From: "tip-bot2 for Andy Lutomirski" <tip-bot2@linutronix.de>
To: linux-tip-commits@vger.kernel.org
Cc: Andy Lutomirski <luto@kernel.org>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@suse.de>,
Lai Jiangshan <jiangshanlai@gmail.com>,
Alexandre Chartre <alexandre.chartre@oracle.com>,
x86 <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>
Subject: [tip: x86/entry] x86/hw_breakpoint: Prevent data breakpoints on cpu_entry_area
Date: Tue, 19 May 2020 19:58:50 -0000 [thread overview]
Message-ID: <158991833058.17951.5755686483787789680.tip-bot2@tip-bot2> (raw)
In-Reply-To: <20200505134058.272448010@linutronix.de>
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: 3ea11ac991d594728e5df42f7eb1145072b9c2bc
Gitweb: https://git.kernel.org/tip/3ea11ac991d594728e5df42f7eb1145072b9c2bc
Author: Andy Lutomirski <luto@kernel.org>
AuthorDate: Mon, 24 Feb 2020 13:24:58 +01:00
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Fri, 15 May 2020 20:03:03 +02:00
x86/hw_breakpoint: Prevent data breakpoints on cpu_entry_area
A data breakpoint near the top of an IST stack will cause unrecoverable
recursion. A data breakpoint on the GDT, IDT, or TSS is terrifying.
Prevent either of these from happening.
Co-developed-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Lai Jiangshan <jiangshanlai@gmail.com>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Link: https://lkml.kernel.org/r/20200505134058.272448010@linutronix.de
---
arch/x86/kernel/hw_breakpoint.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
index 4d8d53e..d42fc0e 100644
--- a/arch/x86/kernel/hw_breakpoint.c
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -227,10 +227,35 @@ int arch_check_bp_in_kernelspace(struct arch_hw_breakpoint *hw)
return (va >= TASK_SIZE_MAX) || ((va + len - 1) >= TASK_SIZE_MAX);
}
+/*
+ * Checks whether the range from addr to end, inclusive, overlaps the CPU
+ * entry area range.
+ */
+static inline bool within_cpu_entry_area(unsigned long addr, unsigned long end)
+{
+ return end >= CPU_ENTRY_AREA_BASE &&
+ addr < (CPU_ENTRY_AREA_BASE + CPU_ENTRY_AREA_TOTAL_SIZE);
+}
+
static int arch_build_bp_info(struct perf_event *bp,
const struct perf_event_attr *attr,
struct arch_hw_breakpoint *hw)
{
+ unsigned long bp_end;
+
+ bp_end = attr->bp_addr + attr->bp_len - 1;
+ if (bp_end < attr->bp_addr)
+ return -EINVAL;
+
+ /*
+ * Prevent any breakpoint of any type that overlaps the
+ * cpu_entry_area. This protects the IST stacks and also
+ * reduces the chance that we ever find out what happens if
+ * there's a data breakpoint on the GDT, IDT, or TSS.
+ */
+ if (within_cpu_entry_area(attr->bp_addr, bp_end))
+ return -EINVAL;
+
hw->address = attr->bp_addr;
hw->mask = 0;
next prev parent reply other threads:[~2020-05-19 20:00 UTC|newest]
Thread overview: 178+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 13:16 [patch V4 part 1 00/36] x86/entry: Entry/exception code rework, preparatory patches Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 01/36] rcu: Add comments marking transitions between RCU watching and not Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 02/36] x86/hw_breakpoint: Prevent data breakpoints on cpu_entry_area Thomas Gleixner
2020-05-06 8:14 ` Borislav Petkov
2020-05-06 12:11 ` Alexandre Chartre
2020-05-09 9:00 ` Lai Jiangshan
2020-05-09 9:23 ` Lai Jiangshan
2020-05-09 19:08 ` Andy Lutomirski
2020-05-19 19:58 ` tip-bot2 for Andy Lutomirski [this message]
2020-05-05 13:16 ` [patch V4 part 1 03/36] sched: Clean up scheduler_ipi() Thomas Gleixner
2020-05-06 8:32 ` Thomas Gleixner
2020-05-06 8:40 ` Borislav Petkov
2020-05-06 9:12 ` Thomas Gleixner
2020-05-06 10:02 ` Borislav Petkov
2020-05-06 12:37 ` Alexandre Chartre
2020-05-06 15:03 ` Thomas Gleixner
2020-05-06 15:33 ` Peter Zijlstra
2020-05-06 18:28 ` Paul E. McKenney
2020-05-06 18:37 ` Peter Zijlstra
2020-05-06 18:46 ` Paul E. McKenney
2020-05-12 15:13 ` [tip: sched/core] " tip-bot2 for Peter Zijlstra (Intel)
2020-05-05 13:16 ` [patch V4 part 1 04/36] sched: Make scheduler_ipi inline Thomas Gleixner
2020-05-06 12:42 ` Alexandre Chartre
