| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Jan 2015 16:22:44 +0000 From: Will Deacon <will.deacon@....com> To: Pratyush Anand <panand@...hat.com> Cc: Catalin Marinas <Catalin.Marinas@....com>, Steve Capper <steve.capper@...aro.org>, Oleg Nesterov <oleg@...hat.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, David Long <dave.long@...aro.org>, William Cohen <wcohen@...hat.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> Subject: Re: Query: ARM64: Behavior of el1_dbg exception while executing el0_dbg On Fri, Jan 16, 2015 at 12:00:09PM +0000, Pratyush Anand wrote: > On Thursday 15 January 2015 10:17 PM, Pratyush Anand wrote: > > On Tuesday 13 January 2015 11:23 PM, Pratyush Anand wrote: > >> I will still try to find some way to capture enable_dbg macro path.H > > > > I did instrumented debug tap points at all the location from where > > enable_debug macro is called(see attached debug patch). But, I do not > > see that, execution reaches to any of those tap points between el0_dbg > > and el1_dbg, and tap points debug log also confirms that el1_dbg is > > raised before el0_dbg is returned. > > Probably we all missed this, ARMv8 specs is very clear about it. In > section "D2.1 About debug exceptions" it says: > > Software Breakpoint Instruction exceptions cannot be masked. The PE > takes Software Breakpoint Instruction exceptions regardless of both of > the following: > • The current Exception level. > • The current Security state. Ah, of course, I completely forgot you were using software breakpoints! > So, reception of el1_dbg while executing el0_dbg seems perfectly normal > to me. If you agree then I am back with the original query which I asked > in the beginning of the > thread,(http://permalink.gmane.org/gmane.linux.ports.arm.kernel/383672) > ie how can instruction_pointer be wrong when second el1_dbg is called > recursively(as follows). > > [1]-> el0_dbg (After executing BRK instruction by user) > [2] -> el1_dbg (when uprobe break handler at [1] executes BRK instruction) > (At the end of this ELR_EL1 is programmed with fffffdfffc000004) > [3] -> el1_dbg (when kprobe break handler at [2] enables single stepping) > (Here ELR_EL1 was found fffffe0000092470).So When this el1_dbg was > received, then regs->pc values are not same what was programmed in > ELR_EL1 at the return of [2]. Perhaps you're not removing the BRK instruction properly, and so you try to single-step a trapping instruction and end up stepping into the exception? Will -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists