Thread (23 messages) 23 messages, 3 authors, 2020-03-13

Re: [PATCH v8 00/11] arm64: Branch Target Identification support

From: Catalin Marinas <catalin.marinas@arm.com>
Date: 2020-03-12 18:42:20
Also in: linux-arch, linux-fsdevel, lkml 

On Wed, Mar 11, 2020 at 05:25:56PM +0000, Mark Brown wrote:
On Wed, Mar 11, 2020 at 04:28:58PM +0000, Catalin Marinas wrote:
quoted
On Tue, Mar 10, 2020 at 12:42:26PM +0000, Mark Brown wrote:
quoted
Sorry, I realized thanks to Amit's off-list prompting that I was testing
that I was verifying with the wrong kernel binary here (user error since
it took me a while to sort out uprobes) so this isn't quite right - you
can probe the landing pads with or without this series.
quoted
Can we not change aarch64_insn_is_nop() to actually return true only for
NOP and ignore everything else in the hint space? We tend to re-use the
hint instructions for new things in the architecture, so I'd rather
white-list what we know we can safely probe than black-listing only some
of the hint instructions.
[...]
quoted
I haven't assessed the effort of doing the above (probably not a lot)
but as a short-term workaround we could add the BTI and PAC hint
instructions to the aarch64_insn_is_nop() (though my preferred option is
the white-list one).
The only thing I've seen in testing with just NOPs whitelisted is an
inability to probe the PAC instructions which isn't the best user
experience, especially since the effect is that the probes get silently
ignored. This isn't extensive userspace testing though.  Adding
whitelisting of the BTI and PAC hints would definitely be a safer as a
first step though.  I can post either version?
I thought BTI and PAC are already whitelisted in mainline as they fall
into the hint space (by whitelisting I mean you can probe them).

I'm trying to understand how the BTI patches affect the current uprobes
support and what is needed. Executing BTI or PCI?SP out of line should
be fine as they don't generate a BTI exception (the BRK doesn't either,
just the normal debug exception).

I think (it needs checking) that BRK preserves the PSTATE.BTYPE in SPSR.
If we probe an instruction in a guarded page and then we single-step it
in a non-guarded page, we'll miss a potential BTI fault. Is this an
issue?

If we are to keep the BTI faulting behaviour, we'd need an additional
xol page, guarded, and to find a way to report the original probed
address of the fault rather than the xol page.

So, IIUC, we don't have an issue with the actual BTI or PACI?SP
instructions but rather the other instructions that would not fault with
the BTI support. While we should try to address this, I think the
important bit now is not to break the existing uprobes support when
running a binary with BTI enabled.

Have I missed anything?

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help