[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200611214209.bd8fcd290d745ae50d898e69@kernel.org>
Date: Thu, 11 Jun 2020 21:42:09 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Daniel Thompson <daniel.thompson@...aro.org>,
Jason Wessel <jason.wessel@...driver.com>,
Douglas Anderson <dianders@...omium.org>,
sumit.garg@...aro.org, pmladek@...e.com,
sergey.senozhatsky@...il.com, will@...nel.org,
kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
patches@...aro.org, Masami Hiramatsu <mhiramat@...nel.org>
Subject: Re: [RFC PATCH 0/4] kgdb: Honour the kprobe blacklist when setting
breakpoints
On Fri, 5 Jun 2020 16:29:53 +0200
Peter Zijlstra <peterz@...radead.org> wrote:
> On Fri, Jun 05, 2020 at 02:21:26PM +0100, Daniel Thompson wrote:
> > kgdb has traditionally adopted a no safety rails approach to breakpoint
> > placement. If the debugger is commanded to place a breakpoint at an
> > address then it will do so even if that breakpoint results in kgdb
> > becoming inoperable.
> >
> > A stop-the-world debugger with memory peek/poke does intrinsically
> > provide its operator with the means to hose their system in all manner
> > of exciting ways (not least because stopping-the-world is already a DoS
> > attack ;-) ) but the current no safety rail approach is not easy to
> > defend, especially given kprobes provides us with plenty of machinery to
> > mark parts of the kernel where breakpointing is discouraged.
> >
> > This patchset introduces some safety rails by using the existing
> > kprobes infrastructure. It does not cover all locations where
> > breakpoints can cause trouble but it will definitely block off several
> > avenues, including the architecture specific parts that are handled by
> > arch_within_kprobe_blacklist().
> >
> > This patch is an RFC because:
> >
> > 1. My workstation is still chugging through the compile testing.
> >
> > 2. Patch 4 needs more runtime testing.
> >
> > 3. The code to extract the kprobe blacklist code (patch 4 again) needs
> > more review especially for its impact on arch specific code.
> >
> > To be clear I do plan to do the detailed review of the kprobe blacklist
> > stuff but would like to check the direction of travel first since the
> > change is already surprisingly big and maybe there's a better way to
> > organise things.
>
> Thanks for doing these patches, esp 1-3 look very good to me.
>
> I've taken the liberty to bounce the entire set to Masami-San, who is
> the kprobes maintainer for comments as well.
Thanks Peter to Cc me.
Reusing kprobe blacklist is good to me as far as it doesn't expand it
only for kgdb. For example, if a function which can cause a recursive
trap issue only when the kgdb puts a breakpoint, it should be covered
by kgdb blacklist, or we should make a "noinstr-list" including
both :)
Thus, Nack for PATCH 4/4, that seems a bit selfish change. If kgdb wants
to use the "kprobes blacklist", we should make CONFIG_KGDB depending on
CONFIG_KPROBES. Or, (as I pointed) we should make independent "noinstr-list"
and use it from both.
Thank you,
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists