* [PATCH v2] arm: ptrace: Fix mask for thumb breakpoint hook
@ 2020-04-13 17:38 Fredrik Strupe
2020-05-18 13:12 ` [PING] " Fredrik Strupe
0 siblings, 1 reply; 5+ messages in thread
From: Fredrik Strupe @ 2020-04-13 17:38 UTC (permalink / raw)
To: linux-arm-kernel, linux-kernel
Cc: Fredrik Strupe, Oleg Nesterov, Russell King
call_undef_hook() in traps.c applies the same instr_mask for both 16-bit
and 32-bit thumb instructions. If instr_mask then is only 16 bits wide
(0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb
instructions will be masked out. This makes the function match 32-bit
thumb instructions where the second half-word is equal to instr_val,
regardless of the first half-word.
The result in this case is that all undefined 32-bit thumb instructions
with the second half-word equal to de01 (udf #1) work as breakpoints
and will raise a SIGTRAP instead of a SIGILL, instead of just the one
intended 16-bit instruction. An example of such an instruction is
eaa0b650, which is unallocated according to Arm ARM and should raise a
SIGILL, but instead raises a SIGTRAP.
This patch fixes the issue by setting all the bits in instr_mask, which
will still match the intended 16-bit thumb instruction (where the
upper half is always 0), but not any 32-bit thumb instructions.
Signed-off-by: Fredrik Strupe <fredrik@strupe.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Russell King <linux@armlinux.org.uk>
---
arch/arm/kernel/ptrace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index b606cded90cd..4cc6a7eff635 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -219,8 +219,8 @@ static struct undef_hook arm_break_hook = {
};
static struct undef_hook thumb_break_hook = {
- .instr_mask = 0xffff,
- .instr_val = 0xde01,
+ .instr_mask = 0xffffffff,
+ .instr_val = 0x0000de01,
.cpsr_mask = PSR_T_BIT,
.cpsr_val = PSR_T_BIT,
.fn = break_trap,
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PING] [PATCH v2] arm: ptrace: Fix mask for thumb breakpoint hook
2020-04-13 17:38 [PATCH v2] arm: ptrace: Fix mask for thumb breakpoint hook Fredrik Strupe
@ 2020-05-18 13:12 ` Fredrik Strupe
2020-05-18 14:18 ` Russell King - ARM Linux admin
0 siblings, 1 reply; 5+ messages in thread
From: Fredrik Strupe @ 2020-05-18 13:12 UTC (permalink / raw)
To: linux-arm-kernel, linux-kernel, Oleg Nesterov, Russell King
call_undef_hook() in traps.c applies the same instr_mask for both 16-bit
and 32-bit thumb instructions. If instr_mask then is only 16 bits wide
(0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb
instructions will be masked out. This makes the function match 32-bit
thumb instructions where the second half-word is equal to instr_val,
regardless of the first half-word.
The result in this case is that all undefined 32-bit thumb instructions
with the second half-word equal to de01 (udf #1) work as breakpoints
and will raise a SIGTRAP instead of a SIGILL, instead of just the one
intended 16-bit instruction. An example of such an instruction is
eaa0b650, which is unallocated according to Arm ARM and should raise a
SIGILL, but instead raises a SIGTRAP.
This patch fixes the issue by setting all the bits in instr_mask, which
will still match the intended 16-bit thumb instruction (where the
upper half is always 0), but not any 32-bit thumb instructions.
Signed-off-by: Fredrik Strupe <fredrik@strupe.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Russell King <linux@armlinux.org.uk>
---
arch/arm/kernel/ptrace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index b606cded90cd..4cc6a7eff635 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -219,8 +219,8 @@ static struct undef_hook arm_break_hook = {
};
static struct undef_hook thumb_break_hook = {
- .instr_mask = 0xffff,
- .instr_val = 0xde01,
+ .instr_mask = 0xffffffff,
+ .instr_val = 0x0000de01,
.cpsr_mask = PSR_T_BIT,
.cpsr_val = PSR_T_BIT,
.fn = break_trap,
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PING] [PATCH v2] arm: ptrace: Fix mask for thumb breakpoint hook
2020-05-18 13:12 ` [PING] " Fredrik Strupe
@ 2020-05-18 14:18 ` Russell King - ARM Linux admin
2020-05-18 15:02 ` Fredrik Strupe
0 siblings, 1 reply; 5+ messages in thread
From: Russell King - ARM Linux admin @ 2020-05-18 14:18 UTC (permalink / raw)
To: Fredrik Strupe; +Cc: linux-kernel, linux-arm-kernel, Oleg Nesterov
On Mon, May 18, 2020 at 03:12:06PM +0200, Fredrik Strupe wrote:
> call_undef_hook() in traps.c applies the same instr_mask for both 16-bit
> and 32-bit thumb instructions. If instr_mask then is only 16 bits wide
> (0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb
> instructions will be masked out. This makes the function match 32-bit
> thumb instructions where the second half-word is equal to instr_val,
> regardless of the first half-word.
