Commit bdda54cc authored by Xiongfeng Wang's avatar Xiongfeng Wang Committed by Zheng Zengkai
Browse files

kprobes/arm64: Blacklist sdei watchdog callback functions 



hulk inclusion
category: feature
bugzilla: 48046
CVE: NA

-------------------------------------------------------------------------

Functions called in sdei_handler are not allowed to be kprobed, so
marked them as NOKPROBE_SYMBOL. There are so many functions in
'watchdog_check_timestamp()'. Luckily, we don't need
'CONFIG_HARDLOCKUP_CHECK_TIMESTAMP' now. So just make
CONFIG_SDEI_WATCHDOG depends on !CONFIG_HARDLOCKUP_CHECK_TIMESTAMP
in case someone add 'CONFIG_HARDLOCKUP_CHECK_TIMESTAMP' in the future.

Signed-off-by: default avatarXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: default avatarXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: default avatarHanjun Guo <guohanjun@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 13ddc127

arch/arm64/kernel/watchdog_sdei.c

+2 −0
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@ 
#include <asm/sdei.h>

#include <asm/virt.h>

#include <linux/arm_sdei.h>

#include <linux/kprobes.h>

#include <linux/nmi.h>



/* We use the secure physical timer as SDEI NMI watchdog timer */
@@ -66,6 +67,7 @@ static int sdei_watchdog_callback(u32 event, 


	return 0;

}

NOKPROBE_SYMBOL(sdei_watchdog_callback);



static void sdei_nmi_watchdog_bind(void *data)

{

kernel/watchdog.c

+2 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 
#include <linux/cpu.h>

#include <linux/nmi.h>

#include <linux/init.h>

#include <linux/kprobes.h>

#include <linux/module.h>

#include <linux/sysctl.h>

#include <linux/tick.h>
@@ -312,6 +313,7 @@ bool is_hardlockup(void) 
	__this_cpu_write(hrtimer_interrupts_saved, hrint);

	return false;

}

NOKPROBE_SYMBOL(is_hardlockup);



static void watchdog_interrupt_count(void)

{

kernel/watchdog_hld.c

+2 −0
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@ 


#include <linux/nmi.h>

#include <linux/atomic.h>

#include <linux/kprobes.h>

#include <linux/module.h>

#include <linux/sched/debug.h>
@@ -155,6 +156,7 @@ void watchdog_hardlockup_check(struct pt_regs *regs) 
	__this_cpu_write(hard_watchdog_warn, false);

	return;

}

NOKPROBE_SYMBOL(watchdog_hardlockup_check);



#ifdef CONFIG_HARDLOCKUP_DETECTOR_PERF

static DEFINE_PER_CPU(struct perf_event *, watchdog_ev);

lib/Kconfig.debug

+1 −1
Original line number Diff line number Diff line
@@ -966,7 +966,7 @@ config HARDLOCKUP_DETECTOR_PERF 


config SDEI_WATCHDOG

	bool "SDEI NMI Watchdog support"

	depends on ARM_SDE_INTERFACE

	depends on ARM_SDE_INTERFACE && !HARDLOCKUP_CHECK_TIMESTAMP

	select HAVE_HARDLOCKUP_DETECTOR_ARCH

	select HARDLOCKUP_DETECTOR