700 (PDT) Return-Path: Received: from wychelm.lan (cpc141214-aztw34-2-0-cust773.18-1.cable.virginm.net. [86.9.19.6]) by smtp.gmail.com with ESMTPSA id u17sm9877687wrp.70.2020.07.16.08.20.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 08:20:05 -0700 (PDT) From: Daniel Thompson To: Jason Wessel , Douglas Anderson Cc: Daniel Thompson , Peter Zijlstra , sumit.garg@linaro.org, pmladek@suse.com, sergey.senozhatsky@gmail.com, will@kernel.org, Masami Hiramatsu , kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org Subject: [PATCH v2 1/3] kgdb: Honour the kprobe blocklist when setting breakpoints Date: Thu, 16 Jul 2020 16:19:41 +0100 Message-Id: <20200716151943.2167652-2-daniel.thompson@linaro.org> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200716151943.2167652-1-daniel.thompson@linaro.org> References: <20200716151943.2167652-1-daniel.thompson@linaro.org> MIME-Version: 1.0 Currently kgdb has absolutely no safety rails in place to discourage or prevent a user from placing a breakpoint in dangerous places such as the debugger's own trap entry/exit and other places where it is not safe to take synchronous traps. Introduce a new config symbol KGDB_HONOUR_BLOCKLIST and modify the default implementation of kgdb_validate_break_address() so that we use the kprobe blocklist to prohibit instrumentation of critical functions if the config symbol is set. The config symbol dependencies are set to ensure that the blocklist will be enabled by default if we enable KGDB and are compiling for an architecture where we HAVE_KPROBES. Suggested-by: Peter Zijlstra Signed-off-by: Daniel Thompson --- include/linux/kgdb.h | 18 ++++++++++++++++++ kernel/debug/debug_core.c | 4 ++++ kernel/debug/kdb/kdb_bp.c | 9 +++++++++ lib/Kconfig.kgdb | 14 ++++++++++++++ 4 files changed, 45 insertions(+) -- 2.25.4 Reviewed-by: Douglas Anderson diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h index 529116b0cabe..7caba4604edc 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -16,6 +16,7 @@ #include #include #include +#include #ifdef CONFIG_HAVE_ARCH_KGDB #include #endif @@ -323,6 +324,23 @@ extern int kgdb_nmicallin(int cpu, int trapnr, void *regs, int err_code, atomic_t *snd_rdy); extern void gdbstub_exit(int status); +/* + * kgdb and kprobes both use the same (kprobe) blocklist (which makes sense + * given they are both typically hooked up to the same trap meaning on most + * architectures one cannot be used to debug the other) + * + * However on architectures where kprobes is not (yet) implemented we permit + * breakpoints everywhere rather than blocking everything by default. + */ +static inline bool kgdb_within_blocklist(unsigned long addr) +{ +#ifdef CONFIG_KGDB_HONOUR_BLOCKLIST + return within_kprobe_blacklist(addr); +#else + return false; +#endif +} + extern int kgdb_single_step; extern atomic_t kgdb_active; #define in_dbg_master() \ diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index 9e5934780f41..133a361578dc 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -188,6 +188,10 @@ int __weak kgdb_validate_break_address(unsigned