On Fri, Jun 05, 2020 at 02:21:26PM +0100, Daniel Thompson wrote: > kgdb has traditionally adopted a no safety rails approach to breakpoint > placement. If the debugger is commanded to place a breakpoint at an > address then it will do so even if that breakpoint results in kgdb > becoming inoperable. > > A stop-the-world debugger with memory peek/poke does intrinsically > provide its operator with the means to hose their system in all manner > of exciting ways (not least because stopping-the-world is already a DoS > attack ;-) ) but the current no safety rail approach is not easy to > defend, especially given kprobes provides us with plenty of machinery to > mark parts of the kernel where breakpointing is discouraged. > > This patchset introduces some safety rails by using the existing > kprobes infrastructure. It does not cover all locations where > breakpoints can cause trouble but it will definitely block off several > avenues, including the architecture specific parts that are handled by > arch_within_kprobe_blacklist(). > > This patch is an RFC because: > > 1. My workstation is still chugging through the compile testing. > > 2. Patch 4 needs more runtime testing. > > 3. The code to extract the kprobe blacklist code (patch 4 again) needs > more review especially for its impact on arch specific code. > > To be clear I do plan to do the detailed review of the kprobe blacklist > stuff but would like to check the direction of travel first since the > change is already surprisingly big and maybe there's a better way to > organise things.
Thanks for doing these patches, esp 1-3 look very good to me. I've taken the liberty to bounce the entire set to Masami-San, who is the kprobes maintainer for comments as well.