From: madvenka@linux.microsoft.com
To: mark.rutland@arm.com, broonie@kernel.org, jpoimboe@redhat.com,
ardb@kernel.org, nobuta.keiya@fujitsu.com,
sjitindarsingh@gmail.com, catalin.marinas@arm.com,
will@kernel.org, jmorris@namei.org,
linux-arm-kernel@lists.infradead.org,
live-patching@vger.kernel.org, linux-kernel@vger.kernel.org,
madvenka@linux.microsoft.com
Subject: [PATCH v9 10/11] arm64: Introduce stack trace reliability checks in the unwinder
Date: Thu, 14 Oct 2021 21:34:04 -0500 [thread overview]
Message-ID: <20211015023413.16614-3-madvenka@linux.microsoft.com> (raw)
In-Reply-To: <20211015023413.16614-1-madvenka@linux.microsoft.com>
From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
There are some kernel features and conditions that make a stack trace
unreliable. Callers may require the unwinder to detect these cases.
E.g., livepatch.
Introduce a new function called unwind_check_reliability() that will
detect these cases and set a flag in the stack frame. Call
unwind_check_reliability() for every frame, that is, in unwind_start()
and unwind_next().
Introduce the first reliability check in unwind_check_reliability() - If
a return PC is not a valid kernel text address, consider the stack
trace unreliable. It could be some generated code. Other reliability checks
will be added in the future.
Let unwind() return a boolean to indicate if the stack trace is
reliable.
Introduce arch_stack_walk_reliable() for ARM64. This works like
arch_stack_walk() except that it returns -EINVAL if the stack trace is not
reliable.
Until all the reliability checks are in place, arch_stack_walk_reliable()
may not be used by livepatch. But it may be used by debug and test code.
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
---
arch/arm64/include/asm/stacktrace.h | 3 ++
arch/arm64/kernel/stacktrace.c | 48 ++++++++++++++++++++++++++++-
2 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/stacktrace.h b/arch/arm64/include/asm/stacktrace.h
index ba2180c7d5cd..ce0710fa3037 100644
--- a/arch/arm64/include/asm/stacktrace.h
+++ b/arch/arm64/include/asm/stacktrace.h
@@ -51,6 +51,8 @@ struct stack_info {
* replacement lr value in the ftrace graph stack.
*
* @failed: Unwind failed.
+ *
+ * @reliable: Stack trace is reliable.
*/
struct stackframe {
unsigned long fp;
@@ -62,6 +64,7 @@ struct stackframe {
int graph;
#endif
bool failed;
+ bool reliable;
};
extern void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk,
diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
index 8e9e6f38c975..142f08ae515f 100644
--- a/arch/arm64/kernel/stacktrace.c
+++ b/arch/arm64/kernel/stacktrace.c
@@ -18,6 +18,22 @@
#include <asm/stack_pointer.h>
#include <asm/stacktrace.h>
+/*
+ * Check the stack frame for conditions that make further unwinding unreliable.
+ */
+static void notrace unwind_check_reliability(struct stackframe *frame)
+{
+ /*
+ * If the PC is not a known kernel text address, then we cannot
+ * be sure that a subsequent unwind will be reliable, as we
+ * don't know that the code follows our unwind requirements.
+ */
+ if (!__kernel_text_address(frame->pc))
+ frame->reliable = false;
+}
+
+NOKPROBE_SYMBOL(unwind_check_reliability);
+
/*
* AArch64 PCS assigns the frame pointer to x29.
*
@@ -55,6 +71,8 @@ static void notrace unwind_start(struct stackframe *frame, unsigned long fp,
frame->prev_fp = 0;
frame->prev_type = STACK_TYPE_UNKNOWN;
frame->failed = false;
+ frame->reliable = true;
+ unwind_check_reliability(frame);
}
NOKPROBE_SYMBOL(unwind_start);
@@ -138,6 +156,7 @@ static void notrace unwind_next(struct task_struct *tsk,
#endif /* CONFIG_FUNCTION_GRAPH_TRACER */
frame->pc = ptrauth_strip_insn_pac(frame->pc);
+ unwind_check_reliability(frame);
}
NOKPROBE_SYMBOL(unwind_next);
@@ -167,7 +186,7 @@ static bool notrace unwind_continue(struct task_struct *task,
NOKPROBE_SYMBOL(unwind_continue);
-static void notrace unwind(struct task_struct *tsk,
+static bool notrace unwind(struct task_struct *tsk,
unsigned long fp, unsigned long pc,
bool (*fn)(void *, unsigned long),
void *data)
@@ -177,6 +196,7 @@ static void notrace unwind(struct task_struct *tsk,
unwind_start(&frame, fp, pc);
while (unwind_continue(tsk, &frame, fn, data))
unwind_next(tsk, &frame);
+ return frame.reliable;
}
NOKPROBE_SYMBOL(unwind);
@@ -238,4 +258,30 @@ noinline notrace void arch_stack_walk(stack_trace_consume_fn consume_entry,
}
+/*
+ * arch_stack_walk_reliable() may not be used for livepatch until all of
+ * the reliability checks are in place in unwind_consume(). However,
+ * debug and test code can choose to use it even if all the checks are not
+ * in place.
