[0/7] Rework perf and ptrace watchpoint tracking

Message ID	20230801011744.153973-1-bgray@linux.ibm.com (mailing list archive)
Headers	show Return-Path: <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Benjamin Gray <bgray@linux.ibm.com> To: linuxppc-dev@lists.ozlabs.org Subject: [PATCH 0/7] Rework perf and ptrace watchpoint tracking Date: Tue, 1 Aug 2023 11:17:37 +1000 Message-ID: <20230801011744.153973-1-bgray@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Benjamin Gray <bgray@linux.ibm.com> Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	Rework perf and ptrace watchpoint tracking \| expand [0/7] Rework perf and ptrace watchpoint tracking [1/7] powerpc/watchpoints: Explain thread_change_pc() more [2/7] powerpc/watchpoints: Don't track info persistently [3/7] powerpc/watchpoints: Track perf single step directly on the breakpoint [4/7] powerpc/watchpoints: Simplify watchpoint reinsertion [5/7] powerpc/watchpoints: Remove ptrace/perf exclusion tracking [6/7] selftests/powerpc/ptrace: Update ptrace-perf watchpoint selftest [7/7] perf/hw_breakpoint: Remove arch breakpoint hooks

Message ID

20230801011744.153973-1-bgray@linux.ibm.com (mailing list archive)

Headers

From: Benjamin Gray <bgray@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org
Subject: [PATCH 0/7] Rework perf and ptrace watchpoint tracking
Date: Tue,  1 Aug 2023 11:17:37 +1000
Message-ID: <20230801011744.153973-1-bgray@linux.ibm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Cc: Benjamin Gray <bgray@linux.ibm.com>
Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Linuxppc-dev"
 <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

Rework perf and ptrace watchpoint tracking | expand

Message

Benjamin Gray Aug. 1, 2023, 1:17 a.m. UTC

Syzkaller triggered a null pointer dereference in the
arch_unregister_hw_breakpoint() hook. This is due to accessing
the bp->ctx->task field changing to -1 while we iterate the breakpoints.

This series refactors the breakpoint tracking logic to remove the
dependency on bp->ctx entirely. It also simplifies handling of ptrace and
perf breakpoints, making insertion less restrictive. 

If merged, it allows several arch hooks that PowerPC was the sole user of
to be removed.

Benjamin Gray (7):
  powerpc/watchpoints: Explain thread_change_pc() more
  powerpc/watchpoints: Don't track info persistently
  powerpc/watchpoints: Track perf single step directly on the breakpoint
  powerpc/watchpoints: Simplify watchpoint reinsertion
  powerpc/watchpoints: Remove ptrace/perf exclusion tracking
  selftests/powerpc/ptrace: Update ptrace-perf watchpoint selftest
  perf/hw_breakpoint: Remove arch breakpoint hooks

 arch/powerpc/include/asm/hw_breakpoint.h      |    1 +
 arch/powerpc/include/asm/processor.h          |    5 -
 arch/powerpc/kernel/hw_breakpoint.c           |  388 +-----
 include/linux/hw_breakpoint.h                 |    3 -
 kernel/events/hw_breakpoint.c                 |   28 -
 .../testing/selftests/powerpc/ptrace/Makefile |    1 +
 .../powerpc/ptrace/ptrace-perf-asm.S          |   33 +
 .../powerpc/ptrace/ptrace-perf-hwbreak.c      | 1104 +++++++----------
 8 files changed, 537 insertions(+), 1026 deletions(-)
 create mode 100644 tools/testing/selftests/powerpc/ptrace/ptrace-perf-asm.S
 rewrite tools/testing/selftests/powerpc/ptrace/ptrace-perf-hwbreak.c (93%)

Comments

Christophe Leroy Aug. 1, 2023, 9:50 a.m. UTC | #1

Le 01/08/2023 à 03:17, Benjamin Gray a écrit :
> Syzkaller triggered a null pointer dereference in the
> arch_unregister_hw_breakpoint() hook. This is due to accessing
> the bp->ctx->task field changing to -1 while we iterate the breakpoints.
> 
> This series refactors the breakpoint tracking logic to remove the
> dependency on bp->ctx entirely. It also simplifies handling of ptrace and
> perf breakpoints, making insertion less restrictive.

