Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp2129834ybg; Fri, 5 Jun 2020 06:25:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzc1iP9lgYzoGyzedJOp2EsBstojbbFNf14+U7ypks+vTWnc9r/FJjFfmGiEgvrIzEm94eX X-Received: by 2002:a50:c091:: with SMTP id k17mr9033697edf.106.1591363522147; Fri, 05 Jun 2020 06:25:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591363522; cv=none; d=google.com; s=arc-20160816; b=Ga58QCX7hfiQYy1U0if9U/ue2VkVtDOYEYg216VyVgR+e33JfgyVuGJ1jXdNKtm3nN yepqHPeQcqQvt5jdFq4vYJ0zOPRdJfW71EzdIyX93UTt3WRPikxTWz8mjPzSvUzZ73Ul NWsqKrtcuj+on4M64mwye0FLb9fMHRQK9XQ4SUBsZQ6V1akituF/PTzu3Zf5Tgr6Rdf3 LQs35E/8e+wWzRom8pRrAOqi5SLXQCfYerkQSKNXNhceundVC1LQnBbOGMfx/U63CaNp X7vbRIyv4tElUV/pgZqdBJDzn+iFsPtOmWYOPmR5Reo2ZuBsje38vw3yPWBYIU7BK4jL Xs+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xAlKxt3CeRGgnokjPKgwbHDWms7QUL6gxBaF1E7hzHQ=; b=fqcYrkaJJfcD3TmJcZ9+UnVpFsURX7DRSNl4bKAGd7Wz1y0Opb0wv3Qw0VPndG6naZ 2dXrmKPqLoSwdRRPhXrsgxRdBkwBI2LSja5qEQ+FOBrerNnV+sqrMMoRHdQXRyAdZ3na Owz36rg+oArc0zWcolHRVoRHO+c4xHmTZVbacOJtAYdNHa6H20DyiKg2/9CVSe8bmm9d Tg+86nlpaPAEHkuDTxKahltE/zrGq1VaXXUVeZf5/lhsKqtIUTH7SmG3eGg8F7e5TGkz TEONivWJnKBE1SIQCNrQM2HJu62lfiVNo3OU7T5ZGmry41uA3zjRmwn/KFxC2UDjxt8k 9TRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yYiav+kM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f1si3705702edl.533.2020.06.05.06.24.58; Fri, 05 Jun 2020 06:25:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yYiav+kM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727037AbgFENWb (ORCPT + 99 others); Fri, 5 Jun 2020 09:22:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39816 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726848AbgFENW0 (ORCPT ); Fri, 5 Jun 2020 09:22:26 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC4F9C08C5C3 for ; Fri, 5 Jun 2020 06:22:24 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id r15so9092658wmh.5 for ; Fri, 05 Jun 2020 06:22:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xAlKxt3CeRGgnokjPKgwbHDWms7QUL6gxBaF1E7hzHQ=; b=yYiav+kMyZ2Ix7WiVK7dI5HnTMjAng05HBGjcV43tWiZ6XDmWimy/6ZQNI7sxlIeF0 ny/pb2rEHxegQzT78UTHLx57Bavu+D8NPjlonHJRBg6EZ9iiNlX+eQ7e1zjdEgQSejc6 f20Onq0IJRAlGwXVdIKKG73OrUMooHFJPdDDKhBMmrFbRI7PzSYUnX5X7YwtML9MBhpb N6Ue6HDCNLoLE/Pwz9P/J0wj27Hid2yPPeQdp0icf93cf5xbDIpv2D/dhNngYGAyL/sg bDY9CaZ+0Fse6H5ZAjs5SGLwks3JyrNKZq5zD9AEb66Zor5YraVenWPJFPis3j/fjPgY 0C8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xAlKxt3CeRGgnokjPKgwbHDWms7QUL6gxBaF1E7hzHQ=; b=n+/hHY3AD9NcqwrMkZ3Pf/iHRrBGdXcsYYbc4/ZDI94S4Xb8mtzl99Y4vqgOIJeOtq NafI8nw0+TJh8eRxPY0+qgmJtBN7b2we1dIx7knf73/w6m/hFWSBZHztyDGVdcHJfpvN v0yFjZ9Qvq79N+YLUlyKegL90bA3RabkT9GJ2WxuYGMp9CFq3s8XEchBkZD/rH0UFBW4 7hEN++M5w8izoPacLU3ZyoOR1jNVZvZlAY//yXhnFlUA47GzJ47ej5Soax5bpC3Xxbvf RxXo/pUINjQQqP7lrLBkLJEhUDa45r8c6DPtS4ZE/Cs2biBGCJ0N0QeEER5bnx8tB1qj ON0g== X-Gm-Message-State: AOAM533Wh1AZD072inh17tdinRZcI++1kkoOsyE1hcyeM4dxObvCY5nX 9hdJKwa8MemadyqQCQSFjVS77A== X-Received: by 2002:a7b:c0cc:: with SMTP id s12mr2780173wmh.111.1591363343349; Fri, 05 Jun 2020 06:22:23 -0700 (PDT) Received: from wychelm.lan (cpc141214-aztw34-2-0-cust773.18-1.cable.virginm.net. [86.9.19.6]) by smtp.gmail.com with ESMTPSA id 1sm11419211wmz.13.2020.06.05.06.22.