long addr) { struct kgdb_bkpt tmp; int err; + + if (kgdb_within_blocklist(addr)) + return -EINVAL; + /* Validate setting the breakpoint and then removing it. If the * remove fails, the kernel needs to emit a bad message because we * are deep trouble not being able to put things back the way we diff --git a/kernel/debug/kdb/kdb_bp.c b/kernel/debug/kdb/kdb_bp.c index d7ebb2c79cb8..ec4940146612 100644 --- a/kernel/debug/kdb/kdb_bp.c +++ b/kernel/debug/kdb/kdb_bp.c @@ -306,6 +306,15 @@ static int kdb_bp(int argc, const char **argv) if (!template.bp_addr) return KDB_BADINT; + /* + * This check is redundant (since the breakpoint machinery should + * be doing the same check during kdb_bp_install) but gives the + * user immediate feedback. + */ + diag = kgdb_validate_break_address(template.bp_addr); + if (diag) + return diag; + /* * Find an empty bp structure to allocate */ diff --git a/lib/Kconfig.kgdb b/lib/Kconfig.kgdb index ffa7a76de086..9d0d408f81b1 100644 --- a/lib/Kconfig.kgdb +++ b/lib/Kconfig.kgdb @@ -19,6 +19,20 @@ menuconfig KGDB if KGDB +config KGDB_HONOUR_BLOCKLIST + bool "KGDB: use kprobe blocklist to prohibit unsafe breakpoints" + depends on HAVE_KPROBES + select KPROBES + default y + help + If set to Y the debug core will use the kprobe blocklist to + identify symbols where it is unsafe to set breakpoints. + In particular this disallows instrumentation of functions + called during debug trap handling and thus makes it very + difficult to inadvertently provoke recursive trap handling. + + If unsure, say Y. + config KGDB_SERIAL_CONSOLE tristate "KGDB: use kgdb over the serial console" select CONSOLE_POLL From patchwork Thu Jul 16 15:19:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 235649 Delivered-To: patches@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp888612ilg; Thu, 16 Jul 2020 08:20:07 -0700 (PDT) X-Received: by 2002:a05:6000:d0:: with SMTP id q16mr5933596wrx.166.1594912807501; Thu, 16 Jul 2020 08:20:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594912807; cv=none; d=google.com; s=arc-20160816; b=bxt4nBD23R8EmLTE5snMZoTMSOF7sdymuT53hXPxW3pRVcc3m+1dgAKvOM/i2ZJodp 4MHrzvSbKeln/qOMtU49cCQK2yZoUncgosb/EQkYQCx8J5ivEtIEIw0NV4LTdqjtw3kr 5cnvxl6boeGILEBAR9OjB0pmisQJ9M6IbjMwIRyNat0Ta9CWz3u9zn6MGardGy9CuxN8 phNc3ZOLOOQ83kSadQvVz9AiuH0Z9m4Gz5JAemmbqaAgx06Fm1ZUFyNi/uyxNyZpt2hd jQA5vAdP4rwG0LkIRhUcGRWoLnOMGztG7xItOxlmZukJzCdwsM16EhWOXcQ6eaYQKHV4 /01g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=MA+kP4DlJmfdXBdpErlC9E+irTIJBNObkffFIf2y82I=; b=VlTAHd6YmuJwydR0KjLVb93PN4+aJv9oj3gSygbLhT5Tf5rC6kVLQ8xqiMppVhmX7p oG8MAQlzQu1hOLBmILYjLtcpZjWK2Gdl7ZGBSuOlWRJqY0EF1wReAhQA15mRS+5muOPh zwLbu7uI2YAdbHp9mop+ubZRAkh+PqSNO6xtSPFUvsy5InQijLHoUNIK0jZV0vh69Hor g680VGW9Jfzh3IHqCLNRoS2UuwULCxav93TpeTXTFpHWNk7k7XCPihb54YKmmSKGxptV HDOl9yvOEuMxiCzMdEF9D8dt2kH/7N35cMld+9Ct/xnIYKSidMeM0d4kdZ4goDWcgTGc U7nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JqIq+nSS; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id f26sor3057850wmc.1.2020.07.16.08.20.07 for (Google Transport Security); Thu, 16 Jul 2020 08:20:07 -0700 (PDT) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JqIq+nSS; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MA+kP4DlJmfdXBdpErlC9E+irTIJBNObkffFIf2y82I=; b=JqIq+nSSgbqT32taOoagK4GvW1IjeH/ECen5VaQpTPssRfgi2K/8DOcl6JBC0QxDeW L9hLCUvRYISHnV89d2sJRdD+6c5sxQkufYhP3jxVx68jsxG0TdCDZiP70lmDH+wZdRTC FznHjEsKE7OT6A1QXZ5HM+aeuVDeWOUeieYNavx54TIHRGrU3K6MgOS/grSopWEWTAaO hlCL5R4TMZFizDEe8gDbVEiz3XHHsc3Q22RNnsXKbadgu4t28iDUBY7TwTIPfdOnEURW 2jL1tZurcc5gb75TDGPuPCEicPFYNSgzjJ08eexA4pnUfomSRpk/TrpZMqsicqzagoh1 vmYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MA+kP4DlJmfdXBdpErlC9E+irTIJBNObkffFIf2y82I=; b=kaEYhKlItWamKYG5aQkLmOZoI8UEfu8I7JjkFXJ9/MJG1Kbzyy+Ve8p+8IJiy+lYaD sr+tVaKDuCfL1oAIK2KEJE5DvbJS6uogTGNj6me99nwySqG2QqWaoDRgtoZtoxJy2vgq 1hQNxjDlYXh3M6TcPse6rZtGk1XpIEERq0CED0h84jnDVR4YlpVKiFxpjysVCQlQDpx2 o5bct9AYp96FE1ObRX4jWr5iQLhkNvDSUQE4i0xxdJ5sg+mwcU1V6Qjvs6dmprUp/NjF BJeFi43tOtOQ/yCbRBvhE2ccJPyYpps4u2eAXYTfT1/4NQvBDNSSCzRCtFjHjIY8zYux m+KA== X-Gm-Message-State: AOAM532rxlESheQZPVwGwn5ERm92R8mpgIVqhXUwE5Koh90WMD3Poear n1bxw0RrUf3IYzF8/pbPkRikQ9rx X-Google-Smtp-Source: ABdhPJwWZzro9ckYK2greM7KjTK8oMd0961HXp/aw47Rj9PySVK21oCV8YKb2OYPEOZ0KHUJkUyCTw== X-Received: by 2002:a7b:c38c:: with SMTP id s12mr4799097wmj.136.1594912807056; Thu, 16 Jul 2020 08:20:07 -0700 (PDT) Return-Path: Received: from wychelm.lan (cpc141214-aztw34-2-0-cust773.18-1.cable.virginm.net. [86.9.19.6]) by smtp.gmail.com with ESMTPSA id u17sm9877687wrp.70.2020.07.16.08.20.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 08:20:06 -0700 (PDT) From: Daniel Thompson To: Jason Wessel , Douglas Anderson Cc: Daniel Thompson , Peter Zijlstra , sumit.garg@linaro.org, pmladek@suse.com, sergey.senozhatsky@gmail.com, will@kernel.org, Masami Hiramatsu , kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org Subject: [PATCH v2 2/3] kgdb: Use the kprobe blocklist to limit single stepping Date: Thu, 16 Jul 2020 16:19:42 +0100 Message-Id: <20200716151943.2167652-3-daniel.thompson@linaro.org> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200716151943.2167652-1-daniel.thompson@linaro.org> References: <20200716151943.2167652-1-daniel.thompson@linaro.org> MIME-Version: 1.0 If we are running in a part of the kernel that dislikes breakpoint debugging then it is very unlikely to be safe to single step. Add some safety rails to prevent stepping through anything on the kprobe blocklist. As part of this kdb_ss() will no longer set the DOING_SS flags when it requests a step. This is safe because this flag is already redundant, returning KDB_CMD_SS is all that is needed to request a step (and this saves us from having to unset the flag if the safety check fails). Signed-off-by: Daniel Thompson --- include/linux/kgdb.h | 1 + kernel/debug/debug_core.c | 13 +++++++++++++ kernel/debug/gdbstub.c | 10 +++++++++- kernel/debug/kdb/kdb_bp.c | 8 ++------ kernel/debug/kdb/kdb_main.c | 10 ++++++++-- 5 files changed, 33 insertions(+), 9 deletions(-) -- 2.25.4 diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h index 7caba4604edc..aefe823998cb 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -214,6 +214,7 @@ extern void kgdb_arch_set_pc(struct pt_regs *regs, unsigned long pc); /* Optional functions. */ extern int kgdb_validate_break_address(unsigned long addr); +extern int kgdb_validate_single_step_address(unsigned long addr); extern int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt); extern int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt); diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index 133a361578dc..4b59bcc90c5d 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -208,6 +208,19 @@ int __weak kgdb_validate_break_address(unsigned long addr) return err; } +int __weak kgdb_validate_single_step_address(unsigned long addr) +{ + /* + * Disallow stepping when we are executing code that is marked + * as unsuitable for breakpointing... stepping won't be safe + * either! + */ + if (kgdb_within_blocklist(addr)) + return -EINVAL; + + return 0; +} + unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs) { return instruction_pointer(regs); diff --git a/kernel/debug/gdbstub.c b/kernel/debug/gdbstub.c index 61774aec46b4..f1c88007cc2b 100644 --- a/kernel/debug/gdbstub.c +++ b/kernel/debug/gdbstub.c @@ -1041,8 +1041,16 @@ int gdb_serial_stub(struct kgdb_state *ks) if (tmp == 0) break; /* Fall through - on tmp < 0 */ - case 'c': /* Continue packet */ case 's': /* Single step packet */ + error = kgdb_validate_single_step_address( + kgdb_arch_pc(ks->ex_vector, + ks->linux_regs)); + if (error != 0) { + error_packet(remcom_out_buffer, error); + break; + } + fallthrough; + case 'c': /* Continue packet */ if (kgdb_contthread && kgdb_contthread != current) { /* Can't switch threads in kgdb */ error_packet(remcom_out_buffer, -EINVAL); diff --git a/kernel/debug/kdb/kdb_bp.c b/kernel/debug/kdb/kdb_bp.c index ec4940146612..4853c413f579 100644 --- a/kernel/debug/kdb/kdb_bp.c +++ b/kernel/debug/kdb/kdb_bp.c @@ -507,18 +507,14 @@ static int kdb_bc(int argc, const char **argv) * None. * Remarks: * - * Set the arch specific option to trigger a debug trap after the next - * instruction. + * KDB_CMD_SS is a command that our caller acts on to effect the step. */ static int kdb_ss(int argc, const char **argv) { if (argc != 0) return KDB_ARGCOUNT; - /* - * Set trace flag and go. - */ - KDB_STATE_SET(DOING_SS); + return KDB_CMD_SS; } diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c index 5c7949061671..cd40bf780b93 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1189,7 +1189,7 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, kdb_dbtrap_t db_result) { char *cmdbuf; - int diag; + int diag, res; struct task_struct *kdb_current = kdb_curr_task(raw_smp_processor_id()); @@ -1346,10 +1346,16 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, } if (diag == KDB_CMD_GO || diag == KDB_CMD_CPU - || diag == KDB_CMD_SS || diag == KDB_CMD_KGDB) break; + if (diag == KDB_CMD_SS) { + res = kgdb_validate_single_step_address(instruction_pointer(regs)); + if (res == 0) + break; + diag = res; + } + if (diag) kdb_cmderror(diag); } From patchwork Thu Jul 16 15:19:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 