>
> The result in this case is that all undefined 32-bit thumb instructions
> with the second half-word equal to de01 (udf #1) work as breakpoints
> and will raise a SIGTRAP instead of a SIGILL, instead of just the one
> intended 16-bit instruction. An example of such an instruction is
> eaa0b650, which is unallocated according to Arm ARM and should raise a
> SIGILL, but instead raises a SIGTRAP.
How can 0xeaa0b650 match 0xde01 when masked with 0xffff ?
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 10.2Mbps down 587kbps up
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PING] [PATCH v2] arm: ptrace: Fix mask for thumb breakpoint hook
2020-05-18 14:18 ` Russell King - ARM Linux admin
@ 2020-05-18 15:02 ` Fredrik Strupe
2020-05-18 16:39 ` Russell King - ARM Linux admin
0 siblings, 1 reply; 5+ messages in thread
From: Fredrik Strupe @ 2020-05-18 15:02 UTC (permalink / raw)
To: Russell King - ARM Linux admin
Cc: linux-kernel, linux-arm-kernel, Oleg Nesterov
On 18.05.2020 16:18, Russell King - ARM Linux admin wrote:
> On Mon, May 18, 2020 at 03:12:06PM +0200, Fredrik Strupe wrote:
>> call_undef_hook() in traps.c applies the same instr_mask for both 16-bit
>> and 32-bit thumb instructions. If instr_mask then is only 16 bits wide
>> (0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb
>> instructions will be masked out. This makes the function match 32-bit
>> thumb instructions where the second half-word is equal to instr_val,
>> regardless of the first half-word.
>>
>> The result in this case is that all undefined 32-bit thumb instructions
>> with the second half-word equal to de01 (udf #1) work as breakpoints
>> and will raise a SIGTRAP instead of a SIGILL, instead of just the one
>> intended 16-bit instruction. An example of such an instruction is
>> eaa0b650, which is unallocated according to Arm ARM and should raise a
>> SIGILL, but instead raises a SIGTRAP.
>
> How can 0xeaa0b650 match 0xde01 when masked with 0xffff ?
>
Sorry, that is a typo; it should say 0xeaa0de01.
For reference, this is similar to the problem with SETEND emulation that
was fixed in commit fc2266011acc in the mainline kernel
(or as discussed here: https://lkml.org/lkml/2020/4/8/274).
Fredrik
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PING] [PATCH v2] arm: ptrace: Fix mask for thumb breakpoint hook
2020-05-18 15:02 ` Fredrik Strupe
@ 2020-05-18 16:39 ` Russell King - ARM Linux admin
0 siblings, 0 replies; 5+ messages in thread
From: Russell King - ARM Linux admin @ 2020-05-18 16:39 UTC (permalink / raw)
To: Fredrik Strupe; +Cc: linux-kernel, linux-arm-kernel, Oleg Nesterov
On Mon, May 18, 2020 at 05:02:27PM +0200, Fredrik Strupe wrote:
> On 18.05.2020 16:18, Russell King - ARM Linux admin wrote:
> > On Mon, May 18, 2020 at 03:12:06PM +0200, Fredrik Strupe wrote:
> >> call_undef_hook() in traps.c applies the same instr_mask for both 16-bit
> >> and 32-bit thumb instructions. If instr_mask then is only 16 bits wide
> >> (0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb
> >> instructions will be masked out. This makes the function match 32-bit
> >> thumb instructions where the second half-word is equal to instr_val,
> >> regardless of the first half-word.
> >>
> >> The result in this case is that all undefined 32-bit thumb instructions
> >> with the second half-word equal to de01 (udf #1) work as breakpoints
> >> and will raise a SIGTRAP instead of a SIGILL, instead of just the one
> >> intended 16-bit instruction. An example of such an instruction is
> >> eaa0b650, which is unallocated according to Arm ARM and should raise a
> >> SIGILL, but instead raises a SIGTRAP.
> >
> > How can 0xeaa0b650 match 0xde01 when masked with 0xffff ?
> >
>
> Sorry, that is a typo; it should say 0xeaa0de01.
>
> For reference, this is similar to the problem with SETEND emulation that
> was fixed in commit fc2266011acc in the mainline kernel
> (or as discussed here: https://lkml.org/lkml/2020/4/8/274).
Thanks for the clarification. Please update the patch description and
put it in the patch system, thanks.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 10.2Mbps down 587kbps up
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-05-18 16:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-13 17:38 [PATCH v2] arm: ptrace: Fix mask for thumb breakpoint hook Fredrik Strupe
2020-05-18 13:12 ` [PING] " Fredrik Strupe
2020-05-18 14:18 ` Russell King - ARM Linux admin
2020-05-18 15:02 ` Fredrik Strupe
2020-05-18 16:39 ` Russell King - ARM Linux admin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).