Syzkaller triggered a null pointer dereference in the arch_unregister_hw_breakpoint() hook. This is due to accessing the bp->ctx->task field changing to -1 while we iterate the breakpoints.
This series refactors the breakpoint tracking logic to remove the dependency on bp->ctx entirely. It also simplifies handling of ptrace and perf breakpoints, making insertion less restrictive. If merged, it allows several arch hooks that PowerPC was the sole user of to be removed. Benjamin Gray (7): powerpc/watchpoints: Explain thread_change_pc() more powerpc/watchpoints: Don't track info persistently powerpc/watchpoints: Track perf single step directly on the breakpoint powerpc/watchpoints: Simplify watchpoint reinsertion powerpc/watchpoints: Remove ptrace/perf exclusion tracking selftests/powerpc/ptrace: Update ptrace-perf watchpoint selftest perf/hw_breakpoint: Remove arch breakpoint hooks arch/powerpc/include/asm/hw_breakpoint.h | 1 + arch/powerpc/include/asm/processor.h | 5 - arch/powerpc/kernel/hw_breakpoint.c | 388 +----- include/linux/hw_breakpoint.h | 3 - kernel/events/hw_breakpoint.c | 28 - .../testing/selftests/powerpc/ptrace/Makefile | 1 + .../powerpc/ptrace/ptrace-perf-asm.S | 33 + .../powerpc/ptrace/ptrace-perf-hwbreak.c | 1104 +++++++---------- 8 files changed, 537 insertions(+), 1026 deletions(-) create mode 100644 tools/testing/selftests/powerpc/ptrace/ptrace-perf-asm.S rewrite tools/testing/selftests/powerpc/ptrace/ptrace-perf-hwbreak.c (93%) -- 2.41.0
