From: Matt Redfearn <matt.redfearn@imgtec.com>
To: Ralf Baechle <ralf@linux-mips.org>
Cc: <linux-mips@linux-mips.org>,
Matt Redfearn <matt.redfearn@imgtec.com>,
Marcin Nowakowski <marcin.nowakowski@imgtec.com>,
<linux-kernel@vger.kernel.org>,
Paul Burton <paul.burton@imgtec.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH v2 1/5] MIPS: Handle non word sized instructions when examining frame
Date: Wed, 1 Mar 2017 14:41:16 +0000 [thread overview]
Message-ID: <1488379280-2954-2-git-send-email-matt.redfearn@imgtec.com> (raw)
In-Reply-To: <1488379280-2954-1-git-send-email-matt.redfearn@imgtec.com>
Commit b6c7a324df37 ("MIPS: Fix get_frame_info() handling of microMIPS
function size") goes some way to fixing get_frame_info() to iterate over
microMIPS instuctions, but increments the instruction pointer using a
postincrement of the instruction pointer, which is of union
mips_instruction type. Since the union is sized to the largest member (a
word), but microMIPS instructions are a mix of halfword and word sizes,
the function does not always iterate correctly, ending up misaligned
with the instruction stream and interpreting it incorrectly.
Since the instruction modifying the stack pointer is usually the first
in the function, that one is usually handled correctly. But the
instruction which saves the return address to the sp is some variable
number of instructions into the frame and is frequently missed due to
not being on a word boundary, leading to incomplete walking of the
stack.
Fix this by incrementing the instruction pointer based on the size of
the previously decoded instruction.
Fixes: b6c7a324df37 ("MIPS: Fix get_frame_info() handling of microMIPS function size")
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
---
Changes in v2:
- Keep locals in reverse christmas tree order
arch/mips/kernel/process.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index 803e255b6fc3..df69ebd361fc 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -346,6 +346,7 @@ static int get_frame_info(struct mips_frame_info *info)
bool is_mmips = IS_ENABLED(CONFIG_CPU_MICROMIPS);
union mips_instruction insn, *ip, *ip_end;
const unsigned int max_insns = 128;
+ unsigned int last_insn_size = 0;
unsigned int i;
info->pc_offset = -1;
@@ -357,15 +358,19 @@ static int get_frame_info(struct mips_frame_info *info)
ip_end = (void *)ip + info->func_size;
- for (i = 0; i < max_insns && ip < ip_end; i++, ip++) {
+ for (i = 0; i < max_insns && ip < ip_end; i++) {
+ ip = (void *)ip + last_insn_size;
if (is_mmips && mm_insn_16bit(ip->halfword[0])) {
insn.halfword[0] = 0;
insn.halfword[1] = ip->halfword[0];
+ last_insn_size = sizeof(unsigned short);
} else if (is_mmips) {
insn.halfword[0] = ip->halfword[1];
insn.halfword[1] = ip->halfword[0];
+ last_insn_size = sizeof(unsigned int);
} else {
insn.word = ip->word;
+ last_insn_size = sizeof(unsigned int);
}
if (is_jump_ins(&insn))
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Matt Redfearn <matt.redfearn@imgtec.com>
To: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org,
Matt Redfearn <matt.redfearn@imgtec.com>,
Marcin Nowakowski <marcin.nowakowski@imgtec.com>,
linux-kernel@vger.kernel.org,
Paul Burton <paul.burton@imgtec.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH v2 1/5] MIPS: Handle non word sized instructions when examining frame
Date: Wed, 1 Mar 2017 14:41:16 +0000 [thread overview]
Message-ID: <1488379280-2954-2-git-send-email-matt.redfearn@imgtec.com> (raw)
Message-ID: <20170301144116.bwXg0uIXuoufgPpbVTNJ7p6ABjD-PUgBDkqpOLnjs1o@z> (raw)
In-Reply-To: <1488379280-2954-1-git-send-email-matt.redfearn@imgtec.com>
Commit b6c7a324df37 ("MIPS: Fix get_frame_info() handling of microMIPS
function size") goes some way to fixing get_frame_info() to iterate over
microMIPS instuctions, but increments the instruction pointer using a
postincrement of the instruction pointer, which is of union
mips_instruction type. Since the union is sized to the largest member (a
word), but microMIPS instructions are a mix of halfword and word sizes,
the function does not always iterate correctly, ending up misaligned
with the instruction stream and interpreting it incorrectly.
Since the instruction modifying the stack pointer is usually the first
in the function, that one is usually handled correctly. But the
instruction which saves the return address to the sp is some variable
number of instructions into the frame and is frequently missed due to
not being on a word boundary, leading to incomplete walking of the
stack.
Fix this by incrementing the instruction pointer based on the size of
the previously decoded instruction.
Fixes: b6c7a324df37 ("MIPS: Fix get_frame_info() handling of microMIPS function size")
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
---
Changes in v2:
- Keep locals in reverse christmas tree order
arch/mips/kernel/process.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index 803e255b6fc3..df69ebd361fc 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -346,6 +346,7 @@ static int get_frame_info(struct mips_frame_info *info)
bool is_mmips = IS_ENABLED(CONFIG_CPU_MICROMIPS);
union mips_instruction insn, *ip, *ip_end;
const unsigned int max_insns = 128;
+ unsigned int last_insn_size = 0;
unsigned int i;
info->pc_offset = -1;
@@ -357,15 +358,19 @@ static int get_frame_info(struct mips_frame_info *info)
ip_end = (void *)ip + info->func_size;
- for (i = 0; i < max_insns && ip < ip_end; i++, ip++) {
+ for (i = 0; i < max_insns && ip < ip_end; i++) {
+ ip = (void *)ip + last_insn_size;
if (is_mmips && mm_insn_16bit(ip->halfword[0])) {
insn.halfword[0] = 0;
insn.halfword[1] = ip->halfword[0];
+ last_insn_size = sizeof(unsigned short);
} else if (is_mmips) {
insn.halfword[0] = ip->halfword[1];
insn.halfword[1] = ip->halfword[0];
+ last_insn_size = sizeof(unsigned int);
} else {
insn.word = ip->word;
+ last_insn_size = sizeof(unsigned int);
}
if (is_jump_ins(&insn))
--
2.7.4
next prev parent reply other threads:[~2017-03-01 15:31 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-01 14:41 [PATCH v2 0/5] MIPS: Further microMIPS stack unwinding fixes Matt Redfearn
2017-03-01 14:41 ` Matt Redfearn
2017-03-01 14:41 ` Matt Redfearn [this message]
2017-03-01 14:41 ` [PATCH v2 1/5] MIPS: Handle non word sized instructions when examining frame Matt Redfearn
2017-03-01 14:41 ` [PATCH v2 2/5] MIPS: microMIPS: Fix decoding of addiusp instruction Matt Redfearn
2017-03-01 14:41 ` Matt Redfearn
2017-03-01 14:41 ` [PATCH v2 3/5] MIPS: Refactor handling of stack pointer in get_frame_info Matt Redfearn
2017-03-01 14:41 ` Matt Redfearn
2017-03-01 14:41 ` [PATCH v2 4/5] MIPS: Stacktrace: Fix __usermode() of uninitialised regs Matt Redfearn
2017-03-01 14:41 ` Matt Redfearn
2017-03-01 14:41 ` [PATCH v2 5/5] MIPS: microMIPS: Fix decoding of swsp16 instruction Matt Redfearn
2017-03-01 14:41 ` Matt Redfearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1488379280-2954-2-git-send-email-matt.redfearn@imgtec.com \
--to=matt.redfearn@imgtec.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=marcin.nowakowski@imgtec.com \
--cc=paul.burton@imgtec.com \
--cc=ralf@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.