2020-05-12 15:13 ` [tip: sched/core] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 05/36] x86/entry: Flip _TIF_SIGPENDING and _TIF_NOTIFY_RESUME handling Thomas Gleixner
2020-05-06 11:53 ` Miroslav Benes
2020-05-06 12:06 ` Thomas Gleixner
2020-05-06 15:35 ` Peter Zijlstra
2020-05-06 13:06 ` Alexandre Chartre
2020-05-06 16:26 ` Borislav Petkov
2020-05-07 17:35 ` Andy Lutomirski
2020-05-13 20:56 ` Mathieu Desnoyers
2020-05-13 21:10 ` Steven Rostedt
2020-05-13 22:48 ` Mathieu Desnoyers
2020-05-14 0:12 ` Thomas Gleixner
2020-05-14 0:37 ` Steven Rostedt
2020-05-14 0:49 ` Thomas Gleixner
2020-05-14 1:22 ` Andy Lutomirski
2020-05-14 2:51 ` Mathieu Desnoyers
2020-05-14 9:19 ` Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 06/36] compiler: Simple READ/WRITE_ONCE() implementations Thomas Gleixner
2020-05-06 13:11 ` Alexandre Chartre
2020-05-06 13:33 ` Will Deacon
2020-05-06 15:36 ` Peter Zijlstra
2020-05-06 16:33 ` Borislav Petkov
2020-05-05 13:16 ` [patch V4 part 1 07/36] locking/atomics: Flip fallbacks and instrumentation Thomas Gleixner
2020-05-05 16:04 ` Mark Rutland
2020-05-07 23:41 ` Steven Rostedt
2020-05-08 8:40 ` Peter Zijlstra
2020-05-12 14:36 ` [tip: locking/kcsan] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 08/36] x86/doublefault: Remove memmove() call Thomas Gleixner
2020-05-06 13:47 ` Alexandre Chartre
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 09/36] x86/entry/64: Avoid pointless code when CONTEXT_TRACKING=n Thomas Gleixner
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 10/36] x86/entry: Remove the unused LOCKDEP_SYSEXIT cruft Thomas Gleixner
2020-05-06 13:52 ` Alexandre Chartre
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 11/36] x86/kvm: Handle async page faults directly through do_page_fault() Thomas Gleixner
2020-05-06 7:00 ` Paolo Bonzini
2020-05-06 14:05 ` Alexandre Chartre
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Andy Lutomirski
2020-05-05 13:16 ` [patch V4 part 1 12/36] x86/kvm: Sanitize kvm_async_pf_task_wait() Thomas Gleixner
2020-05-05 17:54 ` Paul E. McKenney
2020-05-05 21:50 ` Thomas Gleixner
2020-05-06 7:00 ` Paolo Bonzini
2020-05-06 12:53 ` Steven Rostedt
2020-05-06 15:13 ` Alexandre Chartre
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 13/36] x86/kvm: Restrict ASYNC_PF to user space Thomas Gleixner
2020-05-06 7:00 ` Paolo Bonzini
2020-05-06 15:29 ` Alexandre Chartre
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 14/36] x86/entry: Get rid of ist_begin/end_non_atomic() Thomas Gleixner
2020-05-06 15:34 ` Alexandre Chartre
2020-05-07 17:46 ` Andy Lutomirski
2020-05-13 22:57 ` Mathieu Desnoyers
2020-05-14 0:13 ` Steven Rostedt
2020-05-15 9:34 ` Thomas Gleixner
2020-05-15 13:11 ` Mathieu Desnoyers
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 15/36] kprobes: Lock kprobe_mutex while showing kprobe_blacklist Thomas Gleixner
2020-05-06 15:38 ` Alexandre Chartre
2020-05-12 15:18 ` [tip: core/kprobes] " tip-bot2 for Masami Hiramatsu
2020-05-05 13:16 ` [patch V4 part 1 16/36] kprobes: Support __kprobes blacklist in modules Thomas Gleixner
2020-05-06 15:47 ` Alexandre Chartre
2020-05-12 15:18 ` [tip: core/kprobes] " tip-bot2 for Masami Hiramatsu
2020-05-05 13:16 ` [patch V4 part 1 17/36] kprobes: Support NOKPROBE_SYMBOL() " Thomas Gleixner
2020-05-06 15:54 ` Alexandre Chartre
2020-05-12 15:18 ` [tip: core/kprobes] " tip-bot2 for Masami Hiramatsu
2020-05-05 13:16 ` [patch V4 part 1 18/36] samples/kprobes: Add __kprobes and NOKPROBE_SYMBOL() for handlers Thomas Gleixner
2020-05-06 15:57 ` Alexandre Chartre
2020-05-12 15:18 ` [tip: core/kprobes] " tip-bot2 for Masami Hiramatsu
2020-05-05 13:16 ` [patch V4 part 1 19/36] x86/entry: Exclude low level entry code from sanitizing Thomas Gleixner
2020-05-05 20:39 ` Brian Gerst
2020-05-06 15:42 ` Peter Zijlstra
2020-05-06 16:03 ` Alexandre Chartre
2020-05-13 22:58 ` Mathieu Desnoyers
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 20/36] vmlinux.lds.h: Create section for protection against instrumentation Thomas Gleixner
2020-05-06 16:08 ` Sean Christopherson
2020-05-06 16:28 ` Peter Zijlstra
2020-05-06 16:57 ` Thomas Gleixner
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 21/36] kprobes: Prevent probes in .noinstr.text section Thomas Gleixner
