[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200605144457.GD2948@hirez.programming.kicks-ass.net>
Date: Fri, 5 Jun 2020 16:44:57 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Daniel Thompson <daniel.thompson@...aro.org>
Cc: Jason Wessel <jason.wessel@...driver.com>,
Douglas Anderson <dianders@...omium.org>,
sumit.garg@...aro.org, pmladek@...e.com,
sergey.senozhatsky@...il.com, will@...nel.org,
kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
patches@...aro.org, Masami Hiramatsu <mhiramat@...nel.org>
Subject: Re: [RFC PATCH 0/4] kgdb: Honour the kprobe blacklist when setting
breakpoints
On Fri, Jun 05, 2020 at 04:29:53PM +0200, Peter Zijlstra wrote:
> On Fri, Jun 05, 2020 at 02:21:26PM +0100, Daniel Thompson wrote:
> > kgdb has traditionally adopted a no safety rails approach to breakpoint
> > placement. If the debugger is commanded to place a breakpoint at an
> > address then it will do so even if that breakpoint results in kgdb
> > becoming inoperable.
> >
> > A stop-the-world debugger with memory peek/poke does intrinsically
> > provide its operator with the means to hose their system in all manner
> > of exciting ways (not least because stopping-the-world is already a DoS
> > attack ;-) ) but the current no safety rail approach is not easy to
> > defend, especially given kprobes provides us with plenty of machinery to
> > mark parts of the kernel where breakpointing is discouraged.
> >
> > This patchset introduces some safety rails by using the existing
> > kprobes infrastructure. It does not cover all locations where
> > breakpoints can cause trouble but it will definitely block off several
> > avenues, including the architecture specific parts that are handled by
> > arch_within_kprobe_blacklist().
> >
> > This patch is an RFC because:
> >
> > 1. My workstation is still chugging through the compile testing.
> >
> > 2. Patch 4 needs more runtime testing.
> >
> > 3. The code to extract the kprobe blacklist code (patch 4 again) needs
> > more review especially for its impact on arch specific code.
> >
> > To be clear I do plan to do the detailed review of the kprobe blacklist
> > stuff but would like to check the direction of travel first since the
> > change is already surprisingly big and maybe there's a better way to
> > organise things.
>
> Thanks for doing these patches, esp 1-3 look very good to me.
>
> I've taken the liberty to bounce the entire set to Masami-San, who is
> the kprobes maintainer for comments as well.
OK, after having had a second look, one thing we can perhaps address
with the last patch, or perhaps on top of that, is extending the
kprobes_blacklist() with data regions.
Because these patches only exclude kgdb from setting breakpoints on
code; data breakpoints do not match what we do with
arch_build_bp_info().
Powered by blists - more mailing lists