rpms/kernel/F-13 x86-debug-clear-reserved-bits-of-dr6.patch, NONE, 1.1 x86-debug-send-sigtrap-for-user-icebp.patch, NONE, 1.1 kernel.spec, 1.2082, 1.2083

Chuck Ebbert cebbert at fedoraproject.org
Tue Jul 6 15:53:43 UTC 2010 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv7562

Modified Files:
	kernel.spec 
Added Files:
	x86-debug-clear-reserved-bits-of-dr6.patch 
	x86-debug-send-sigtrap-for-user-icebp.patch 
Log Message:
x86-debug-send-sigtrap-for-user-icebp.patch,
  x86-debug-clear-reserved-bits-of-dr6.patch (#609548)

x86-debug-clear-reserved-bits-of-dr6.patch:
 include/asm/debugreg.h |    3 +++
 kernel/traps.c         |    3 +++
 2 files changed, 6 insertions(+)

--- NEW FILE x86-debug-clear-reserved-bits-of-dr6.patch ---
From: K.Prasad <prasad at linux.vnet.ibm.com>
Date: Thu, 28 Jan 2010 11:14:01 +0000 (+0530)
Subject: x86/debug: Clear reserved bits of DR6 in do_debug()
X-Git-Tag: v2.6.34-rc1~197^2~94
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=40f9249a73f6c251adea492b1c3d19d39e2a9bda

x86/debug: Clear reserved bits of DR6 in do_debug()

Clear the reserved bits from the stored copy of debug status
register (DR6).
This will help easy bitwise operations such as quick testing
of a debug event origin.

Signed-off-by: K.Prasad <prasad at linux.vnet.ibm.com>
Cc: Roland McGrath <roland at redhat.com>
Cc: Jan Kiszka <jan.kiszka at siemens.com>
Cc: Alan Stern <stern at rowland.harvard.edu>
Cc: Ingo Molnar <mingo at elte.hu>
LKML-Reference: <20100128111401.GB13935 at in.ibm.com>
Signed-off-by: Frederic Weisbecker <fweisbec at gmail.com>
---

diff --git a/arch/x86/include/asm/debugreg.h b/arch/x86/include/asm/debugreg.h
index 8240f76..b81002f 100644
--- a/arch/x86/include/asm/debugreg.h
+++ b/arch/x86/include/asm/debugreg.h
@@ -14,6 +14,9 @@
    which debugging register was responsible for the trap.  The other bits
    are either reserved or not of interest to us. */
 
+/* Define reserved bits in DR6 which are always set to 1 */
+#define DR6_RESERVED	(0xFFFF0FF0)
+
 #define DR_TRAP0	(0x1)		/* db0 */
 #define DR_TRAP1	(0x2)		/* db1 */
 #define DR_TRAP2	(0x4)		/* db2 */
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 3339917..1168e44 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -534,6 +534,9 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
 
 	get_debugreg(dr6, 6);
 
+	/* Filter out all the reserved bits which are preset to 1 */
+	dr6 &= ~DR6_RESERVED;
+
 	/* Catch kmemcheck conditions first of all! */
 	if ((dr6 & DR_STEP) && kmemcheck_trap(regs))
 		return;

x86-debug-send-sigtrap-for-user-icebp.patch:
 traps.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

--- NEW FILE x86-debug-send-sigtrap-for-user-icebp.patch ---
From: Frederic Weisbecker <fweisbec at gmail.com>
Date: Wed, 30 Jun 2010 13:09:06 +0000 (+0200)
Subject: x86: Send a SIGTRAP for user icebp traps
X-Git-Tag: v2.6.35-rc4~2^2~2
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=a1e80fafc9f0742a1776a0490258cb64912411b0

x86: Send a SIGTRAP for user icebp traps

Before we had a generic breakpoint layer, x86 used to send a
sigtrap for any debug event that happened in userspace,
except if it was caused by lazy dr7 switches.

Currently we only send such signal for single step or breakpoint
events.

However, there are three other kind of debug exceptions:

- debug register access detected: trigger an exception if the
  next instruction touches the debug registers. We don't use
  it.
- task switch, but we don't use tss.
- icebp/int01 trap. This instruction (0xf1) is undocumented and
  generates an int 1 exception. Unlike single step through TF
  flag, it doesn't set the single step origin of the exception
  in dr6.

icebp then used to be reported in userspace using trap signals
but this have been incidentally broken with the new breakpoint
code. Reenable this. Since this is the only debug event that
doesn't set anything in dr6, this is all we have to check.

This fixes a regression in Wine where World Of Warcraft got broken
as it uses this for software protection checks purposes. And
probably other apps do.

Reported-and-tested-by: Alexandre Julliard <julliard at winehq.org>
Signed-off-by: Frederic Weisbecker <fweisbec at gmail.com>
Cc: Ingo Molnar <mingo at elte.hu>
Cc: H. Peter Anvin <hpa at zytor.com>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: Prasad <prasad at linux.vnet.ibm.com>
Cc: 2.6.33.x 2.6.34.x <stable at kernel.org>
---

diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 142d70c..725ef4d 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -526,6 +526,7 @@ asmlinkage __kprobes struct pt_regs *sync_regs(struct pt_regs *eregs)
 dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
 {
 	struct task_struct *tsk = current;
+	int user_icebp = 0;
 	unsigned long dr6;
 	int si_code;
 
@@ -534,6 +535,14 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
 	/* Filter out all the reserved bits which are preset to 1 */
 	dr6 &= ~DR6_RESERVED;
 
+	/*
+	 * If dr6 has no reason to give us about the origin of this trap,
+	 * then it's very likely the result of an icebp/int01 trap.
+	 * User wants a sigtrap for that.
+	 */
+	if (!dr6 && user_mode(regs))
+		user_icebp = 1;
+
 	/* Catch kmemcheck conditions first of all! */
 	if ((dr6 & DR_STEP) && kmemcheck_trap(regs))
 		return;
@@ -575,7 +584,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
 		regs->flags &= ~X86_EFLAGS_TF;
 	}
 	si_code = get_si_code(tsk->thread.debugreg6);
-	if (tsk->thread.debugreg6 & (DR_STEP | DR_TRAP_BITS))
+	if (tsk->thread.debugreg6 & (DR_STEP | DR_TRAP_BITS) || user_icebp)
 		send_sigtrap(tsk, regs, error_code, si_code);
 	preempt_conditional_cli(regs);
 


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/kernel.spec,v
retrieving revision 1.2082
retrieving revision 1.2083
diff -u -p -r1.2082 -r1.2083
--- kernel.spec	6 Jul 2010 14:02:15 -0000	1.2082
+++ kernel.spec	6 Jul 2010 15:53:42 -0000	1.2083
@@ -861,6 +861,8 @@ Patch13020: iwlwifi-cancel-scan-watchdog
 
 Patch13030: sched-fix-over-scheduling-bug.patch
 Patch13040: ethtool-fix-buffer-overflow.patch
+Patch13050: x86-debug-clear-reserved-bits-of-dr6.patch
+Patch13060: x86-debug-send-sigtrap-for-user-icebp.patch
 
 %endif
 
@@ -1573,6 +1575,10 @@ ApplyPatch sched-fix-over-scheduling-bug
 # CVE-2010-2478
 ApplyPatch ethtool-fix-buffer-overflow.patch
 
+# BZ#609548
+ApplyPatch x86-debug-clear-reserved-bits-of-dr6.patch
+ApplyPatch x86-debug-send-sigtrap-for-user-icebp.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2219,10 +2225,12 @@ fi
 %kernel_variant_files %{with_pae_debug} PAEdebug
 %kernel_variant_files -k vmlinux %{with_kdump} kdump
 
-# plz don't put in a version string unless you're going to tag
-# and build.
 
 %changelog
+* Tue Jul 06 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.33.6-146
+- x86-debug-send-sigtrap-for-user-icebp.patch,
+  x86-debug-clear-reserved-bits-of-dr6.patch (#609548)
+
 * Tue Jul 06 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.33.6-145
 - ethtool-fix-buffer-overflow.patch: ethtool buffer overflow (CVE-2010-2478)

More information about the scm-commits mailing list