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2020 06:22:22 -0700 (PDT) From: Daniel Thompson To: Jason Wessel , Douglas Anderson Cc: Daniel Thompson , Peter Zijlstra , sumit.garg@linaro.org, pmladek@suse.com, sergey.senozhatsky@gmail.com, will@kernel.org, kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org Subject: [RFC PATCH 1/4] kgdb: Honour the kprobe blacklist when setting breakpoints Date: Fri, 5 Jun 2020 14:21:27 +0100 Message-Id: <20200605132130.1411255-2-daniel.thompson@linaro.org> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200605132130.1411255-1-daniel.thompson@linaro.org> References: <20200605132130.1411255-1-daniel.thompson@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently kgdb has absolutely no safety rails in place to discourage or prevent a user from placing a breakpoint in dangerous places such as the debugger's own trap entry/exit and other places where it is not safe to take synchronous traps. Modify the default implementation of kgdb_validate_break_address() so that we honour the kprobe blacklist (if there is one). The resulting blacklist will include code that kgdb could, in fact, debug but I think we can assume that anyone with sufficient knowledge to meaningfully debug that code would trivially be able to find and remove the safety rail if they need to. Suggested-by: Peter Zijlstra Signed-off-by: Daniel Thompson --- kernel/debug/debug_core.c | 11 +++++++++++ kernel/debug/kdb/kdb_bp.c | 9 +++++++++ 2 files changed, 20 insertions(+) diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index ef94e906f05a..81f56d616e04 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include @@ -188,6 +189,16 @@ int __weak kgdb_validate_break_address(unsigned long addr) { struct kgdb_bkpt tmp; int err; + + /* + * Disallow breakpoints that are marked as unsuitable for kprobing. + * This check is a little over-zealous because it does include + * code that kgdb is entirely capable of debugging but in exchange + * we can avoid recursive trapping (and all the problems that brings). + */ + if (within_kprobe_blacklist(addr)) + return -EINVAL; + /* Validate setting the breakpoint and then removing it. If the * remove fails, the kernel needs to emit a bad message because we * are deep trouble not being able to put things back the way we diff --git a/kernel/debug/kdb/kdb_bp.c b/kernel/debug/kdb/kdb_bp.c index d7ebb2c79cb8..ec4940146612 100644 --- a/kernel/debug/kdb/kdb_bp.c +++ b/kernel/debug/kdb/kdb_bp.c @@ -306,6 +306,15 @@ static int kdb_bp(int argc, const char **argv) if (!template.bp_addr) return KDB_BADINT; + /* + * This check is redundant (since the breakpoint machinery should + * be doing the same check during kdb_bp_install) but gives the + * user immediate feedback. + */ + diag = kgdb_validate_break_address(template.bp_addr); + if (diag) + return diag; + /* * Find an empty bp structure to allocate */ -- 2.25.4