+ */
+noinline int notrace arch_stack_walk_reliable(stack_trace_consume_fn consume_fn,
+ void *cookie,
+ struct task_struct *task)
+{
+ unsigned long fp, pc;
+
+ if (task == current) {
+ /* Skip arch_stack_walk_reliable() in the stack trace. */
+ fp = (unsigned long)__builtin_frame_address(1);
+ pc = (unsigned long)__builtin_return_address(0);
+ } else {
+ /* Caller guarantees that the task is not running. */
+ fp = thread_saved_fp(task);
+ pc = thread_saved_pc(task);
+ }
+ if (unwind(task, fp, pc, consume_fn, cookie))
+ return 0;
+ return -EINVAL;
+}
+
#endif
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: madvenka@linux.microsoft.com
To: mark.rutland@arm.com, broonie@kernel.org, jpoimboe@redhat.com,
ardb@kernel.org, nobuta.keiya@fujitsu.com,
sjitindarsingh@gmail.com, catalin.marinas@arm.com,
will@kernel.org, jmorris@namei.org,
linux-arm-kernel@lists.infradead.org,
live-patching@vger.kernel.org, linux-kernel@vger.kernel.org,
madvenka@linux.microsoft.com
Subject: [PATCH v9 10/11] arm64: Introduce stack trace reliability checks in the unwinder
Date: Thu, 14 Oct 2021 21:34:04 -0500 [thread overview]
Message-ID: <20211015023413.16614-3-madvenka@linux.microsoft.com> (raw)
In-Reply-To: <20211015023413.16614-1-madvenka@linux.microsoft.com>
From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
There are some kernel features and conditions that make a stack trace
unreliable. Callers may require the unwinder to detect these cases.
E.g., livepatch.
Introduce a new function called unwind_check_reliability() that will
detect these cases and set a flag in the stack frame. Call
unwind_check_reliability() for every frame, that is, in unwind_start()
and unwind_next().
Introduce the first reliability check in unwind_check_reliability() - If
a return PC is not a valid kernel text address, consider the stack
trace unreliable. It could be some generated code. Other reliability checks
will be added in the future.
Let unwind() return a boolean to indicate if the stack trace is
reliable.
Introduce arch_stack_walk_reliable() for ARM64. This works like
arch_stack_walk() except that it returns -EINVAL if the stack trace is not
reliable.
Until all the reliability checks are in place, arch_stack_walk_reliable()
may not be used by livepatch. But it may be used by debug and test code.
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
---
arch/arm64/include/asm/stacktrace.h | 3 ++
arch/arm64/kernel/stacktrace.c | 48 ++++++++++++++++++++++++++++-
2 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/stacktrace.h b/arch/arm64/include/asm/stacktrace.h
index ba2180c7d5cd..ce0710fa3037 100644
--- a/arch/arm64/include/asm/stacktrace.h
+++ b/arch/arm64/include/asm/stacktrace.h
@@ -51,6 +51,8 @@ struct stack_info {
* replacement lr value in the ftrace graph stack.
*
* @failed: Unwind failed.
+ *
+ * @reliable: Stack trace is reliable.
*/
struct stackframe {
unsigned long fp;
@@ -62,6 +64,7 @@ struct stackframe {
int graph;
#endif
bool failed;
+ bool reliable;
};
extern void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk,
diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
index 8e9e6f38c975..142f08ae515f 100644
--- a/arch/arm64/kernel/stacktrace.c
+++ b/arch/arm64/kernel/stacktrace.c
@@ -18,6 +18,22 @@
#include <asm/stack_pointer.h>
#include <asm/stacktrace.h>
+/*
+ * Check the stack frame for conditions that make further unwinding unreliable.
+ */
+static void notrace unwind_check_reliability(struct stackframe *frame)
+{
+ /*
+ * If the PC is not a known kernel text address, then we cannot
+ * be sure that a subsequent unwind will be reliable, as we
+ * don't know that the code follows our unwind requirements.
