arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
authorWill Deacon <will@kernel.org>
Fri, 29 May 2020 13:12:18 +0000 (14:12 +0100)
committerCosmin Tanislav <demonsingur@gmail.com>
Thu, 16 May 2024 07:58:25 +0000 (10:58 +0300)
commit16f7e3c2b86dafd89ea5ddcca298f279f31032ea
treec59413895a31478955e11d10baa0f15febe87c3e
parent0a029c22ddcc91239be884b2425039467454a412
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints

[ Upstream commit 24ebec25fb270100e252b19c288e21bd7d8cc7f7 ]

Unprivileged memory accesses generated by the so-called "translated"
instructions (e.g. STTR) at EL1 can cause EL0 watchpoints to fire
unexpectedly if kernel debugging is enabled. In such cases, the
hw_breakpoint logic will invoke the user overflow handler which will
typically raise a SIGTRAP back to the current task. This is futile when
returning back to the kernel because (a) the signal won't have been
delivered and (b) userspace can't handle the thing anyway.

Avoid invoking the user overflow handler for watchpoints triggered by
kernel uaccess routines, and instead single-step over the faulting
instruction as we would if no overflow handler had been installed.

(Fixes tag identifies the introduction of unprivileged memory accesses,
 which exposed this latent bug in the hw_breakpoint code)

Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Fixes: 57f4959bad0a ("arm64: kernel: Add support for User Access Override")
Reported-by: Luis Machado <luis.machado@linaro.org>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
arch/arm64/kernel/hw_breakpoint.c