From: madvenka@linux.microsoft.com To: broonie@kernel.org, mark.rutland@arm.com, jpoimboe@redhat.com, ardb@kernel.org, nobuta.keiya@fujitsu.com, sjitindarsingh@gmail.com, catalin.marinas@arm.com, will@kernel.org, jamorris@linux.microsoft.com, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, madvenka@linux.microsoft.com Subject: [RFC PATCH v15 4/6] arm64: Introduce stack trace reliability checks in the unwinder Date: Fri, 17 Jun 2022 13:02:17 -0500 [thread overview] Message-ID: <20220617180219.20352-5-madvenka@linux.microsoft.com> (raw) In-Reply-To: <20220617180219.20352-1-madvenka@linux.microsoft.com> From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com> There are some kernel features and conditions that make a stack trace unreliable. Callers may require the unwinder to detect these cases. E.g., livepatch. Introduce a new function called unwind_check_reliability() that will detect these cases and set a flag in the stack frame. Call unwind_check_reliability() for every frame in unwind(). Introduce the first reliability check in unwind_check_reliability() - If a return PC is not a valid kernel text address, consider the stack trace unreliable. It could be some generated code. Other reliability checks will be added in the future. Let unwind() return a boolean to indicate if the stack trace is reliable. Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com> Reviewed-by: Mark Brown <broonie@kernel.org> --- arch/arm64/kernel/stacktrace.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index c749129aba5a..5ef2ce217324 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -44,6 +44,8 @@ * @final_fp: Pointer to the final frame. * * @failed: Unwind failed. + * + * @reliable: Stack trace is reliable. */ struct unwind_state { unsigned long fp; @@ -57,6 +59,7 @@ struct unwind_state { struct task_struct *task; unsigned long final_fp; bool failed; + bool reliable; }; static void unwind_init_common(struct unwind_state *state, @@ -80,6 +83,7 @@ static void unwind_init_common(struct unwind_state *state, state->prev_fp = 0; state->prev_type = STACK_TYPE_UNKNOWN; state->failed = false; + state->reliable = true; /* Stack trace terminates here. */ state->final_fp = (unsigned long)task_pt_regs(task)->stackframe; @@ -242,11 +246,34 @@ static void notrace unwind_next(struct unwind_state *state) } NOKPROBE_SYMBOL(unwind_next); -static void notrace unwind(struct unwind_state *state, +/* + * Check the stack frame for conditions that make further unwinding unreliable. + */ +static void unwind_check_reliability(struct unwind_state *state) +{ + if (state->fp == state->final_fp) { + /* Final frame; no more unwind, no need to check reliability */ + return; + } + + /* + * If the PC is not a known kernel text address, then we cannot + * be sure that a subsequent unwind will be reliable, as we + * don't know that the code follows our unwind requirements. + */ + if (!__kernel_text_address(state->pc)) + state->reliable = false; +} + +static bool notrace unwind(struct unwind_state *state, stack_trace_consume_fn consume_entry, void *cookie) { - while (unwind_continue(state, consume_entry, cookie)) + unwind_check_reliability(state); + while (unwind_continue(state, consume_entry, cookie)) { unwind_next(state); + unwind_check_reliability(state); + } + return !state->failed && state->reliable; } NOKPROBE_SYMBOL(unwind); -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: madvenka@linux.microsoft.com To: broonie@kernel.org, mark.rutland@arm.com, jpoimboe@redhat.com, ardb@kernel.org, nobuta.keiya@fujitsu.com, sjitindarsingh@gmail.com, catalin.marinas@arm.com, will@kernel.org, jamorris@linux.microsoft.com, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, madvenka@linux.microsoft.com