Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp351783ybg; Fri, 12 Jun 2020 03:18:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkmcUy0fff3heLWDO9xVyQjMfqWPoekhuuGaVsznXDHSxdeylJweVAttT5LCYa39tD/I1s X-Received: by 2002:a17:906:2c1a:: with SMTP id e26mr5929ejh.514.1591957106844; Fri, 12 Jun 2020 03:18:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591957106; cv=none; d=google.com; s=arc-20160816; b=gNidJmlu+QI4FZWEBiF+zhH4ntC3VxFUgvdxUuWN6Xq8scgRqct5jpv5gHTPuwAQEi bG438nThPuAss6TNN6iiyknnIgMNCrcnHb6o3uG3eVMtXmREJq4IVRAAbBsLcvEWFd5O xpLOgttN55MphWEBvkwn4JycUwGA9HhEdq+GGA5IMjqWT/J60pPw0xALSqODbOM3Fsx4 +10M1pW52l8m3fYnb4ZD6veRagg+ufhmPq34nIaJLJPmPzzCQihY1J1/+n3hLk9lZVC5 YOPLsb1niAkmfTv57XA8D5RpOx8VKfmJhbvo+i2uUnH7XqiIrICe1vWLdALhdsCcv1dj bw5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=mWk3P4ErV5Sg1IYt3/Ls6J+tXvKYKeUv/vV36YH0pWA=; b=VwWWL6VFCeSbR3imkgWLowwq8SxX/1viw1Khi/MK9ihQ0gClJyOtsnEMc2KtC4Br3V rXxSlw9eLqs7v6RTF0DgSbXO4C1wvQzhgyOkfFtixrvOlSSAApKfO/DkI9BdTWy1235O Zh/Tk+DfyvC7jaSRKf4l1LNKG8hH85iFqpVtMtmtgTV8ZhqCYnFptH8Zd52hgeMhvO8s ffU7lp4cy148Ei0lDVn2SsElJbLR8QLeMRSqjiYZmC1kF2MuSqJQ3Xkkv451PVxseQcy SjdxGdyKt7eul/PvWyaz0W453MzileCA0cS5WeAtfHF0gsg0MNbwS9YuUUwZrs18FYpV /aMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=if0Nuucf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t9si3306148eds.213.2020.06.12.03.18.04; Fri, 12 Jun 2020 03:18:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=if0Nuucf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726314AbgFLKN5 (ORCPT + 99 others); Fri, 12 Jun 2020 06:13:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:39936 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725927AbgFLKNz (ORCPT ); Fri, 12 Jun 2020 06:13:55 -0400 Received: from devnote2 (NE2965lan1.rev.em-net.ne.jp [210.141.244.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0FBD7206A4; Fri, 12 Jun 2020 10:13:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591956834; bh=YGVdRMoIliwKOkYP14E5HqGygD3q1LI9VS07IqWiP3s=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=if0NuucfwA+mq3EfP/vzlyDR6OgV9i4KX/XR0T7Ui1Xgub1qExH70Dcjge+qMS21A OLa1ExtFXbpiiJ+wq9fH/5uSg3jeEbYOmt5e82h+W0UUaMUas6PmJQ1ChWxCd+nft8 51CZx9o+aNA4gQHkcgNVPGX5a0gluBvck9jKjKak= Date: Fri, 12 Jun 2020 19:13:49 +0900 From: Masami Hiramatsu To: Daniel Thompson Cc: Peter Zijlstra , Jason Wessel , Douglas Anderson , sumit.garg@linaro.org, pmladek@suse.com, sergey.senozhatsky@gmail.com, will@kernel.org, kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org Subject: Re: [RFC PATCH 0/4] kgdb: Honour the kprobe blacklist when setting breakpoints Message-Id: <20200612191349.9774d101681b9f8e7ada0200@kernel.org> In-Reply-To: <20200611143240.u77kxdbhepaazx3j@holly.lan> References: <20200605132130.1411255-1-daniel.thompson@linaro.org> <20200605142953.GP2750@hirez.programming.kicks-ass.net> <20200611214209.bd8fcd290d745ae50d898e69@kernel.org> <20200611143240.u77kxdbhepaazx3j@holly.lan> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 11 Jun 2020 15:32:40 +0100 Daniel Thompson wrote: > On Thu, Jun 11, 2020 at 09:42:09PM +0900, Masami Hiramatsu wrote: > > On Fri, 5 Jun 2020 16:29:53 +0200 > > Peter Zijlstra wrote: > > > > > On Fri, Jun 05, 2020 at 02:21:26PM +0100, Daniel Thompson wrote: > > > > kgdb has traditionally adopted a no safety rails approach to breakpoint > > > > placement. If the debugger is commanded to place a breakpoint at an > > > > address then it will do so even if that breakpoint results in kgdb > > > > becoming inoperable. > > > > > > > > A stop-the-world debugger with memory peek/poke does intrinsically > > > > provide its operator with the means to hose their system in all manner > > > > of exciting ways (not least because stopping-the-world is already a DoS > > > > attack ;-) ) but the current no safety rail approach is not easy to > > > > defend, especially given kprobes provides us with plenty of machinery to > > > > mark parts of the kernel where breakpointing is discouraged. > > > > > > > > This patchset introduces some safety rails by using the existing > > > > kprobes infrastructure. It does not cover all locations where > > > > breakpoints can cause trouble but it will definitely block off several > > > > avenues, including the architecture specific parts that are handled by > > > > arch_within_kprobe_blacklist(). > > > > > > > > This patch is an RFC because: > > > > > > > > 1. My workstation is still chugging through the compile testing. > > > > > > > > 2. Patch 4 needs more runtime testing. > > > > > > > > 3. The code to extract the kprobe blacklist code (patch 4 again) needs > > > > more review especially for its impact on arch specific code. > > > > > > > > To be clear I do plan to do the detailed review of the kprobe blacklist > > > > stuff but would like to check the direction of travel first since the > > > > change is already surprisingly big and maybe there's a better way to > > > > organise things. > > > > > > Thanks for doing these patches, esp 1-3 look very good to me. > > > > > > I've taken the liberty to bounce the entire set to Masami-San, who is > > > the kprobes maintainer for comments as well. > > > > Thanks Peter to Cc me. > > > > Reusing kprobe blacklist is good to me as far as it doesn't expand it > > only for kgdb. For example, if a function which can cause a recursive > > trap issue only when the kgdb puts a breakpoint, it should be covered > > by kgdb blacklist, or we should make a "noinstr-list" including > > both :) > > Recursion is what focuses the mind but I don't think we'd need > recursion for there to be problems. > > For example taking a kprobe trap whilst executing the kgdb trap handler > (or vice versa) is already likely to be fragile and is almost certainly > untested on most or all architectures. Ah, OK. Actually, on x86 that is not a problem (it can handle recursive int3 if software handles it correctly), but other arch may not accept it. Hmm, then using NOKPROBE_SYMBOL() is reasonable. > Further if I understood Peter's > original nudge correctly then, in addition, x86 plans to explicitly > prohibit this anyway. > > On other words I think there will only be one blacklist. Agreed. > > Thus, Nack for PATCH 4/4, that seems a bit selfish change. If kgdb wants > > to use the "kprobes blacklist", we should make CONFIG_KGDB depending on > > CONFIG_KPROBES. > > Some of the architectures currently have kgdb support but do not have > kprobes... "depends on KPROBES if HAVE_KPROBES" ? :-) (Anyway, it is a good chance to port kprobe on such arch...) Thank you, -- Masami Hiramatsu