From patchwork Fri Apr 12 12:04:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiongfeng Wang X-Patchwork-Id: 10898077 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CF43D14DB for ; Fri, 12 Apr 2019 12:07:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF51928E53 for ; Fri, 12 Apr 2019 12:07:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A1C5B28E62; Fri, 12 Apr 2019 12:07:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1AA7628E53 for ; Fri, 12 Apr 2019 12:07:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ZaQUTydpU4EounEn7JmTHip7wVBndjEC0uhcv4AM+eg=; b=B/EqW557ZidCCN Lz2D9so9oSn1BWPnzkK3KSOiGtCK2XQarqbiibH0WC7dDcuth0yaF8nohKjOcZqhDvoE6Sk4IYYF2 Up3UrNufJUqU7BndBLb/iEfB2x6nKnAs1kP1BTxgWLva92wCnUVkvQWX3qgReK7nSk8fvLxzxMqnb TUqnkKgQRi/0TFZKlltlUf63mThvvLOxIcja2jcPL0sqZVqZhptsWdXy3mJAdXXdQogbehZ2hgrgW aP+JdaLKVVxatZwvtz15D6dxjvbCjO0BkH7ayo2MYZ31e1gTleVUwFaPAcUXN0UnrGHn28/BPV1/Y IM/MDcLbxIbpAcU+AlMQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEuxN-00065x-Gu; Fri, 12 Apr 2019 12:06:57 +0000 Received: from szxga04-in.huawei.com ([45.249.212.190] helo=huawei.com) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEux4-0005PK-04 for linux-arm-kernel@lists.infradead.org; Fri, 12 Apr 2019 12:06:43 +0000 Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 283C5269CD2F03AD3FD8; Fri, 12 Apr 2019 20:06:30 +0800 (CST) Received: from linux-ibm.site (10.175.102.37) by DGGEMS405-HUB.china.huawei.com (10.3.19.205) with Microsoft SMTP Server id 14.3.408.0; Fri, 12 Apr 2019 20:06:20 +0800 From: Xiongfeng Wang To: , , , , Subject: [RFC PATCH 2/3] sdei: enable dbg in '_sdei_handler' Date: Fri, 12 Apr 2019 20:04:58 +0800 Message-ID: <1555070699-3685-3-git-send-email-wangxiongfeng2@huawei.com> X-Mailer: git-send-email 1.7.12.4 In-Reply-To: <1555070699-3685-1-git-send-email-wangxiongfeng2@huawei.com> References: <1555070699-3685-1-git-send-email-wangxiongfeng2@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.102.37] X-CFilter-Loop: Reflected X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190412_050638_593957_65214D42 X-CRM114-Status: GOOD ( 15.52 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP When we monitor a sdei_event callback using 'kprobe', the singlestep handler can not be called because dbg is masked in sdei_handler. This patch enable dbg in '_sdei_handler'. When SDEI events interrupt the userspace, 'vbar_el1' contains 'tramp_vectors' if CONFIG_UNMAP_KERNEL_AT_EL0 is enabled. So we need to restore 'vbar_el1' with kernel vectors, otherwise we will go to the wrong place when brk exception or dbg exception happens. SDEI events may interrupt 'kernel_entry' before we save 'spsr_el1' and 'elr_el1', and dbg exception will corrupts these two registers. So we also need to save and restore these two registers. If SDEI events interrupt an instruction being singlestepped, the instruction in '_sdei_handler' will begin to be singlestepped after we enable dbg. So we need to disable singlestep in the beginning of _sdei_handler if we find out we interrupt a singlestep process. Signed-off-by: Xiongfeng Wang --- arch/arm64/include/asm/debug-monitors.h | 1 + arch/arm64/kernel/debug-monitors.c | 8 ++++++ arch/arm64/kernel/sdei.c | 43 ++++++++++++++++++++++++++------- 3 files changed, 43 insertions(+), 9 deletions(-) diff --git a/arch/arm64/include/asm/debug-monitors.h b/arch/arm64/include/asm/debug-monitors.h index a44cf52..a730266 100644 --- a/arch/arm64/include/asm/debug-monitors.h +++ b/arch/arm64/include/asm/debug-monitors.h @@ -121,6 +121,7 @@ enum dbg_active_el { void user_fastforward_single_step(struct task_struct *task); void kernel_enable_single_step(struct pt_regs *regs); +void kernel_enable_single_step_noregs(void); void kernel_disable_single_step(void); int kernel_active_single_step(void); diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c index d7bb6ae..d6074f4 100644 --- a/arch/arm64/kernel/debug-monitors.c +++ b/arch/arm64/kernel/debug-monitors.c @@ -404,6 +404,14 @@ void kernel_enable_single_step(struct pt_regs *regs) } NOKPROBE_SYMBOL(kernel_enable_single_step); +void kernel_enable_single_step_noregs(void) +{ + WARN_ON(!irqs_disabled()); + mdscr_write(mdscr_read() | DBG_MDSCR_SS); + enable_debug_monitors(DBG_ACTIVE_EL1); +} +NOKPROBE_SYMBOL(kernel_enable_single_step_noregs); + void kernel_disable_single_step(void) { WARN_ON(!irqs_disabled()); diff --git a/arch/arm64/kernel/sdei.c b/arch/arm64/kernel/sdei.c index ea94cf8..9dd9cf6 100644 --- a/arch/arm64/kernel/sdei.c +++ b/arch/arm64/kernel/sdei.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -176,6 +177,8 @@ unsigned long sdei_arch_get_entry_point(int conduit) } +extern char vectors[]; /* kernel exception vectors */ + /* * __sdei_handler() returns one of: * SDEI_EV_HANDLED - success, return to the interrupted context. @@ -189,8 +192,10 @@ static __kprobes unsigned long _sdei_handler(struct pt_regs *regs, int i, err = 0; int clobbered_registers = 4; u64 elr = read_sysreg(elr_el1); + u64 spsr = read_sysreg(spsr_el1); u32 kernel_mode = read_sysreg(CurrentEL) | 1; /* +SPSel */ unsigned long vbar = read_sysreg(vbar_el1); + int ss_active = 0; if (arm64_kernel_unmapped_at_el0()) clobbered_registers++; @@ -207,19 +212,39 @@ static __kprobes unsigned long _sdei_handler(struct pt_regs *regs, */ __uaccess_enable_hw_pan(); + /* + * Enable dbg here so that we can kprobe a sdei event handler. Before we + * enable dbg, we need to restore vbar_el1 with kernel vectors + */ +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + write_sysreg(vectors, vbar_el1); + isb(); +#endif + ss_active = kernel_active_single_step(); + if (ss_active) + kernel_disable_single_step(); + local_dbg_enable(); + err = sdei_event_handler(regs, arg); + + local_dbg_disable(); + if (ss_active) + kernel_enable_single_step_noregs(); + + /* + * brk exception will corrupt elr_el1 and spsr_el1, and trust firmware + * doesn't save it for us. So we need to restore these two registers + * after 'sdei_event_handler'. + */ + write_sysreg(elr, elr_el1); + write_sysreg(spsr, spsr_el1); +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + write_sysreg(vbar, vbar_el1); +#endif + if (err) return SDEI_EV_FAILED; - if (elr != read_sysreg(elr_el1)) { - /* - * We took a synchronous exception from the SDEI handler. - * This could deadlock, and if you interrupt KVM it will - * hyp-panic instead. - */ - pr_warn("unsafe: exception during handler\n"); - } - mode = regs->pstate & (PSR_MODE32_BIT | PSR_MODE_MASK); /*