2020-05-08 6:30 ` Masami Hiramatsu
2020-05-19 19:52 ` [tip: core/kprobes] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 22/36] tracing: Provide lockdep less trace_hardirqs_on/off() variants Thomas Gleixner
2020-05-07 17:55 ` Andy Lutomirski
2020-05-07 18:52 ` Thomas Gleixner
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 23/36] bug: Annotate WARN/BUG/stackfail as noinstr safe Thomas Gleixner
2020-05-13 23:12 ` Mathieu Desnoyers
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-05-05 13:16 ` [patch V4 part 1 24/36] lockdep: Prepare for noinstr sections Thomas Gleixner
2020-05-08 0:23 ` Steven Rostedt
2020-05-08 8:44 ` Peter Zijlstra
2020-05-19 19:58 ` [tip: x86/entry] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 25/36] rcu/tree: Mark the idle relevant functions noinstr Thomas Gleixner
2020-05-05 18:07 ` Paul E. McKenney
2020-05-19 19:48 ` Joel Fernandes
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Thomas Gleixner
2020-09-28 22:22 ` Kim Phillips
2020-09-28 22:55 ` Paul E. McKenney
2020-09-29 7:25 ` Peter Zijlstra
2020-09-29 11:25 ` Peter Zijlstra
2020-09-29 14:34 ` Steven Rostedt
2020-09-29 14:52 ` Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 26/36] printk: Prepare for nested printk_nmi_enter() Thomas Gleixner
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Petr Mladek
2020-05-05 13:16 ` [patch V4 part 1 27/36] arm64: Prepare arch_nmi_enter() for recursion Thomas Gleixner
2020-05-13 23:28 ` Mathieu Desnoyers
2020-05-15 14:04 ` Frederic Weisbecker
2020-05-15 15:45 ` Will Deacon
2020-05-15 16:01 ` Mathieu Desnoyers
2020-05-15 21:29 ` Thomas Gleixner
2020-05-15 21:31 ` Frederic Weisbecker
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Frederic Weisbecker
2020-05-05 13:16 ` [patch V4 part 1 28/36] hardirq/nmi: Allow nested nmi_enter() Thomas Gleixner
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 29/36] x86/mce: Send #MC singal from task work Thomas Gleixner
2020-05-07 18:02 ` Andy Lutomirski
2020-05-08 8:48 ` Peter Zijlstra
2020-05-08 21:30 ` Andy Lutomirski
2020-05-14 14:16 ` Borislav Petkov
2020-05-13 23:42 ` Mathieu Desnoyers
2020-05-14 17:38 ` Thomas Gleixner
2020-05-14 17:42 ` Mathieu Desnoyers
2020-05-14 14:17 ` Borislav Petkov
2020-05-14 16:03 ` Mathieu Desnoyers
2020-05-14 16:19 ` Andy Lutomirski
2020-05-14 16:39 ` Borislav Petkov
2020-05-14 17:05 ` Mathieu Desnoyers
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 30/36] lockdep: Always inline lockdep_{off,on}() Thomas Gleixner
2020-05-13 23:46 ` Mathieu Desnoyers
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 31/36] printk: Disallow instrumenting print_nmi_enter() Thomas Gleixner
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 32/36] sh/ftrace: Move arch_ftrace_nmi_{enter,exit} into nmi exception Thomas Gleixner
2020-05-08 0:34 ` Steven Rostedt
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 33/36] x86,tracing: Robustify ftrace_nmi_enter() Thomas Gleixner
2020-05-08 6:19 ` Masami Hiramatsu
2020-05-05 13:16 ` [patch V4 part 1 34/36] sched,rcu,tracing: Avoid tracing before in_nmi() is correct Thomas Gleixner
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 35/36] x86: Replace ist_enter() with nmi_enter() Thomas Gleixner
2020-05-07 18:04 ` Andy Lutomirski
2020-05-07 18:17 ` Mathieu Desnoyers
2020-05-08 8:50 ` Peter Zijlstra
2020-05-08 17:12 ` Josh Poimboeuf
2020-05-14 0:12 ` Mathieu Desnoyers
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Peter Zijlstra
2020-05-05 13:16 ` [patch V4 part 1 36/36] rcu: Make RCU IRQ enter/exit functions rely on in_nmi() Thomas Gleixner
2020-05-05 18:13 ` Paul E. McKenney
2020-05-06 17:09 ` Alexandre Chartre
2020-05-19 19:52 ` [tip: core/rcu] " tip-bot2 for Paul E. McKenney
2020-05-07 18:05 ` [patch V4 part 1 00/36] x86/entry: Entry/exception code rework, preparatory patches Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=158991833058.17951.5755686483787789680.tip-bot2@tip-bot2 \
--to=tip-bot2@linutronix.de \
--cc=alexandre.chartre@oracle.com \
--cc=bp@suse.de \
--cc=jiangshanlai@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).