summaryrefslogtreecommitdiff
path: root/arch/x86/kernel/hw_breakpoint.c
diff options
context:
space:
mode:
authorLai Jiangshan <laijs@linux.alibaba.com>2020-05-29 23:27:32 +0200
committerThomas Gleixner <tglx@linutronix.de>2020-06-11 15:15:21 +0200
commitfdef24dfccb7be06e6ebe11d6c6c56987421870f (patch)
tree1f3f6923203775c98c9c1913676e0f8f4afb5d89 /arch/x86/kernel/hw_breakpoint.c
parentf9fe0b89f05441c6e4034e024c2c75a0d93024c1 (diff)
downloadlwn-fdef24dfccb7be06e6ebe11d6c6c56987421870f.tar.gz
lwn-fdef24dfccb7be06e6ebe11d6c6c56987421870f.zip
x86/hw_breakpoint: Prevent data breakpoints on user_pcid_flush_mask
The per-CPU user_pcid_flush_mask is used in the low level entry code. A data breakpoint can cause #DB recursion. Protect the full cpu_tlbstate structure for simplicity. Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20200526014221.2119-5-laijs@linux.alibaba.com Link: https://lkml.kernel.org/r/20200529213320.955117574@infradead.org
Diffstat (limited to 'arch/x86/kernel/hw_breakpoint.c')
-rw-r--r--arch/x86/kernel/hw_breakpoint.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
index f311bbfda1ba..fc1743a2b0e9 100644
--- a/arch/x86/kernel/hw_breakpoint.c
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -33,6 +33,7 @@
#include <asm/debugreg.h>
#include <asm/user.h>
#include <asm/desc.h>
+#include <asm/tlbflush.h>
/* Per cpu debug control register value */
DEFINE_PER_CPU(unsigned long, cpu_dr7);
@@ -264,6 +265,16 @@ static inline bool within_cpu_entry(unsigned long addr, unsigned long end)
(unsigned long)&per_cpu(cpu_tss_rw, cpu),
sizeof(struct tss_struct)))
return true;
+
+ /*
+ * cpu_tlbstate.user_pcid_flush_mask is used for CPU entry.
+ * If a data breakpoint on it, it will cause an unwanted #DB.
+ * Protect the full cpu_tlbstate structure to be sure.
+ */
+ if (within_area(addr, end,
+ (unsigned long)&per_cpu(cpu_tlbstate, cpu),
+ sizeof(struct tlb_state)))
+ return true;
}
return false;