From: Nicholas Piggin <npiggin@gmail.com>
To: linuxppc-dev@lists.ozlabs.org, Michael Ellerman <mpe@ellerman.id.au>
Cc: "Naveen N . Rao" <naveen.n.rao@linux.vnet.ibm.com>
Subject: Re: [PATCH 2/2] powerpc/uprobes: Reject uprobe on a system call instruction
Date: Thu, 27 Jan 2022 17:44:29 +1000 [thread overview]
Message-ID: <1643269209.jj1krtc1vx.astroid@bobo.none> (raw)
In-Reply-To: <874k5sm42l.fsf@mpe.ellerman.id.au>
Excerpts from Michael Ellerman's message of January 25, 2022 9:45 pm:
> Nicholas Piggin <npiggin@gmail.com> writes:
>> Per the ISA, a Trace interrupt is not generated for a system call
>> [vectored] instruction. Reject uprobes on such instructions as we are
>> not emulating a system call [vectored] instruction anymore.
>
> This should really be patch 1, otherwise there's a single commit window
> where we allow uprobes on sc but don't honour them.
Yep true. I also messed up Naveen's attribution! Will re-send (or maybe
Naveen would take over the series).
>
>> Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
>> [np: Switch to pr_info_ratelimited]
>> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
>> ---
>> arch/powerpc/include/asm/ppc-opcode.h | 1 +
>> arch/powerpc/kernel/uprobes.c | 6 ++++++
>> 2 files changed, 7 insertions(+)
>>
>> diff --git a/arch/powerpc/include/asm/ppc-opcode.h b/arch/powerpc/include/asm/ppc-opcode.h
>> index 9675303b724e..8bbe16ce5173 100644
>> --- a/arch/powerpc/include/asm/ppc-opcode.h
>> +++ b/arch/powerpc/include/asm/ppc-opcode.h
>> @@ -411,6 +411,7 @@
>> #define PPC_RAW_DCBFPS(a, b) (0x7c0000ac | ___PPC_RA(a) | ___PPC_RB(b) | (4 << 21))
>> #define PPC_RAW_DCBSTPS(a, b) (0x7c0000ac | ___PPC_RA(a) | ___PPC_RB(b) | (6 << 21))
>> #define PPC_RAW_SC() (0x44000002)
>> +#define PPC_RAW_SCV() (0x44000001)
>> #define PPC_RAW_SYNC() (0x7c0004ac)
>> #define PPC_RAW_ISYNC() (0x4c00012c)
>>
>> diff --git a/arch/powerpc/kernel/uprobes.c b/arch/powerpc/kernel/uprobes.c
>> index c6975467d9ff..3779fde804bd 100644
>> --- a/arch/powerpc/kernel/uprobes.c
>> +++ b/arch/powerpc/kernel/uprobes.c
>> @@ -41,6 +41,12 @@ int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe,
>> if (addr & 0x03)
>> return -EINVAL;
>>
>> + if (ppc_inst_val(ppc_inst_read(auprobe->insn)) == PPC_RAW_SC() ||
>> + ppc_inst_val(ppc_inst_read(auprobe->insn)) == PPC_RAW_SCV()) {
>
> We should probably reject hypercall too?
>
> There's also a lot of reserved fields in `sc`, so doing an exact match
> like this risks missing instructions that are badly formed but the CPU
> will happily execute as `sc`.
Yeah, scv as well has lev != 0 unsupported so should be excluded.
>
> We'd obviously never expect to see those in compiler generated code, but
> it'd still be safer to mask. We could probably just reject opcode 17
> entirely.
>
> And I guess for a subsequent patch, but we should be rejecting some
> others here as well shouldn't we? Like rfid etc.
Traps under discussion I guess. For uprobe, rfid will be just another
privilege fault. Is that dealt with somehow or do all privileged and
illegal instructions also need to be excluded from stepping? (I assume
we must handle that in a general way somehow)
Thanks,
Nick
next prev parent reply other threads:[~2022-01-27 7:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-24 5:57 [PATCH 0/2] powerpc: Disable syscall emulation and stepping Nicholas Piggin
2022-01-24 5:57 ` [PATCH 1/2] powerpc/64: remove system call instruction emulation Nicholas Piggin
2022-01-24 5:57 ` [PATCH 2/2] powerpc/uprobes: Reject uprobe on a system call instruction Nicholas Piggin
2022-01-25 11:45 ` Michael Ellerman
2022-01-27 7:44 ` Nicholas Piggin [this message]
2022-01-28 11:30 ` Naveen N. Rao
2022-01-24 6:39 ` [PATCH 0/2] powerpc: Disable syscall emulation and stepping Christophe Leroy
2022-01-25 3:04 ` Nicholas Piggin
2022-01-25 5:53 ` Christophe Leroy
[not found] ` <52b03748fdeff1bb2eb67f6038311e26@imap.linux.ibm.com>
2022-01-27 7:39 ` Nicholas Piggin
2022-01-28 11:15 ` Naveen N. Rao
2022-01-28 11:11 ` Naveen N. Rao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1643269209.jj1krtc1vx.astroid@bobo.none \
--to=npiggin@gmail.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=naveen.n.rao@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).