+ */
+ if (!__kernel_text_address(frame->pc))
+ frame->reliable = false;
+}
+
+NOKPROBE_SYMBOL(unwind_check_reliability);
+
/*
* AArch64 PCS assigns the frame pointer to x29.
*
@@ -55,6 +71,8 @@ static void notrace unwind_start(struct stackframe *frame, unsigned long fp,
frame->prev_fp = 0;
frame->prev_type = STACK_TYPE_UNKNOWN;
frame->failed = false;
+ frame->reliable = true;
+ unwind_check_reliability(frame);
}
NOKPROBE_SYMBOL(unwind_start);
@@ -138,6 +156,7 @@ static void notrace unwind_next(struct task_struct *tsk,
#endif /* CONFIG_FUNCTION_GRAPH_TRACER */
frame->pc = ptrauth_strip_insn_pac(frame->pc);
+ unwind_check_reliability(frame);
}
NOKPROBE_SYMBOL(unwind_next);
@@ -167,7 +186,7 @@ static bool notrace unwind_continue(struct task_struct *task,
NOKPROBE_SYMBOL(unwind_continue);
-static void notrace unwind(struct task_struct *tsk,
+static bool notrace unwind(struct task_struct *tsk,
unsigned long fp, unsigned long pc,
bool (*fn)(void *, unsigned long),
void *data)
@@ -177,6 +196,7 @@ static void notrace unwind(struct task_struct *tsk,
unwind_start(&frame, fp, pc);
while (unwind_continue(tsk, &frame, fn, data))
unwind_next(tsk, &frame);
+ return frame.reliable;
}
NOKPROBE_SYMBOL(unwind);
@@ -238,4 +258,30 @@ noinline notrace void arch_stack_walk(stack_trace_consume_fn consume_entry,
}
+/*
+ * arch_stack_walk_reliable() may not be used for livepatch until all of
+ * the reliability checks are in place in unwind_consume(). However,
+ * debug and test code can choose to use it even if all the checks are not
+ * in place.
+ */
+noinline int notrace arch_stack_walk_reliable(stack_trace_consume_fn consume_fn,
+ void *cookie,
+ struct task_struct *task)
+{
+ unsigned long fp, pc;
+
+ if (task == current) {
+ /* Skip arch_stack_walk_reliable() in the stack trace. */
+ fp = (unsigned long)__builtin_frame_address(1);
+ pc = (unsigned long)__builtin_return_address(0);
+ } else {
+ /* Caller guarantees that the task is not running. */
+ fp = thread_saved_fp(task);
+ pc = thread_saved_pc(task);
+ }
+ if (unwind(task, fp, pc, consume_fn, cookie))
+ return 0;
+ return -EINVAL;
+}
+
#endif
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-10-15 2:35 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <c05ce30dcc9be1bd6b5e24a2ca8fe1d66246980b>
2021-10-15 2:34 ` [PATCH v9 00/11] arm64: Reorganize the unwinder and implement stack trace reliability checks madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 01/11] arm64: Select STACKTRACE in arch/arm64/Kconfig madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` madvenka [this message]
2021-10-15 2:34 ` [PATCH v9 10/11] arm64: Introduce stack trace reliability checks in the unwinder madvenka
2021-10-15 2:34 ` [PATCH v9 11/11] arm64: Create a list of SYM_CODE functions, check return PC against list madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 02/11] arm64: Make perf_callchain_kernel() use arch_stack_walk() madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 03/11] arm64: Make get_wchan() " madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 04/11] arm64: Make return_address() " madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 05/11] arm64: Make dump_stacktrace() " madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 06/11] arm64: Make profile_pc() " madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 07/11] arm64: Call stack_backtrace() only from within walk_stackframe() madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 08/11] arm64: Rename unwinder functions, prevent them from being traced and kprobed madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:34 ` [PATCH v9 09/11] arm64: Make the unwind loop in unwind() similar to other architectures madvenka
2021-10-15 2:34 ` madvenka
2021-10-15 2:53 ` [PATCH v9 00/11] arm64: Reorganize the unwinder and implement stack trace reliability checks Madhavan T. Venkataraman
2021-10-15 2:53 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 " madvenka
2021-10-15 2:58 ` madvenka
2021-10-15 2:58 ` [PATCH v10 01/11] arm64: Select STACKTRACE in arch/arm64/Kconfig madvenka
2021-10-15 2:58 ` madvenka
2021-10-15 18:28 ` Mark Brown
2021-10-15 18:28 ` Mark Brown
2021-10-21 12:28 ` Madhavan T. Venkataraman
2021-10-21 12:28 ` Madhavan T. Venkataraman
2021-10-22 18:02 ` Mark Rutland
2021-10-22 18:02 ` Mark Rutland
2021-11-12 17:44 ` Mark Rutland
2021-11-12 17:44 ` Mark Rutland
2021-11-14 16:15 ` Madhavan T. Venkataraman
2021-11-14 16:15 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 02/11] arm64: Make perf_callchain_kernel() use arch_stack_walk() madvenka
2021-10-15 2:58 ` madvenka
2021-10-20 14:59 ` Mark Brown
2021-10-20 14:59 ` Mark Brown
2021-10-21 12:28 ` Madhavan T. Venkataraman
2021-10-21 12:28 ` Madhavan T. Venkataraman
2021-10-22 18:11 ` Mark Rutland
2021-10-22 18:11 ` Mark Rutland
2021-10-23 12:49 ` Madhavan T. Venkataraman
2021-10-23 12:49 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 03/11] arm64: Make get_wchan() " madvenka
2021-10-15 2:58 ` madvenka
2021-10-20 16:10 ` Mark Brown
2021-10-20 16:10 ` Mark Brown
2021-10-21 12:30 ` Madhavan T. Venkataraman
2021-10-21 12:30 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 04/11] arm64: Make return_address() " madvenka
2021-10-15 2:58 ` madvenka
2021-10-20 15:03 ` Mark Brown
2021-10-20 15:03 ` Mark Brown
2021-10-21 12:29 ` Madhavan T. Venkataraman
2021-10-21 12:29 ` Madhavan T. Venkataraman
2021-10-22 18:51 ` Mark Rutland
2021-10-22 18:51 ` Mark Rutland
2021-10-23 12:51 ` Madhavan T. Venkataraman
2021-10-23 12:51 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 05/11] arm64: Make dump_stacktrace() " madvenka
2021-10-15 2:58 ` madvenka
2021-10-25 16:49 ` Mark Rutland
2021-10-25 16:49 ` Mark Rutland
2021-10-26 12:05 ` Mark Rutland
2021-10-26 12:05 ` Mark Rutland
2021-10-27 16:09 ` Madhavan T. Venkataraman
2021-10-27 16:09 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 06/11] arm64: Make profile_pc() " madvenka
2021-10-15 2:58 ` madvenka
2021-10-25 2:18 ` nobuta.keiya
2021-10-25 2:18 ` nobuta.keiya
2021-10-27 16:10 ` Madhavan T. Venkataraman
2021-10-27 16:10 ` Madhavan T. Venkataraman
2021-10-27 13:32 ` Mark Rutland
2021-10-27 13:32 ` Mark Rutland
2021-10-27 16:15 ` Madhavan T. Venkataraman
2021-10-27 16:15 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 07/11] arm64: Call stack_backtrace() only from within walk_stackframe() madvenka
2021-10-15 2:58 ` madvenka
2021-10-15 2:58 ` [PATCH v10 08/11] arm64: Rename unwinder functions, prevent them from being traced and kprobed madvenka
2021-10-15 2:58 ` madvenka
2021-10-27 17:53 ` Mark Rutland
2021-10-27 17:53 ` Mark Rutland
2021-10-27 20:07 ` Madhavan T. Venkataraman
2021-10-27 20:07 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 09/11] arm64: Make the unwind loop in unwind() similar to other architectures madvenka
2021-10-15 2:58 ` madvenka
2021-10-15 2:58 ` [PATCH v10 10/11] arm64: Introduce stack trace reliability checks in the unwinder madvenka
2021-10-15 2:58 ` madvenka
2021-11-04 12:39 ` nobuta.keiya
2021-11-04 12:39 ` nobuta.keiya
2021-11-10 3:13 ` Madhavan T. Venkataraman
2021-11-10 3:13 ` Madhavan T. Venkataraman
2021-10-15 2:58 ` [PATCH v10 11/11] arm64: Create a list of SYM_CODE functions, check return PC against list madvenka
2021-10-15 2:58 ` madvenka
2021-10-15 17:00 ` [PATCH v10 00/11] arm64: Reorganize the unwinder and implement stack trace reliability checks Madhavan T. Venkataraman
2021-10-15 17:00 ` Madhavan T. Venkataraman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211015023413.16614-3-madvenka@linux.microsoft.com \
--to=madvenka@linux.microsoft.com \
--cc=ardb@kernel.org \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=jmorris@namei.org \
--cc=jpoimboe@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=nobuta.keiya@fujitsu.com \
--cc=sjitindarsingh@gmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.