235650 Delivered-To: patches@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp888635ilg; Thu, 16 Jul 2020 08:20:09 -0700 (PDT) X-Received: by 2002:adf:f20a:: with SMTP id p10mr5849347wro.41.1594912808869; Thu, 16 Jul 2020 08:20:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594912808; cv=none; d=google.com; s=arc-20160816; b=M51kijLsfAw79tLSEr84zSwdgskY2qpSSvvKiefc3g1/CnUsLUAZz2rTntrW2Nmrum 9uD61lRanfHE9Plej/KV6oXbuSXWZRg/eUx2Sv2o63eKxPphibNchEK+cToQn843ZG+c GBKmZeuXFP3yj3MQNDIUuH98uVrDMEj/wZFgArborYfGoNdH+/gZY2Na6XAqQOiUs7X5 nY/eudyn49Gmmdax3aQJyMQPQD5/R1GKK3VqfgQfYdRPEY4tBar0wHHapKL6wChqjNVI G2EUInWvtzKJSTwrgT6jOaptiNIHE17M/9zXnhae3PftTgfS6nQy43VKLJ18mGye3SU0 PuqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Ay69b5loZmqipTP77uDUcCD3CMZjdEh7hP0bruwli1k=; b=NirOrz1VZPlZ/LBnh+Gj8ZWWWQbM2Z6jG9HJWA54bTJeGiKWwdILUdUpsIehF6jlCg S/DEUa1BK7L1Js+q87iJSLtj3jJZnT9cMlEIjRnNoT926fEH/foNnGBtZM0Ye7o/9jzo 2KVDV8uGpQXTMgvdYjBf7kh5tuF86+rC0rYJkTf1MKtnMEGl998L6NnCuu2qza9LCeBD uiQVAzJbXYCEBX/pZe3q0xwj2KTrSAEyQHXnVlKgYON1c7kpFUrP5OoJ7vEhQZH9Y+pJ Ary0PeKzkfqQKdkFFP9l24OyMR6pIoS1RZgiXNlWpkEcjYmV/TBuk8fZi/3ZR927WU69 Ax8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=d0RdbT8M; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 74sor3124293wma.23.2020.07.16.08.20.08 for (Google Transport Security); Thu, 16 Jul 2020 08:20:08 -0700 (PDT) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=d0RdbT8M; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Ay69b5loZmqipTP77uDUcCD3CMZjdEh7hP0bruwli1k=; b=d0RdbT8MqbY1ZnJgHeIEd2m0zeXY1i+Lj+PmqGKQmqaLAJiZKpFm3oxosLkai3MZ0S 9GSppOaArDiTYBQvupivke+FSk3+Cg0P1TwPggyBEFA8P2wxtI30qV6Y7JyAOlakSWrI 7XT1YjyZjvfmUCiUFYRAy0BjbJXCYgz1uFTdgl7DUv/IAVH7i1uRm+edatyqJ7NVoblc JvKimwXgxv4KzksqAgPh/JXDw+DSf64M4xeWMlQ9bYXHSivCfwoxQFDZJLmqnaay/7Vk 4zxaoCVUrydKo2k8oILHDbWI30tA8KvW6RT2eovrOz6JbQEb01y+dmuMDVMqA/Je4xhZ aoXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ay69b5loZmqipTP77uDUcCD3CMZjdEh7hP0bruwli1k=; b=jI0rek8PFPpYgQLykGhwDzQckAPJbM/xzXuCCYjhNGp8NQ8tjzM3f5ptAtTb3UMeD1 p2Bc04lfvW39hgqkrQZQVZ0vH/P43ThWvdf+aN3pSVnZwlLNoltknJmmoUo50siaEaTx rAQknWbDCGW4W3RM36xi2ovCJdR844YScedyvnvIEmDn5p1KQoypH7OwMD/O5j82HybW UoQh6l/MsBS4VF6yAbSI41sN4pmr+A1f8v2k4c69Nsaev9PothfSNTuaTg0iELJ/TFnq Ey6R10JJl+WTQWLi3+pevMMM6n9uef1TJsZPUOJJsMxLDTOo5c9w6gt0IQoNdasYj02C Z78Q== X-Gm-Message-State: AOAM532eS2Mob+mtxF1SqQOpKK8d3gYBvl3aSjkNw/SmPbMIk4H3iA2o J8fyn0/oQ7VEisERVE2dyg0hYeyc X-Google-Smtp-Source: ABdhPJytl8835REhXfZSH+IBujrm7NkmVewsF6kxmqbPplKu/iOWB6yHc9BFpHQOHY51qHxdg66EWQ== X-Received: by 2002:a7b:c208:: with SMTP id x8mr4851699wmi.49.1594912808280; Thu, 16 Jul 2020 08:20:08 -0700 (PDT) Return-Path: Received: from wychelm.lan (cpc141214-aztw34-2-0-cust773.18-1.cable.virginm.net. [86.9.19.6]) by smtp.gmail.com with ESMTPSA id u17sm9877687wrp.70.2020.07.16.08.20.