From patchwork Sun Aug 27 08:39:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 13366868 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E7889C83F01 for ; Sun, 27 Aug 2023 08:40:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=lfGgUMnqDc3eDOx+5fmZVvwHcUO46t/P8KDr5O6oO4k=; b=QEqV/6uE/HPdtr LMfWrPbNZo0zXpwgAS9vqKGy71DAJYNhnEj+JGl5dLHVGiuGMW6g3fCFXdOosHyuC7NDDat/ATXJ/ MVyWGD163PzQopAevL63E3hOEDt4js8DDHxE5jEJI5IQVHDDFgqyB9uAPEllAl5ssclsAPWcuA9wM vOTmD6aj6Gui82fbsKKMPTvfcvbnidvX8ivjH04OptW/IVfYxRYb5HBX7iBo6DaezoXzQsVK+oluN qb6385PibcXXw8SU0DkwVw0hVa2TihliRWnsquggILP2874XIcQHLlG9Ml/hiLUwkkNejI7aGK20K rjcpsVz1X82S4uRUiPMQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qaBJP-007g3I-2s; Sun, 27 Aug 2023 08:39:59 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qaBJM-007g2s-18 for linux-riscv@lists.infradead.org; Sun, 27 Aug 2023 08:39:58 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A3F47629D6; Sun, 27 Aug 2023 08:39:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18049C433C8; Sun, 27 Aug 2023 08:39:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1693125595; bh=YzIwPUhAIk98KSVOhAjG5Ib6wpaBGGcNghTCEj9deJU=; h=From:To:Cc:Subject:Date:From; b=HdAwxenOM8yUDMXJbFzt+mAm1X+PADXLPz55W3BtvbFqFQZedXvl3rsRofL4u62wb OQ5HMt7Nv/vA4rruNXNqt3urENYWaWXnJJCJblntkww8wLRdv1MSQwjsOxdVWuosJg TxzKvwUCMg4iriM6BSKNIzPfTkiUPWKO5KA1H1DRpgbAipR31UOVq7X30ECqw8q8l3 uyLhz6tudsOYZMUV8EU5f2Fau3ERd0yPY82gsvpUREIDkev4iu/XVR1MC1UkWbQQ/O SmToHrvJYu3AwX/U5RbFEc8FOM6m9LW5EyBgwePv4pxD8SlOnJ38ZUNl2tKxXMHZvg GsdrQe51zfkGw== From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-riscv@lists.infradead.org, Guo Ren Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Nam Cao Subject: [PATCH] riscv: Only consider swbp/ss handlers for correct privileged mode Date: Sun, 27 Aug 2023 10:39:49 +0200 Message-Id: <20230827083949.204927-1-bjorn@kernel.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230827_013956_478964_508B2E83 X-CRM114-Status: GOOD ( 13.67 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org From: Björn Töpel RISC-V software breakpoint trap handlers are used for {k,u}probes. When trapping from kernelmode, only the kernelmode handlers should be considered. Vice versa, only usermode handlers for usermode traps. This is not the case on RISC-V, which can trigger a bug if a userspace process uses uprobes, and a WARN() is triggered from kernelmode (which is implemented via {c.,}ebreak). The kernel will trap on the kernelmode {c.,}ebreak, look for uprobes handlers, realize incorrectly that uprobes need to be handled, and exit the trap handler early. The trap returns to re-executing the {c.,}ebreak, and enter an infinite trap-loop. The issue was found running the BPF selftest [1]. Fix this issue by only considering the swbp/ss handlers for kernel/usermode respectively. Also, move CONFIG ifdeffery from traps.c to the asm/{k,u}probes.h headers. Note that linux/uprobes.h only include asm/uprobes.h if CONFIG_UPROBES is defined, which is why asm/uprobes.h needs to be unconditionally included in traps.c Link: https://lore.kernel.org/linux-riscv/87v8d19aun.fsf@all.your.base.are.belong.to.us/ # [1] Fixes: 74784081aac8 ("riscv: Add uprobes supported") Signed-off-by: Björn Töpel Reviewed-by: Guo Ren --- arch/riscv/include/asm/kprobes.h | 11 ++++++++++- arch/riscv/include/asm/uprobes.h | 13 ++++++++++++- arch/riscv/kernel/traps.c | 28 ++++++++++++++++++---------- 3 files changed, 40 insertions(+), 12 deletions(-) base-commit: 7d2f353b2682dcfe5f9bc71e5b61d5b61770d98e diff --git a/arch/riscv/include/asm/kprobes.h b/arch/riscv/include/asm/kprobes.h index e7882ccb0fd4..89fbd90f16a2 100644 --- a/arch/riscv/include/asm/kprobes.h +++ b/arch/riscv/include/asm/kprobes.h @@ -40,6 +40,15 @@ void arch_remove_kprobe(struct kprobe *p); int kprobe_fault_handler(struct pt_regs *regs, unsigned int trapnr); bool kprobe_breakpoint_handler(struct pt_regs *regs); bool kprobe_single_step_handler(struct pt_regs *regs); - +#else +static inline bool kprobe_breakpoint_handler(struct pt_regs *) +{ + return false; +} + +static inline bool kprobe_single_step_handler(struct pt_regs *) +{ + return false; +} #endif /* CONFIG_KPROBES */ #endif /* _ASM_RISCV_KPROBES_H */ diff --git a/arch/riscv/include/asm/uprobes.h b/arch/riscv/include/asm/uprobes.h index f2183e00fdd2..3fc7deda9190 100644 --- a/arch/riscv/include/asm/uprobes.h +++ b/arch/riscv/include/asm/uprobes.h @@ -34,7 +34,18 @@ struct arch_uprobe { bool simulate; }; +#ifdef CONFIG_UPROBES bool uprobe_breakpoint_handler(struct pt_regs *regs); bool uprobe_single_step_handler(struct pt_regs *regs); - +#else +static inline bool uprobe_breakpoint_handler(struct pt_regs *regs) +{ + return false; +} + +static inline bool uprobe_single_step_handler(struct pt_regs *regs) +{ + return false; +} +#endif /* CONFIG_UPROBES */ #endif /* _ASM_RISCV_UPROBES_H */ diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index f798c853bede..cd6f10c73a16 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -13,6 +13,8 @@ #include #include #include +#include +#include #include #include #include @@ -246,22 +248,28 @@ static inline unsigned long get_break_insn_length(unsigned long pc) return GET_INSN_LENGTH(insn); } +static bool probe_single_step_handler(struct pt_regs *regs) +{ + bool user = user_mode(regs); + + return user ? uprobe_single_step_handler(regs) : kprobe_single_step_handler(regs); +} + +static bool probe_breakpoint_handler(struct pt_regs *regs) +{ + bool user = user_mode(regs); + + return user ? uprobe_breakpoint_handler(regs) : kprobe_breakpoint_handler(regs); +} + void handle_break(struct pt_regs *regs) { -#ifdef CONFIG_KPROBES - if (kprobe_single_step_handler(regs)) + if (probe_single_step_handler(regs)) return; - if (kprobe_breakpoint_handler(regs)) - return; -#endif -#ifdef CONFIG_UPROBES - if (uprobe_single_step_handler(regs)) + if (probe_breakpoint_handler(regs)) return; - if (uprobe_breakpoint_handler(regs)) - return; -#endif current->thread.bad_cause = regs->cause; if (user_mode(regs))