Subject: [RFC PATCH v15 4/6] arm64: Introduce stack trace reliability checks in the unwinder Date: Fri, 17 Jun 2022 13:02:17 -0500 [thread overview] Message-ID: <20220617180219.20352-5-madvenka@linux.microsoft.com> (raw) In-Reply-To: <20220617180219.20352-1-madvenka@linux.microsoft.com> From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com> There are some kernel features and conditions that make a stack trace unreliable. Callers may require the unwinder to detect these cases. E.g., livepatch. Introduce a new function called unwind_check_reliability() that will detect these cases and set a flag in the stack frame. Call unwind_check_reliability() for every frame in unwind(). Introduce the first reliability check in unwind_check_reliability() - If a return PC is not a valid kernel text address, consider the stack trace unreliable. It could be some generated code. Other reliability checks will be added in the future. Let unwind() return a boolean to indicate if the stack trace is reliable. Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com> Reviewed-by: Mark Brown <broonie@kernel.org> --- arch/arm64/kernel/stacktrace.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index c749129aba5a..5ef2ce217324 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -44,6 +44,8 @@ * @final_fp: Pointer to the final frame. * * @failed: Unwind failed. + * + * @reliable: Stack trace is reliable. */ struct unwind_state { unsigned long fp; @@ -57,6 +59,7 @@ struct unwind_state { struct task_struct *task; unsigned long final_fp; bool failed; + bool reliable; }; static void unwind_init_common(struct unwind_state *state, @@ -80,6 +83,7 @@ static void unwind_init_common(struct unwind_state *state, state->prev_fp = 0; state->prev_type = STACK_TYPE_UNKNOWN; state->failed = false; + state->reliable = true; /* Stack trace terminates here. */ state->final_fp = (unsigned long)task_pt_regs(task)->stackframe; @@ -242,11 +246,34 @@ static void notrace unwind_next(struct unwind_state *state) } NOKPROBE_SYMBOL(unwind_next); -static void notrace unwind(struct unwind_state *state, +/* + * Check the stack frame for conditions that make further unwinding unreliable. + */ +static void unwind_check_reliability(struct unwind_state *state) +{ + if (state->fp == state->final_fp) { + /* Final frame; no more unwind, no need to check reliability */ + return; + } + + /* + * If the PC is not a known kernel text address, then we cannot + * be sure that a subsequent unwind will be reliable, as we + * don't know that the code follows our unwind requirements. + */ + if (!__kernel_text_address(state->pc)) + state->reliable = false; +} + +static bool notrace unwind(struct unwind_state *state, stack_trace_consume_fn consume_entry, void *cookie) { - while (unwind_continue(state, consume_entry, cookie)) + unwind_check_reliability(state); + while (unwind_continue(state, consume_entry, cookie)) { unwind_next(state); + unwind_check_reliability(state); + } + return !state->failed && state->reliable; } NOKPROBE_SYMBOL(unwind); -- 2.25.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-06-17 18:03 UTC|newest] Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <ff68fb850d42e1adaa6a0a6c9c258acabb898b24> 2022-06-17 18:02 ` [RFC PATCH v15 0/6] arm64: Reorganize the unwinder and implement stack trace reliability checks madvenka 2022-06-17 18:02 ` madvenka 2022-06-17 18:02 ` [RFC PATCH v15 1/6] arm64: Split unwind_init() madvenka 2022-06-17 18:02 ` madvenka 2022-06-17 18:02 ` [RFC PATCH v15 2/6] arm64: Copy the task argument to unwind_state madvenka 2022-06-17 18:02 ` madvenka 2022-06-17 18:02 ` [RFC PATCH v15 3/6] arm64: Make the unwind loop in unwind() similar to other architectures madvenka 2022-06-17 18:02 ` madvenka 2022-06-17 18:02 ` madvenka [this message] 2022-06-17 18:02 ` [RFC PATCH v15 4/6] arm64: Introduce stack trace reliability checks in the unwinder madvenka 2022-06-17 18:02 ` [RFC PATCH v15 5/6] arm64: Create a list of SYM_CODE functions, check return PC against list madvenka 2022-06-17 18:02 ` madvenka 2022-06-17 18:02 ` [RFC PATCH v15 6/6] arm64: Introduce arch_stack_walk_reliable() madvenka 2022-06-17 18:02 ` madvenka 2022-06-17 20:50 ` [RFC PATCH v15 0/6] arm64: Reorganize the unwinder and implement stack trace reliability checks Madhavan T. Venkataraman 2022-06-17 20:50 ` Madhavan T. Venkataraman 2022-06-27 13:00 ` Will Deacon 2022-06-27 13:00 ` Will Deacon 2022-06-27 17:06 ` Madhavan T. Venkataraman 2022-06-27 17:06 ` Madhavan T. Venkataraman 2022-06-17 21:07 ` [PATCH " madvenka 2022-06-17 21:07 ` madvenka 2022-06-17 21:07 ` [PATCH v15 1/6] arm64: Split unwind_init() madvenka 2022-06-17 21:07 ` madvenka 2022-06-26 7:39 ` Mark Rutland 2022-06-26 7:39 ` Mark Rutland 2022-06-17 21:07 ` [PATCH v15 2/6] arm64: Copy the task argument to unwind_state madvenka 2022-06-17 21:07 ` madvenka 2022-06-26 7:39 ` Mark Rutland 2022-06-26 7:39 ` Mark Rutland 2022-06-17 21:07 ` [PATCH v15 3/6] arm64: Make the unwind loop in unwind() similar to other architectures madvenka 2022-06-17 21:07 ` madvenka 2022-06-26 8:21 ` Mark Rutland 2022-06-26 8:21 ` Mark Rutland 2022-06-27 4:51 ` Madhavan T. Venkataraman 2022-06-27 4:51 ` Madhavan T. Venkataraman 2022-06-17 21:07 ` [PATCH v15 4/6] arm64: Introduce stack trace reliability checks in the unwinder madvenka 2022-06-17 21:07 ` madvenka 2022-06-26 8:32 ` Mark Rutland 2022-06-26 8:32 ` Mark Rutland 2022-06-27 5:01 ` Madhavan T. Venkataraman 2022-06-27 5:01 ` Madhavan T. Venkataraman 2022-06-17 21:07 ` [PATCH v15 5/6] arm64: Create a list of SYM_CODE functions, check return PC against list madvenka 2022-06-17 21:07 ` madvenka 2022-06-26 8:46 ` Mark Rutland 2022-06-26 8:46 ` Mark Rutland 2022-06-27 5:06 ` Madhavan T. Venkataraman 2022-06-27 5:06 ` Madhavan T. Venkataraman 2022-06-17 21:07 ` [PATCH v15 6/6] arm64: Introduce arch_stack_walk_reliable() madvenka 2022-06-17 21:07 ` madvenka 2022-06-26 8:57 ` Mark Rutland 2022-06-26 8:57 ` Mark Rutland 2022-06-27 5:53 ` Madhavan T. Venkataraman 2022-06-27 5:53 ` Madhavan T. Venkataraman 2022-06-23 17:32 ` [PATCH v15 0/6] arm64: Reorganize the unwinder and implement stack trace reliability checks Will Deacon 2022-06-23 17:32 ` Will Deacon 2022-06-24 5:19 ` Madhavan T. Venkataraman 2022-06-24 5:19 ` Madhavan T. Venkataraman 2022-06-24 5:27 ` Madhavan T. Venkataraman 2022-06-24 5:27 ` Madhavan T. Venkataraman 2022-06-26 9:18 ` Mark Rutland 2022-06-26 9:18 ` Mark Rutland 2022-06-27 4:33 ` Madhavan T. Venkataraman 2022-06-27 4:33 ` Madhavan T. Venkataraman 2022-06-27 16:32 ` Kalesh Singh 2022-06-27 16:32 ` Kalesh Singh 2022-06-27 17:04 ` Madhavan T. Venkataraman 2022-06-27 17:04 ` Madhavan T. Venkataraman 2022-06-27 4:48 ` Madhavan T. Venkataraman 2022-06-27 4:48 ` Madhavan T. Venkataraman 2022-06-27 9:42 ` Will Deacon 2022-06-27 9:42 ` Will Deacon 2022-06-24 11:42 ` Mark Brown 2022-06-24 11:42 ` Mark Brown 2022-06-24 22:15 ` Madhavan T. Venkataraman 2022-06-24 22:15 ` Madhavan T. Venkataraman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220617180219.20352-5-madvenka@linux.microsoft.com \ --to=madvenka@linux.microsoft.com \ --cc=ardb@kernel.org \ --cc=broonie@kernel.org \ --cc=catalin.marinas@arm.com \ --cc=jamorris@linux.microsoft.com \ --cc=jpoimboe@redhat.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=live-patching@vger.kernel.org \ --cc=mark.rutland@arm.com \ --cc=nobuta.keiya@fujitsu.com \ --cc=sjitindarsingh@gmail.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.