From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754283AbcEZP0L (ORCPT ); Thu, 26 May 2016 11:26:11 -0400 Received: from mail-qk0-f176.google.com ([209.85.220.176]:36442 "EHLO mail-qk0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754262AbcEZP0J (ORCPT ); Thu, 26 May 2016 11:26:09 -0400 Subject: Re: [PATCH v12 06/10] arm64: Treat all entry code as non-kprobe-able To: James Morse , Pratyush Anand References: <1461783185-9056-1-git-send-email-dave.long@linaro.org> <1461783185-9056-7-git-send-email-dave.long@linaro.org> <573497FA.5030309@arm.com> Cc: Catalin Marinas , Will Deacon , Sandeepa Prabhu , William Cohen , Steve Capper , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Marc Zyngier , Dave P Martin , Mark Rutland , Robin Murphy , Ard Biesheuvel , Jens Wiklander , Christoffer Dall , =?UTF-8?Q?Alex_Benn=c3=a9e?= , Yang Shi , Greg Kroah-Hartman , Viresh Kumar , "Suzuki K. Poulose" , Kees Cook , Zi Shen Lim , John Blackwood , Feng Kan , Balamurugan Shanmugam , Vladimir Murzin , Mark Salyzyn , Petr Mladek , Andrew Morton , Mark Brown From: David Long Message-ID: <57471589.9030301@linaro.org> Date: Thu, 26 May 2016 11:26:01 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <573497FA.5030309@arm.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/12/2016 10:49 AM, James Morse wrote: > Hi David, Pratyush > > On 27/04/16 19:53, David Long wrote: >> From: Pratyush Anand >> >> Entry symbols are not kprobe safe. So blacklist them for kprobing. >> >> Signed-off-by: Pratyush Anand > >> diff --git a/arch/arm64/kernel/kprobes.c b/arch/arm64/kernel/kprobes.c >> index dfa1b1f..6a1292b 100644 >> --- a/arch/arm64/kernel/kprobes.c >> +++ b/arch/arm64/kernel/kprobes.c >> @@ -29,6 +29,7 @@ >> #include >> #include >> #include >> +#include >> >> #include "kprobes-arm64.h" >> >> @@ -514,6 +515,15 @@ int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs) >> return 1; >> } >> >> +bool arch_within_kprobe_blacklist(unsigned long addr) >> +{ >> + return (addr >= (unsigned long)__kprobes_text_start && >> + addr < (unsigned long)__kprobes_text_end) || >> + (addr >= (unsigned long)__entry_text_start && >> + addr < (unsigned long)__entry_text_end) || >> + !!search_exception_tables(addr); >> +} >> + > > Looking at __kvm_hyp_vector, we don't have support for handling breakpoints at > EL2, so we should forbid kprobing these address ranges too: > __hyp_text_start -> __hyp_text_end > __hyp_idmap_text_start -> __hyp_idmap_text_end > > These can probably be guarded with is_kernel_in_hyp_mode(), if this is true then > we are running with VHE where this code runs at the same exception level as the > rest of the kernel, so we can probe them. (In this case you may want to add > 'eret' to aarch64_insn_is_branch() in patch 2) > > > Probing things in the kernel idmap sounds dangerous! Lets blacklist that too: > __idmap_text_start -> __idmap_text_end > I've made these changes. I noticed there's no include file definitions for these symbols so I've added local extern declarations in arch_within_kprobe_blacklist(). Thanks, -dl