| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Sep 2020 22:15:28 +0100
From: Daniel Thompson <daniel.thompson@...aro.org>
To: Jason Wessel <jason.wessel@...driver.com>,
Douglas Anderson <dianders@...omium.org>
Cc: Daniel Thompson <daniel.thompson@...aro.org>,
Peter Zijlstra <peterz@...radead.org>, sumit.garg@...aro.org,
pmladek@...e.com, sergey.senozhatsky@...il.com, will@...nel.org,
Masami Hiramatsu <mhiramat@...nel.org>,
kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
patches@...aro.org
Subject: [PATCH v3 0/3] kgdb: Honour the kprobe blocklist when setting breakpoints
kgdb has traditionally adopted a no safety rails approach to breakpoint
placement. If the debugger is commanded to place a breakpoint at an
address then it will do so even if that breakpoint results in kgdb
becoming inoperable.
A stop-the-world debugger with memory peek/poke intrinsically provides
its operator with the means to hose their system in all manner of
exciting ways (not least because stopping-the-world is already a DoS
attack ;-) ). Nevertheless the current no safety rail approach is
difficult to defend, especially given kprobes can provide us with plenty
of machinery to mark the parts of the kernel where breakpointing is
discouraged.
This patchset introduces some safety rails by using the existing kprobes
infrastructure and ensures this will be enabled by default on
architectures that implement kprobes. At present it does not cover
absolutely all locations where breakpoints can cause trouble but it will
block off several avenues, including the architecture specific parts
that are handled by arch_within_kprobe_blacklist().
v4:
* Fixed KConfig dependencies for HONOUR_KPROBE_BLOCKLIST on kernels
where MODULES=n
* Add additional debug_core.c functions to the blocklist (thanks Doug)
* Collected a few tags
v3:
* Dropped the single step blocklist checks. It is not proven that the
code was actually reachable without triggering the catastrophic
failure flag (which inhibits resume already).
* Update patch description for ("kgdb: Add NOKPROBE labels...") and
added symbols that are called during trap exit
* Added a new patch to push the breakpoint activation later in the
flow and ensure the I/O functions are not called with breakpoints
activated.
v2:
* Reworked after initial RFC to make honouring the blocklist require
CONFIG_KPROBES. It is now optional but the blocklist will be enabled
by default for architectures that CONFIG_HAVE_KPROBES
Daniel Thompson (3):
kgdb: Honour the kprobe blocklist when setting breakpoints
kgdb: Add NOKPROBE labels on the trap handler functions
kernel: debug: Centralize dbg_[de]activate_sw_breakpoints
include/linux/kgdb.h | 18 ++++++++++++++++++
kernel/debug/debug_core.c | 22 ++++++++++++++++++++++
kernel/debug/gdbstub.c | 1 -
kernel/debug/kdb/kdb_bp.c | 9 +++++++++
kernel/debug/kdb/kdb_debugger.c | 2 --
lib/Kconfig.kgdb | 15 +++++++++++++++
6 files changed, 64 insertions(+), 3 deletions(-)
--
2.25.4
Powered by blists - more mailing lists