From: b10902118 <b10902118@ntu.edu.tw>
To: Will Deacon <will@kernel.org>
Cc: oleg@redhat.com, linux@armlinux.org.uk, catalin.marinas@arm.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/3] arm64: ptrace: fix hw_break_set() by setting addr and ctrl together
Date: Tue, 09 Sep 2025 09:50:07 +0800 [thread overview]
Message-ID: <5bf32fc88c3982b4386edf29efb260d8@ntu.edu.tw> (raw)
In-Reply-To: <aL7y00ggniiCTpZS@willie-the-truck>
On 2025-09-08 23:14, Will Deacon wrote:
> On Wed, Aug 27, 2025 at 09:41:11AM +0800, Bill Tsui wrote:
>> PTRACE_SETREGSET fails when setting a hardware breakpoint on a
>> non-4-byte aligned address with a valid length to a 32-bit tracee. The
>> length should be valid as long as the range started from the address
>> is within one aligned 4 bytes.
>>
>> The cause is that hw_break_set() modifies a breakpoint's addr
>> first and then ctrl. This calls modify_user_hw_breakpoint() twice,
>> although once registering both suffices. The first modification causes
>> errors because new addr and old ctrl can be an invalid combination at
>> hw_breakpoint_arch_parse(). For example, when a user sets a hardware
>> breakpoint with addr=0x2 and ctrl.len=1, hw_breakpoint_arch_parse()
>> will first see addr=0x2 and ctrl.len=4 (the default) and return
>> -EINVAL. On the other hand, if a user sets the same value to
>> a breakpoint whose ctrl.len has previously been set to 1 or 2,
>> it succeeds.
>>
>> The fix is to set addr and ctrl in one modify_user_hw_breakpoint(),
>> effectively eliminating the discrepancy in validation.
>>
>> Signed-off-by: Bill Tsui <b10902118@ntu.edu.tw>
>> ---
>> arch/arm64/kernel/ptrace.c | 34 +++++++++++++++++++++++++++++-----
>> 1 file changed, 29 insertions(+), 5 deletions(-)
>
> Given that:
>
> (a) This is a pretty niche interface (primarily/exclusively (?) used
> by GDB)
> (b) It's been like this for a long time
> (c) Userspace can work around the problem
>
> I'm not sure I see the benefit of trying to handle this differently
> in the kernel.
>
> If somebody _does_ have the time and energy for significant surgery
> on this code, then the best thing to do would be to remove the
> indirection through 'perf_events' altogether. I did make a start on
> that once but it's a thankless job and I got preempted by other stuff.
>
> Will
(This is the plain text version. Sorry for sending html in the previous
mail)
Thanks for the reply. I did find this bug when helping test lldb.
The primary problem is that this forbids hardware breakpoints for Thumb
at
addresses only divisible by 2 (not 4). So half of the instructions
cannot have
a hardware breakpoint on. This cannot be worked around.
The first patch should be accepted, at least. The arm64 case can be
completely
fixed by simply merging modifications in one call, making the code
reasonable
and correct.
I often debug 32bit executables on arm64, for CTF challenges and my
hobby. I
get extremely confused when some breakpoints just cannot be set. This is
also
why I worked on lldb and finally traced to the kernel. As a student, I
am willing
to take the task of moving ptrace out of 'perf_events' as long as
someone can
review my patches.
Thanks
Bill
next prev parent reply other threads:[~2025-09-09 6:55 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-24 12:43 [PATCH 0/3] ARM/arm64: ptrace: fix unaligned hardware breakpoint validation for 32bit b10902118
2025-08-24 12:43 ` [PATCH 1/3] arm64: ptrace: fix hw_break_set() by setting addr and ctrl together b10902118
2025-08-24 12:43 ` [PATCH 2/3] arm64: ptrace: minimize default bp_len for hw breakpoints to pass check b10902118
2025-08-24 12:43 ` [PATCH 3/3] ARM: " b10902118
2025-08-26 19:37 ` [PATCH 0/3] ARM/arm64: ptrace: fix unaligned hardware breakpoint validation for 32bit Catalin Marinas
2025-08-27 1:41 ` [PATCH v2 " Bill Tsui
2025-08-27 1:41 ` [PATCH v2 1/3] arm64: ptrace: fix hw_break_set() by setting addr and ctrl together Bill Tsui
2025-09-08 15:14 ` Will Deacon
2025-09-09 1:50 ` b10902118 [this message]
2025-09-09 1:57 ` Bill Tsui
2025-09-17 14:23 ` Bill Tsui
2025-08-27 1:41 ` [PATCH v2 2/3] arm64: ptrace: minimize default bp_len for hw breakpoints to pass check Bill Tsui
2025-08-27 1:41 ` [PATCH v2 3/3] ARM: " Bill Tsui
2025-10-16 15:44 ` [PATCH v3 0/1] arm64: ptrace: fix hw_break_set() to set addr and ctrl together Bill Tsui
2025-10-16 15:44 ` [PATCH v3 1/1] " Bill Tsui
2025-10-18 8:24 ` kernel test robot
2025-10-18 13:37 ` [PATCH v4 0/1] " Bill Tsui
2025-10-18 13:37 ` [PATCH v4 1/1] " Bill Tsui
2025-11-14 16:14 ` Will Deacon
2025-11-15 3:44 ` Bill Tsui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5bf32fc88c3982b4386edf29efb260d8@ntu.edu.tw \
--to=b10902118@ntu.edu.tw \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=oleg@redhat.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox