From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9902AC433E0 for ; Tue, 23 Mar 2021 17:03:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 661AE619B4 for ; Tue, 23 Mar 2021 17:03:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229994AbhCWRCw (ORCPT ); Tue, 23 Mar 2021 13:02:52 -0400 Received: from foss.arm.com ([217.140.110.172]:49276 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229933AbhCWRCm (ORCPT ); Tue, 23 Mar 2021 13:02:42 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BD8771042; Tue, 23 Mar 2021 10:02:41 -0700 (PDT) Received: from C02TD0UTHF1T.local (unknown [10.57.24.204]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8F1013F718; Tue, 23 Mar 2021 10:02:39 -0700 (PDT) Date: Tue, 23 Mar 2021 17:02:36 +0000 From: Mark Rutland To: "Madhavan T. Venkataraman" Cc: broonie@kernel.org, jpoimboe@redhat.com, jthierry@redhat.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH v2 5/8] arm64: Detect an FTRACE frame and mark a stack trace unreliable Message-ID: <20210323170236.GF98545@C02TD0UTHF1T.local> References: <20210315165800.5948-1-madvenka@linux.microsoft.com> <20210315165800.5948-6-madvenka@linux.microsoft.com> <20210323105118.GE95840@C02TD0UTHF1T.local> <2167f3c5-e7d0-40c8-99e3-ae89ceb2d60e@linux.microsoft.com> <20210323133611.GB98545@C02TD0UTHF1T.local> <20210323145734.GD98545@C02TD0UTHF1T.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 23, 2021 at 11:20:44AM -0500, Madhavan T. Venkataraman wrote: > On 3/23/21 10:26 AM, Madhavan T. Venkataraman wrote: > > On 3/23/21 9:57 AM, Mark Rutland wrote: > >> On Tue, Mar 23, 2021 at 09:15:36AM -0500, Madhavan T. Venkataraman wrote: > > So, my next question is - can we define a practical limit for the > > nesting so that any nesting beyond that is fatal? The reason I ask > > is - if there is a max, then we can allocate an array of stack > > frames out of band for the special frames so they are not part of > > the stack and will not likely get corrupted. > > > > Also, we don't have to do any special detection. If the number of > > out of band frames used is one or more then we have exceptions and > > the stack trace is unreliable. > > Alternatively, if we can just increment a counter in the task > structure when an exception is entered and decrement it when an > exception returns, that counter will tell us that the stack trace is > unreliable. As I noted earlier, we must treat *any* EL1 exception boundary needs to be treated as unreliable for unwinding, and per my other comments w.r.t. corrupting the call chain I don't think we need additional protection on exception boundaries specifically. > Is this feasible? > > I think I have enough for v3 at this point. If you think that the > counter idea is OK, I can implement it in v3. Once you confirm, I will > start working on v3. Currently, I don't see a compelling reason to need this, and would prefer to avoid it. More generally, could we please break this work into smaller steps? I reckon we can break this down into the following chunks: 1. Add the explicit final frame and associated handling. I suspect that this is complicated enough on its own to be an independent series, and it's something that we can merge without all the bits and pieces necessary for truly reliable stacktracing. 2. Figure out how we must handle kprobes and ftrace. That probably means rejecting unwinds from specific places, but we might also want to adjust the trampolines if that makes this easier. 3. Figure out exception boundary handling. I'm currently working to simplify the entry assembly down to a uniform set of stubs, and I'd prefer to get that sorted before we teach the unwinder about exception boundaries, as it'll be significantly simpler to reason about and won't end up clashing with the rework. Thanks, Mark. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9783EC433C1 for ; Tue, 23 Mar 2021 17:04:42 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3AB98619B8 for ; Tue, 23 Mar 2021 17:04:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3AB98619B8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=iplMPsD04VV5+bUaEl1BmlUOIL910chsSqr1VXPAEpE=; b=M/F9z3ym+S9RLE+hGGXB/n/YF jIOuoUY6u7k3LsXSrBXKTQh31STRnDkRn2TqUWjQBbZbTWkpEGIvTbUzeGryIRBijsgNamQrlWrAR G8VK0403O0StGnTm/niD1Fy9PeK+07O9YfB6Er76Wzqmh1rTt/k1PIyy8HRl/b3aam0zPDbaaTkuS tgrB5QB0BspxTdyH6ifb06/fhxbGTHJyDuUx/rl5e/f+83DZO8Uwwm0Kg8dzRexls75dE7vdDSjCj 2+NjQ5+8FfkEgniEoEoDCQ8jVB9Q1cdsp7TqqDNvwKrwOMpEZ3h1OO/OOUvRtW9o1+uudspYo5eH7 5203gdlXw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lOkQc-00FM6h-CO; Tue, 23 Mar 2021 17:02:50 +0000 Received: from foss.arm.com ([217.140.110.172]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lOkQX-00FM6A-AM for linux-arm-kernel@lists.infradead.org; Tue, 23 Mar 2021 17:02:47 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BD8771042; Tue, 23 Mar 2021 10:02:41 -0700 (PDT) Received: from C02TD0UTHF1T.local (unknown [10.57.24.204]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8F1013F718; Tue, 23 Mar 2021 10:02:39 -0700 (PDT) Date: Tue, 23 Mar 2021 17:02:36 +0000 From: Mark Rutland To: "Madhavan T. Venkataraman" Cc: broonie@kernel.org, jpoimboe@redhat.com, jthierry@redhat.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH v2 5/8] arm64: Detect an FTRACE frame and mark a stack trace unreliable Message-ID: <20210323170236.GF98545@C02TD0UTHF1T.local> References: <20210315165800.5948-1-madvenka@linux.microsoft.com> <20210315165800.5948-6-madvenka@linux.microsoft.com> <20210323105118.GE95840@C02TD0UTHF1T.local> <2167f3c5-e7d0-40c8-99e3-ae89ceb2d60e@linux.microsoft.com> <20210323133611.GB98545@C02TD0UTHF1T.local> <20210323145734.GD98545@C02TD0UTHF1T.local> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210323_170245_578109_34E89E1C X-CRM114-Status: GOOD ( 25.95 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Mar 23, 2021 at 11:20:44AM -0500, Madhavan T. Venkataraman wrote: > On 3/23/21 10:26 AM, Madhavan T. Venkataraman wrote: > > On 3/23/21 9:57 AM, Mark Rutland wrote: > >> On Tue, Mar 23, 2021 at 09:15:36AM -0500, Madhavan T. Venkataraman wrote: > > So, my next question is - can we define a practical limit for the > > nesting so that any nesting beyond that is fatal? The reason I ask > > is - if there is a max, then we can allocate an array of stack > > frames out of band for the special frames so they are not part of > > the stack and will not likely get corrupted. > > > > Also, we don't have to do any special detection. If the number of > > out of band frames used is one or more then we have exceptions and > > the stack trace is unreliable. > > Alternatively, if we can just increment a counter in the task > structure when an exception is entered and decrement it when an > exception returns, that counter will tell us that the stack trace is > unreliable. As I noted earlier, we must treat *any* EL1 exception boundary needs to be treated as unreliable for unwinding, and per my other comments w.r.t. corrupting the call chain I don't think we need additional protection on exception boundaries specifically. > Is this feasible? > > I think I have enough for v3 at this point. If you think that the > counter idea is OK, I can implement it in v3. Once you confirm, I will > start working on v3. Currently, I don't see a compelling reason to need this, and would prefer to avoid it. More generally, could we please break this work into smaller steps? I reckon we can break this down into the following chunks: 1. Add the explicit final frame and associated handling. I suspect that this is complicated enough on its own to be an independent series, and it's something that we can merge without all the bits and pieces necessary for truly reliable stacktracing. 2. Figure out how we must handle kprobes and ftrace. That probably means rejecting unwinds from specific places, but we might also want to adjust the trampolines if that makes this easier. 3. Figure out exception boundary handling. I'm currently working to simplify the entry assembly down to a uniform set of stubs, and I'd prefer to get that sorted before we teach the unwinder about exception boundaries, as it'll be significantly simpler to reason about and won't end up clashing with the rework. Thanks, Mark. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel