From: Maninder Singh <maninder1.s@samsung.com>
To: paulmck@kernel.org, linux@armlinux.org.uk, cl@linux.com,
penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com,
akpm@linux-foundation.org, vbabka@suse.cz, 0x7f454c46@gmail.com,
viro@zeniv.linux.org.uk
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
a.sahrawat@samsung.com, Maninder Singh <maninder1.s@samsung.com>,
Vaneet Narang <v.narang@samsung.com>
Subject: [PATCH 3/3] arm: print alloc free paths for address in registers
Date: Tue, 16 Mar 2021 16:07:12 +0530 [thread overview]
Message-ID: <1615891032-29160-3-git-send-email-maninder1.s@samsung.com> (raw)
In-Reply-To: <1615891032-29160-1-git-send-email-maninder1.s@samsung.com>
In case of user after free kernel OOPs, free path of object
is required to debug futher.
And in most of cases object address is present in one of registers.
Thus check for register address and if it belongs to slab,
print its alloc and free path.
e.g. in below issue register r6 belongs to slab, and user afree issue
occurred on one of its derefer values:
[ 20.182197] Unable to handle kernel paging request at virtual address 6b6b6b6f
....
[ 20.185035] pc : [<c0538afc>] lr : [<c0465674>] psr: 60000013
[ 20.185271] sp : c8927d40 ip : ffffefff fp : c8aa8020
[ 20.185462] r10: c8927e10 r9 : 00000001 r8 : 00400cc0
[ 20.185674] r7 : 00000000 r6 : c8ab0180 r5 : c1804a80 r4 : c8aa8008
[ 20.185924] r3 : c1a5661c r2 : 00000000 r1 : 6b6b6b6b r0 : c139bf48
.....
[ 20.191499] Register r6 information: slab kmalloc-64 start c8ab0140 data offset 64 pointer offset 0 size 64 allocated at meminfo_proc_show+0x40/0x4fc
[ 20.192078] meminfo_proc_show+0x40/0x4fc
[ 20.192263] seq_read_iter+0x18c/0x4c4
[ 20.192430] proc_reg_read_iter+0x84/0xac
[ 20.192617] generic_file_splice_read+0xe8/0x17c
[ 20.192816] splice_direct_to_actor+0xb8/0x290
[ 20.193008] do_splice_direct+0xa0/0xe0
[ 20.193185] do_sendfile+0x2d0/0x438
[ 20.193345] sys_sendfile64+0x12c/0x140
[ 20.193523] ret_fast_syscall+0x0/0x58
[ 20.193695] 0xbeeacde4
[ 20.193822] Free path:
[ 20.193935] meminfo_proc_show+0x5c/0x4fc
[ 20.194115] seq_read_iter+0x18c/0x4c4
[ 20.194285] proc_reg_read_iter+0x84/0xac
[ 20.194475] generic_file_splice_read+0xe8/0x17c
[ 20.194685] splice_direct_to_actor+0xb8/0x290
[ 20.194870] do_splice_direct+0xa0/0xe0
[ 20.195014] do_sendfile+0x2d0/0x438
[ 20.195174] sys_sendfile64+0x12c/0x140
[ 20.195336] ret_fast_syscall+0x0/0x58
[ 20.195491] 0xbeeacde4
Co-developed-by: Vaneet Narang <v.narang@samsung.com>
Signed-off-by: Vaneet Narang <v.narang@samsung.com>
Signed-off-by: Maninder Singh <maninder1.s@samsung.com>
---
arch/arm/include/asm/bug.h | 1 +
arch/arm/kernel/process.c | 11 +++++++++++
arch/arm/kernel/traps.c | 1 +
3 files changed, 13 insertions(+)
diff --git a/arch/arm/include/asm/bug.h b/arch/arm/include/asm/bug.h
index 673c7dd75ab9..ba8d9d7d242b 100644
--- a/arch/arm/include/asm/bug.h
+++ b/arch/arm/include/asm/bug.h
@@ -88,5 +88,6 @@ extern asmlinkage void c_backtrace(unsigned long fp, int pmode,
struct mm_struct;
void show_pte(const char *lvl, struct mm_struct *mm, unsigned long addr);
extern void __show_regs(struct pt_regs *);
+extern void __show_regs_alloc_free(struct pt_regs *regs);
#endif
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
index 5199a2bb4111..249dd285c4d8 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -92,6 +92,17 @@ void arch_cpu_idle_exit(void)
ledtrig_cpu(CPU_LED_IDLE_END);
}
+void __show_regs_alloc_free(struct pt_regs *regs)
+{
+ int i;
+
+ /* check for r0 - r12 only */
+ for (i = 0; i < 13; i++) {
+ pr_alert("Register r%d information:", i);
+ mem_dump_obj((void *)regs->uregs[i]);
+ }
+}
+
void __show_regs(struct pt_regs *regs)
{
unsigned long flags;
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
index 17d5a785df28..64308e3a5d0c 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -287,6 +287,7 @@ static int __die(const char *str, int err, struct pt_regs *regs)
print_modules();
__show_regs(regs);
+ __show_regs_alloc_free(regs);
pr_emerg("Process %.*s (pid: %d, stack limit = 0x%p)\n",
TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), end_of_stack(tsk));
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Maninder Singh <maninder1.s@samsung.com>
To: paulmck@kernel.org, linux@armlinux.org.uk, cl@linux.com,
penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com,
akpm@linux-foundation.org, vbabka@suse.cz, 0x7f454c46@gmail.com,
viro@zeniv.linux.org.uk
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
a.sahrawat@samsung.com, Maninder Singh <maninder1.s@samsung.com>,
Vaneet Narang <v.narang@samsung.com>
Subject: [PATCH 3/3] arm: print alloc free paths for address in registers
Date: Tue, 16 Mar 2021 16:07:12 +0530 [thread overview]
Message-ID: <1615891032-29160-3-git-send-email-maninder1.s@samsung.com> (raw)
In-Reply-To: <1615891032-29160-1-git-send-email-maninder1.s@samsung.com>
In case of user after free kernel OOPs, free path of object
is required to debug futher.
And in most of cases object address is present in one of registers.
Thus check for register address and if it belongs to slab,
print its alloc and free path.
e.g. in below issue register r6 belongs to slab, and user afree issue
occurred on one of its derefer values:
[ 20.182197] Unable to handle kernel paging request at virtual address 6b6b6b6f
....
[ 20.185035] pc : [<c0538afc>] lr : [<c0465674>] psr: 60000013
[ 20.185271] sp : c8927d40 ip : ffffefff fp : c8aa8020
[ 20.185462] r10: c8927e10 r9 : 00000001 r8 : 00400cc0
[ 20.185674] r7 : 00000000 r6 : c8ab0180 r5 : c1804a80 r4 : c8aa8008
[ 20.185924] r3 : c1a5661c r2 : 00000000 r1 : 6b6b6b6b r0 : c139bf48
.....
[ 20.191499] Register r6 information: slab kmalloc-64 start c8ab0140 data offset 64 pointer offset 0 size 64 allocated at meminfo_proc_show+0x40/0x4fc
[ 20.192078] meminfo_proc_show+0x40/0x4fc
[ 20.192263] seq_read_iter+0x18c/0x4c4
[ 20.192430] proc_reg_read_iter+0x84/0xac
[ 20.192617] generic_file_splice_read+0xe8/0x17c
[ 20.192816] splice_direct_to_actor+0xb8/0x290
[ 20.193008] do_splice_direct+0xa0/0xe0
[ 20.193185] do_sendfile+0x2d0/0x438
[ 20.193345] sys_sendfile64+0x12c/0x140
[ 20.193523] ret_fast_syscall+0x0/0x58
[ 20.193695] 0xbeeacde4
[ 20.193822] Free path:
[ 20.193935] meminfo_proc_show+0x5c/0x4fc
[ 20.194115] seq_read_iter+0x18c/0x4c4
[ 20.194285] proc_reg_read_iter+0x84/0xac
[ 20.194475] generic_file_splice_read+0xe8/0x17c
[ 20.194685] splice_direct_to_actor+0xb8/0x290
[ 20.194870] do_splice_direct+0xa0/0xe0
[ 20.195014] do_sendfile+0x2d0/0x438
[ 20.195174] sys_sendfile64+0x12c/0x140
[ 20.195336] ret_fast_syscall+0x0/0x58
[ 20.195491] 0xbeeacde4
Co-developed-by: Vaneet Narang <v.narang@samsung.com>
Signed-off-by: Vaneet Narang <v.narang@samsung.com>
Signed-off-by: Maninder Singh <maninder1.s@samsung.com>
---
arch/arm/include/asm/bug.h | 1 +
arch/arm/kernel/process.c | 11 +++++++++++
arch/arm/kernel/traps.c | 1 +
3 files changed, 13 insertions(+)
diff --git a/arch/arm/include/asm/bug.h b/arch/arm/include/asm/bug.h
index 673c7dd75ab9..ba8d9d7d242b 100644
--- a/arch/arm/include/asm/bug.h
+++ b/arch/arm/include/asm/bug.h
@@ -88,5 +88,6 @@ extern asmlinkage void c_backtrace(unsigned long fp, int pmode,
struct mm_struct;
void show_pte(const char *lvl, struct mm_struct *mm, unsigned long addr);
extern void __show_regs(struct pt_regs *);
+extern void __show_regs_alloc_free(struct pt_regs *regs);
#endif
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
index 5199a2bb4111..249dd285c4d8 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -92,6 +92,17 @@ void arch_cpu_idle_exit(void)
ledtrig_cpu(CPU_LED_IDLE_END);
}
+void __show_regs_alloc_free(struct pt_regs *regs)
+{
+ int i;
+
+ /* check for r0 - r12 only */
+ for (i = 0; i < 13; i++) {
+ pr_alert("Register r%d information:", i);
+ mem_dump_obj((void *)regs->uregs[i]);
+ }
+}
+
void __show_regs(struct pt_regs *regs)
{
unsigned long flags;
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
index 17d5a785df28..64308e3a5d0c 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -287,6 +287,7 @@ static int __die(const char *str, int err, struct pt_regs *regs)
print_modules();
__show_regs(regs);
+ __show_regs_alloc_free(regs);
pr_emerg("Process %.*s (pid: %d, stack limit = 0x%p)\n",
TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), end_of_stack(tsk));
--
2.17.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-16 10:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20210316103723epcas5p1f750d5cfe029fa69aea8d88f0bd408f3@epcas5p1.samsung.com>
2021-03-16 10:37 ` [PATCH 1/3] mm/slub: fixing backtrace of objects because of redzone adjustment Maninder Singh
2021-03-16 10:37 ` Maninder Singh
[not found] ` <CGME20210316103736epcas5p3758de57b57c732074acc0989e563cc2e@epcas5p3.samsung.com>
2021-03-16 10:37 ` [PATCH 2/3] mm/slub: Add Support for free path information of an object Maninder Singh
2021-03-16 10:37 ` Maninder Singh
2021-03-18 12:35 ` Vlastimil Babka
2021-03-18 12:35 ` Vlastimil Babka
2021-03-19 23:23 ` Paul E. McKenney
2021-03-19 23:23 ` Paul E. McKenney
[not found] ` <CGME20210316103745epcas5p3994f29958b7f14aec8cbd90fa518761f@epcas5p3.samsung.com>
2021-03-16 10:37 ` Maninder Singh [this message]
2021-03-16 10:37 ` [PATCH 3/3] arm: print alloc free paths for address in registers Maninder Singh
2021-03-16 17:44 ` [PATCH 1/3] mm/slub: fixing backtrace of objects because of redzone adjustment Paul E. McKenney
2021-03-16 17:44 ` Paul E. McKenney
2021-03-18 12:33 ` Vlastimil Babka
2021-03-18 12:33 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1615891032-29160-3-git-send-email-maninder1.s@samsung.com \
--to=maninder1.s@samsung.com \
--cc=0x7f454c46@gmail.com \
--cc=a.sahrawat@samsung.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=paulmck@kernel.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=v.narang@samsung.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.