Is there any link between this series and the following issue: 
https://github.com/linuxppc/issues/issues/38

Christophe

> 
> If merged, it allows several arch hooks that PowerPC was the sole user of
> to be removed.
> 
> Benjamin Gray (7):
>    powerpc/watchpoints: Explain thread_change_pc() more
>    powerpc/watchpoints: Don't track info persistently
>    powerpc/watchpoints: Track perf single step directly on the breakpoint
>    powerpc/watchpoints: Simplify watchpoint reinsertion
>    powerpc/watchpoints: Remove ptrace/perf exclusion tracking
>    selftests/powerpc/ptrace: Update ptrace-perf watchpoint selftest
>    perf/hw_breakpoint: Remove arch breakpoint hooks
> 
>   arch/powerpc/include/asm/hw_breakpoint.h      |    1 +
>   arch/powerpc/include/asm/processor.h          |    5 -
>   arch/powerpc/kernel/hw_breakpoint.c           |  388 +-----
>   include/linux/hw_breakpoint.h                 |    3 -
>   kernel/events/hw_breakpoint.c                 |   28 -
>   .../testing/selftests/powerpc/ptrace/Makefile |    1 +
>   .../powerpc/ptrace/ptrace-perf-asm.S          |   33 +
>   .../powerpc/ptrace/ptrace-perf-hwbreak.c      | 1104 +++++++----------
>   8 files changed, 537 insertions(+), 1026 deletions(-)
>   create mode 100644 tools/testing/selftests/powerpc/ptrace/ptrace-perf-asm.S
>   rewrite tools/testing/selftests/powerpc/ptrace/ptrace-perf-hwbreak.c (93%)
>

Michael Ellerman Aug. 2, 2023, noon UTC | #2

Christophe Leroy <christophe.leroy@csgroup.eu> writes:
> Le 01/08/2023 à 03:17, Benjamin Gray a écrit :
>> Syzkaller triggered a null pointer dereference in the
>> arch_unregister_hw_breakpoint() hook. This is due to accessing
>> the bp->ctx->task field changing to -1 while we iterate the breakpoints.
>> 
>> This series refactors the breakpoint tracking logic to remove the
>> dependency on bp->ctx entirely. It also simplifies handling of ptrace and
>> perf breakpoints, making insertion less restrictive.
>
> Is there any link between this series and the following issue: 
> https://github.com/linuxppc/issues/issues/38

AFAIK no, Ben started looking at the breakpoint code due to a syzkaller
report of an oops.

But this series would resolve that issue AFAICS, so I guess they are
linked in that sense.

cheers

Michael Ellerman Aug. 23, 2023, 11:55 a.m. UTC | #3

On Tue, 01 Aug 2023 11:17:37 +1000, Benjamin Gray wrote:
> Syzkaller triggered a null pointer dereference in the
> arch_unregister_hw_breakpoint() hook. This is due to accessing
> the bp->ctx->task field changing to -1 while we iterate the breakpoints.
> 
> This series refactors the breakpoint tracking logic to remove the
> dependency on bp->ctx entirely. It also simplifies handling of ptrace and
> perf breakpoints, making insertion less restrictive.
> 
> [...]

Applied to powerpc/next.

[1/7] powerpc/watchpoints: Explain thread_change_pc() more
      https://git.kernel.org/powerpc/c/8f8f1cd67aa026c9dab8eb4e087e4a2d8fa9d5bc
[2/7] powerpc/watchpoints: Don't track info persistently
      https://git.kernel.org/powerpc/c/668a6ec6ed57f0248070c490aba75a9572e4b0a4
[3/7] powerpc/watchpoints: Track perf single step directly on the breakpoint
      https://git.kernel.org/powerpc/c/1e60f3564bad09962646bf8c2af588ecf518d337
[4/7] powerpc/watchpoints: Simplify watchpoint reinsertion
      https://git.kernel.org/powerpc/c/5a2d8b9c06712b52b2f0f2fc9a144242277fda74
[5/7] powerpc/watchpoints: Remove ptrace/perf exclusion tracking
      https://git.kernel.org/powerpc/c/bd29813ae10698f7bdfb3c68eacbb6464ec701ff
[6/7] selftests/powerpc/ptrace: Update ptrace-perf watchpoint selftest
      https://git.kernel.org/powerpc/c/58709f6fc327a997daeeca77aa5e6bd4d4c238cf
[7/7] perf/hw_breakpoint: Remove arch breakpoint hooks
      https://git.kernel.org/powerpc/c/53834a0c09252dea7918a9e1788bad880690900b

cheers