Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752411AbbHDPwE (ORCPT ); Tue, 4 Aug 2015 11:52:04 -0400 Received: from mail-wi0-f182.google.com ([209.85.212.182]:34400 "EHLO mail-wi0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752182AbbHDPwC (ORCPT ); Tue, 4 Aug 2015 11:52:02 -0400 Date: Tue, 4 Aug 2015 17:51:59 +0200 From: Frederic Weisbecker To: Andy Lutomirski Cc: Peter Zijlstra , linux-kernel@vger.kernel.org, Brian Gerst , Steven Rostedt , Borislav Petkov , Thomas Gleixner , Linus Torvalds , X86 ML , Masami Hiramatsu Subject: Re: [PATCH 1/3] x86/perf/hw_breakpoint: Disallow kernel breakpoints unless kprobe-safe Message-ID: <20150804155158.GB32738@lerouge> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2812 Lines: 74 On Thu, Jul 30, 2015 at 08:32:40PM -0700, Andy Lutomirski wrote: > Code on the kprobe blacklist doesn't want unexpected int3 > exceptions. It probably doesn't want unexpected debug exceptions > either. Be safe: disallow breakpoints in nokprobes code. > > On non-CONFIG_KPROBES kernels, there is no kprobe blacklist. In > that case, disallow kernel breakpoints entirely. > > It will be particularly important to keep hw breakpoints out of the > entry and NMI code once we move debug exceptions off the IST stack. > > Signed-off-by: Andy Lutomirski > --- > arch/x86/kernel/hw_breakpoint.c | 15 +++++++++++++++ > include/linux/kprobes.h | 2 ++ > kernel/kprobes.c | 2 +- > 3 files changed, 18 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c > index 7114ba220fd4..78f3e90c5659 100644 > --- a/arch/x86/kernel/hw_breakpoint.c > +++ b/arch/x86/kernel/hw_breakpoint.c > @@ -32,6 +32,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -243,6 +244,20 @@ static int arch_build_bp_info(struct perf_event *bp) > info->type = X86_BREAKPOINT_RW; > break; > case HW_BREAKPOINT_X: > + /* > + * We don't allow kernel breakpoints in places that are not > + * acceptable for kprobes. On non-kprobes kernels, we don't > + * allow kernel breakpoints at all. > + */ > + if (bp->attr.bp_addr >= TASK_SIZE_MAX) { > +#ifdef CONFIG_KPROBES > + if (within_kprobe_blacklist(bp->attr.bp_addr)) > + return -EINVAL; > +#else > + return -EINVAL; > +#endif > + } > + It should be done on generic code I think. In validate_hw_breakpoint() under the arch_check_bp_in_kernelspace() check. > info->type = X86_BREAKPOINT_EXECUTE; > /* > * x86 inst breakpoints need to have a specific undefined len. > diff --git a/include/linux/kprobes.h b/include/linux/kprobes.h > index 1ab54754a86d..8f6849084248 100644 > --- a/include/linux/kprobes.h > +++ b/include/linux/kprobes.h > @@ -267,6 +267,8 @@ extern void show_registers(struct pt_regs *regs); > extern void kprobes_inc_nmissed_count(struct kprobe *p); > extern bool arch_within_kprobe_blacklist(unsigned long addr); > > +extern bool within_kprobe_blacklist(unsigned long addr); The name was fine for a kprobe's private function. But if you make it public, maybe standardize the prefix like kprobes_within_blacklist(). Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/