From: Masami Hiramatsu <mhiramat@kernel.org>

Date: Thu, 1 Aug 2019 23:25:49 +0900

Subject: arm64: kprobes: Recover pstate.D in single-step exception handler

Git-commit: b3980e48528c4d2a9e70b145a5bba328b73a0f93

Patch-mainline: v5.3-rc3

References: git-fixes

kprobes manipulates the interrupted PSTATE for single step, and

doesn't restore it. Thus, if we put a kprobe where the pstate.D

(debug) masked, the mask will be cleared after the kprobe hits.

Moreover, in the most complicated case, this can lead a kernel

crash with below message when a nested kprobe hits.

[  152.118921] Unexpected kernel single-step exception at EL1

When the 1st kprobe hits, do_debug_exception() will be called.

At this point, debug exception (= pstate.D) must be masked (=1).

But if another kprobes hits before single-step of the first kprobe

(e.g. inside user pre_handler), it unmask the debug exception

(pstate.D = 0) and return.

Then, when the 1st kprobe setting up single-step, it saves current

DAIF, mask DAIF, enable single-step, and restore DAIF.

However, since "D" flag in DAIF is cleared by the 2nd kprobe, the

single-step exception happens soon after restoring DAIF.

This has been introduced by commit 7419333fa15e ("arm64: kprobe:

Always clear pstate.D in breakpoint exception handler")

To solve this issue, this stores all DAIF bits and restore it

after single stepping.

Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>

Fixes: 7419333fa15e ("arm64: kprobe: Always clear pstate.D in breakpoint exception handler")

Reviewed-by: James Morse <james.morse@arm.com>

Tested-by: James Morse <james.morse@arm.com>

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>

Signed-off-by: Will Deacon <will@kernel.org>

Acked-by: Ivan T. Ivanov <iivanov@suse.de>

---

 arch/arm64/include/asm/daifflags.h |    1 

 arch/arm64/kernel/probes/kprobes.c |   40 +++++--------------------------------

 2 files changed, 7 insertions(+), 34 deletions(-)

--- a/arch/arm64/include/asm/daifflags.h

+++ b/arch/arm64/include/asm/daifflags.h

@@ -20,6 +20,7 @@

 #define DAIF_PROCCTX		0

 #define DAIF_PROCCTX_NOIRQ	PSR_I_BIT

+#define DAIF_MASK		(PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT)

 /* mask/save/unmask/restore all exceptions, including interrupts. */

 static inline void local_daif_mask(void)

--- a/arch/arm64/kernel/probes/kprobes.c

+++ b/arch/arm64/kernel/probes/kprobes.c

@@ -28,6 +28,7 @@

 #include <asm/ptrace.h>

 #include <asm/cacheflush.h>

 #include <asm/debug-monitors.h>

+#include <asm/daifflags.h>

 #include <asm/system_misc.h>

 #include <asm/insn.h>

 #include <linux/uaccess.h>

@@ -167,33 +168,6 @@ static void __kprobes set_current_kprobe

 }

 /*

- * When PSTATE.D is set (masked), then software step exceptions can not be

- * generated.

- * SPSR's D bit shows the value of PSTATE.D immediately before the

- * exception was taken. PSTATE.D is set while entering into any exception

- * mode, however software clears it for any normal (none-debug-exception)

- * mode in the exception entry. Therefore, when we are entering into kprobe

- * breakpoint handler from any normal mode then SPSR.D bit is already

- * cleared, however it is set when we are entering from any debug exception

- * mode.

- * Since we always need to generate single step exception after a kprobe

- * breakpoint exception therefore we need to clear it unconditionally, when

- * we become sure that the current breakpoint exception is for kprobe.

- */

-static void __kprobes

-spsr_set_debug_flag(struct pt_regs *regs, int mask)

-{

-	unsigned long spsr = regs->pstate;

-

-	if (mask)

-		spsr |= PSR_D_BIT;

-	else

-		spsr &= ~PSR_D_BIT;

-

-	regs->pstate = spsr;

-}

-

-/*

  * Interrupts need to be disabled before single-step mode is set, and not

  * reenabled until after single-step mode ends.

  * Without disabling interrupt on local CPU, there is a chance of

@@ -204,17 +178,17 @@ spsr_set_debug_flag(struct pt_regs *regs

 static void __kprobes kprobes_save_local_irqflag(struct kprobe_ctlblk *kcb,

 						struct pt_regs *regs)

 {

-	kcb->saved_irqflag = regs->pstate;

+	kcb->saved_irqflag = regs->pstate & DAIF_MASK;

 	regs->pstate |= PSR_I_BIT;

+	/* Unmask PSTATE.D for enabling software step exceptions. */

+	regs->pstate &= ~PSR_D_BIT;

 }

 static void __kprobes kprobes_restore_local_irqflag(struct kprobe_ctlblk *kcb,

 						struct pt_regs *regs)

 {

-	if (kcb->saved_irqflag & PSR_I_BIT)

-		regs->pstate |= PSR_I_BIT;

-	else

-		regs->pstate &= ~PSR_I_BIT;

+	regs->pstate &= ~DAIF_MASK;

+	regs->pstate |= kcb->saved_irqflag;

 }

 static void __kprobes

@@ -251,8 +225,6 @@ static void __kprobes setup_singlestep(s

 		set_ss_context(kcb, slot);	/* mark pending ss */

-		spsr_set_debug_flag(regs, 0);

-

 		/* IRQs and single stepping do not mix well. */

 		kprobes_save_local_irqflag(kcb, regs);

 		kernel_enable_single_step(regs);