lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F68CD32.3040202@windriver.com>
Date:	Tue, 20 Mar 2012 13:32:18 -0500
From:	Jason Wessel <jason.wessel@...driver.com>
To:	Tim Bird <tim.bird@...sony.com>
CC:	"kgdb-bugreport@...ts.sourceforge.net" 
	<kgdb-bugreport@...ts.sourceforge.net>,
	linux kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] kdb: Add message about CONFIG_DEBUG_RODATA on failure
 to install breakpoint

On 09/21/2011 03:07 PM, Tim Bird wrote:
> On x86, if CONFIG_DEBUG_RODATA is set, one cannot set breakpoints
> via KDB.  Apparently this is a well-known problem, as at least one distribution
> now ships with both KDB enabled and CONFIG_DEBUG_RODATA=y for security reasons.
> 
> This patch just adds an extra printk message to the breakpoint failure case,
> in order to provide some useful diagnostics to the user.
> 

The patch is definitely the right idea.  I believe we should try and tell the whole story and only print the message for the type of breakpoint that fails.  It is absolutely the case that you can still use kdb/kdb without recompiling the kernel.

I propose a slightly different implementation below.


---

Subject: [PATCH] kdb: Add message about CONFIG_DEBUG_RODATA on failure to install breakpoint

When the kernel config option CONFIG_DEBUG_RODATA=y is set on x86
software breakpoints are not available to KDB.  The constraints to
debug kernel are often at odds with security protections for a kernel
and several OS distributions ship with both KDB enabled and
CONFIG_DEBUG_RODATA=y.

This patch adds an printk message to the breakpoint failure case,
in order to provide suggestions about how to use the debugger.

Reported-by: Tim Bird <tim.bird@...sony.com>
Signed-off-by: Jason Wessel <jason.wessel@...driver.com>
---
 kernel/debug/kdb/kdb_bp.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/kernel/debug/kdb/kdb_bp.c b/kernel/debug/kdb/kdb_bp.c
index 20059ef..8418c2f 100644
--- a/kernel/debug/kdb/kdb_bp.c
+++ b/kernel/debug/kdb/kdb_bp.c
@@ -153,7 +153,13 @@ static int _kdb_bp_install(struct pt_regs *regs, kdb_bp_t *bp)
 	} else {
 		kdb_printf("%s: failed to set breakpoint at 0x%lx\n",
 			   __func__, bp->bp_addr);
+#ifdef CONFIG_DEBUG_RODATA
+		if (!bp->bp_type) {
+			kdb_printf("Software breakpoints are unavailable.\n"
+				   "  Change the kernel CONFIG_DEBUG_RODATA=n\n"
+				   "  OR use hw breakpoints: help bph\n");
+		}
+#endif
 		return 1;
 	}
 	return 0;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