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 08:20:07 -0700 (PDT) From: Daniel Thompson To: Jason Wessel , Douglas Anderson Cc: Daniel Thompson , Peter Zijlstra , sumit.garg@linaro.org, pmladek@suse.com, sergey.senozhatsky@gmail.com, will@kernel.org, Masami Hiramatsu , kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org Subject: [PATCH v2 3/3] kgdb: Add NOKPROBE labels on the trap handler functions Date: Thu, 16 Jul 2020 16:19:43 +0100 Message-Id: <20200716151943.2167652-4-daniel.thompson@linaro.org> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200716151943.2167652-1-daniel.thompson@linaro.org> References: <20200716151943.2167652-1-daniel.thompson@linaro.org> MIME-Version: 1.0 Currently kgdb honours the kprobe blocklist but doesn't place its own trap handling code on the list. Add labels to discourage attempting to use kgdb to debug itself. These changes do not make it impossible to provoke recursive trapping since they do not cover all the calls that can be made on kgdb's entry logic. However going much further whilst we are sharing the kprobe blocklist risks reducing the capabilities of kprobe and this would be a bad trade off (especially so given kgdb's users are currently conditioned to avoid recursive traps). Signed-off-by: Daniel Thompson --- kernel/debug/debug_core.c | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.25.4 diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index 4b59bcc90c5d..b056afb1beec 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -183,6 +183,7 @@ int __weak kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt) return copy_to_kernel_nofault((char *)bpt->bpt_addr, (char *)bpt->saved_instr, BREAK_INSTR_SIZE); } +NOKPROBE_SYMBOL(kgdb_arch_remove_breakpoint); int __weak kgdb_validate_break_address(unsigned long addr) { @@ -315,6 +316,7 @@ static void kgdb_flush_swbreak_addr(unsigned long addr) /* Force flush instruction cache if it was outside the mm */ flush_icache_range(addr, addr + BREAK_INSTR_SIZE); } +NOKPROBE_SYMBOL(kgdb_flush_swbreak_addr); /* * SW breakpoint management: @@ -405,6 +407,7 @@ int dbg_deactivate_sw_breakpoints(void) } return ret; } +NOKPROBE_SYMBOL(dbg_deactivate_sw_breakpoints); int dbg_remove_sw_break(unsigned long addr) { @@ -573,6 +576,7 @@ static int kgdb_reenter_check(struct kgdb_state *ks) return 1; } +NOKPROBE_SYMBOL(kgdb_reenter_check); static void dbg_touch_watchdogs(void) { @@ -811,6 +815,7 @@ static int kgdb_cpu_enter(struct kgdb_state *ks, struct pt_regs *regs, return kgdb_info[cpu].ret_state; } +NOKPROBE_SYMBOL(kgdb_cpu_enter); /* * kgdb_handle_exception() - main entry point from a kernel exception @@ -855,6 +860,7 @@ kgdb_handle_exception(int evector, int signo, int ecode, struct pt_regs *regs) arch_kgdb_ops.enable_nmi(1); return ret; } +NOKPROBE_SYMBOL(kgdb_handle_exception); /* * GDB places a breakpoint at this function to know dynamically loaded objects. @@ -889,6 +895,7 @@ int kgdb_nmicallback(int cpu, void *regs) #endif return 1; } +NOKPROBE_SYMBOL(kgdb_nmicallback); int kgdb_nmicallin(int cpu, int trapnr, void *regs, int err_code, atomic_t *send_ready) @@ -914,6 +921,7 @@ int kgdb_nmicallin(int cpu, int trapnr, void *regs, int err_code, #endif return 1; } +NOKPROBE_SYMBOL(kgdb_nmicallin); static void kgdb_console_write(struct console *co, const char *s, unsigned count)