lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Jun 2020 16:44:57 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Daniel Thompson <daniel.thompson@...aro.org> Cc: Jason Wessel <jason.wessel@...driver.com>, Douglas Anderson <dianders@...omium.org>, sumit.garg@...aro.org, pmladek@...e.com, sergey.senozhatsky@...il.com, will@...nel.org, kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org, patches@...aro.org, Masami Hiramatsu <mhiramat@...nel.org> Subject: Re: [RFC PATCH 0/4] kgdb: Honour the kprobe blacklist when setting breakpoints On Fri, Jun 05, 2020 at 04:29:53PM +0200, Peter Zijlstra wrote: > On Fri, Jun 05, 2020 at 02:21:26PM +0100, Daniel Thompson wrote: > > kgdb has traditionally adopted a no safety rails approach to breakpoint > > placement. If the debugger is commanded to place a breakpoint at an > > address then it will do so even if that breakpoint results in kgdb > > becoming inoperable. > > > > A stop-the-world debugger with memory peek/poke does intrinsically > > provide its operator with the means to hose their system in all manner > > of exciting ways (not least because stopping-the-world is already a DoS > > attack ;-) ) but the current no safety rail approach is not easy to > > defend, especially given kprobes provides us with plenty of machinery to > > mark parts of the kernel where breakpointing is discouraged. > > > > This patchset introduces some safety rails by using the existing > > kprobes infrastructure. It does not cover all locations where > > breakpoints can cause trouble but it will definitely block off several > > avenues, including the architecture specific parts that are handled by > > arch_within_kprobe_blacklist(). > > > > This patch is an RFC because: > > > > 1. My workstation is still chugging through the compile testing. > > > > 2. Patch 4 needs more runtime testing. > > > > 3. The code to extract the kprobe blacklist code (patch 4 again) needs > > more review especially for its impact on arch specific code. > > > > To be clear I do plan to do the detailed review of the kprobe blacklist > > stuff but would like to check the direction of travel first since the > > change is already surprisingly big and maybe there's a better way to > > organise things. > > Thanks for doing these patches, esp 1-3 look very good to me. > > I've taken the liberty to bounce the entire set to Masami-San, who is > the kprobes maintainer for comments as well. OK, after having had a second look, one thing we can perhaps address with the last patch, or perhaps on top of that, is extending the kprobes_blacklist() with data regions. Because these patches only exclude kgdb from setting breakpoints on code; data breakpoints do not match what we do with arch_build_bp_info().
Powered by blists - more mailing lists