arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
authorWill Deacon <will@kernel.org>
Fri, 29 May 2020 13:12:18 +0000 (14:12 +0100)
committerWill Deacon <will@kernel.org>
Thu, 18 Jun 2020 10:10:00 +0000 (11:10 +0100)
commit24ebec25fb270100e252b19c288e21bd7d8cc7f7
tree39eaab05d4b5fa0f24e73ca9bc42f2a87df86d39
parentbf508ec95ca3b902f14bb311a7709e5cb57fbc49
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints

Unprivileged memory accesses generated by the so-called "translated"
instructions (e.g. STTR) at EL1 can cause EL0 watchpoints to fire
unexpectedly if kernel debugging is enabled. In such cases, the
hw_breakpoint logic will invoke the user overflow handler which will
typically raise a SIGTRAP back to the current task. This is futile when
returning back to the kernel because (a) the signal won't have been
delivered and (b) userspace can't handle the thing anyway.

Avoid invoking the user overflow handler for watchpoints triggered by
kernel uaccess routines, and instead single-step over the faulting
instruction as we would if no overflow handler had been installed.

(Fixes tag identifies the introduction of unprivileged memory accesses,
 which exposed this latent bug in the hw_breakpoint code)

Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Fixes: 57f4959bad0a ("arm64: kernel: Add support for User Access Override")
Reported-by: Luis Machado <luis.machado@linaro.org>
Signed-off-by: Will Deacon <will@kernel.org>
arch/arm64/kernel/hw_breakpoint.c