* [PATCH] x86/unwind/fp: Fix FP unwinding in ret_from_fork
@ 2020-09-14 17:04 Josh Poimboeuf
2020-09-15 8:43 ` peterz
2020-09-18 8:19 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
0 siblings, 2 replies; 3+ messages in thread
From: Josh Poimboeuf @ 2020-09-14 17:04 UTC (permalink / raw)
To: x86
Cc: linux-kernel, Peter Zijlstra, Thomas Gleixner, Ingo Molnar,
Andy Lutomirski, Borislav Petkov, Naresh Kamboju,
Logan Gunthorpe
There have been some reports of "bad bp value" warnings printed by the
frame pointer unwinder:
WARNING: kernel stack regs at 000000005bac7112 in sh:1014 has bad 'bp' value 0000000000000000
This warning happens when unwinding from an interrupt in
ret_from_fork(). If entry code gets interrupted, the state of the frame
pointer (rbp) may be undefined, which can confuse the unwinder,
resulting in warnings like the above.
There's an in_entry_code() check which normally silences such warnings
for entry code. But in this case, ret_from_fork() is getting
interrupted. It recently got moved out of .entry.text, so the
in_entry_code() check no longer works.
We could move it back into .entry.text, but that would break the noinstr
validation because of the call to schedule_tail().
Instead, initialize each new task's RBP to point to the task's entry
regs via an encoded frame pointer. That will allow the unwinder to
reach the end of the stack gracefully.
Fixes: b9f6976bfb94 ("x86/entry/64: Move non entry code into .text section")
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reported-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
arch/x86/include/asm/frame.h | 19 +++++++++++++++++++
arch/x86/kernel/process.c | 3 ++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/frame.h b/arch/x86/include/asm/frame.h
index 296b346184b2..fb42659f6e98 100644
--- a/arch/x86/include/asm/frame.h
+++ b/arch/x86/include/asm/frame.h
@@ -60,12 +60,26 @@
#define FRAME_END "pop %" _ASM_BP "\n"
#ifdef CONFIG_X86_64
+
#define ENCODE_FRAME_POINTER \
"lea 1(%rsp), %rbp\n\t"
+
+static inline unsigned long encode_frame_pointer(struct pt_regs *regs)
+{
+ return (unsigned long)regs + 1;
+}
+
#else /* !CONFIG_X86_64 */
+
#define ENCODE_FRAME_POINTER \
"movl %esp, %ebp\n\t" \
"andl $0x7fffffff, %ebp\n\t"
+
+static inline unsigned long encode_frame_pointer(struct pt_regs *regs)
+{
+ return (unsigned long)regs & 0x7fffffff;
+}
+
#endif /* CONFIG_X86_64 */
#endif /* __ASSEMBLY__ */
@@ -83,6 +97,11 @@
#define ENCODE_FRAME_POINTER
+static inline unsigned long encode_frame_pointer(struct pt_regs *regs)
+{
+ return 0;
+}
+
#endif
#define FRAME_BEGIN
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 13ce616cc7af..ba4593a913fa 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -42,6 +42,7 @@
#include <asm/spec-ctrl.h>
#include <asm/io_bitmap.h>
#include <asm/proto.h>
+#include <asm/frame.h>
#include "process.h"
@@ -133,7 +134,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, unsigned long arg,
fork_frame = container_of(childregs, struct fork_frame, regs);
frame = &fork_frame->frame;
- frame->bp = 0;
+ frame->bp = encode_frame_pointer(childregs);
frame->ret_addr = (unsigned long) ret_from_fork;
p->thread.sp = (unsigned long) fork_frame;
p->thread.io_bitmap = NULL;
--
2.25.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] x86/unwind/fp: Fix FP unwinding in ret_from_fork
2020-09-14 17:04 [PATCH] x86/unwind/fp: Fix FP unwinding in ret_from_fork Josh Poimboeuf
@ 2020-09-15 8:43 ` peterz
2020-09-18 8:19 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
1 sibling, 0 replies; 3+ messages in thread
From: peterz @ 2020-09-15 8:43 UTC (permalink / raw)
To: Josh Poimboeuf
Cc: x86, linux-kernel, Thomas Gleixner, Ingo Molnar, Andy Lutomirski,
Borislav Petkov, Naresh Kamboju, Logan Gunthorpe
On Mon, Sep 14, 2020 at 12:04:22PM -0500, Josh Poimboeuf wrote:
> There have been some reports of "bad bp value" warnings printed by the
> frame pointer unwinder:
>
> WARNING: kernel stack regs at 000000005bac7112 in sh:1014 has bad 'bp' value 0000000000000000
>
> This warning happens when unwinding from an interrupt in
> ret_from_fork(). If entry code gets interrupted, the state of the frame
> pointer (rbp) may be undefined, which can confuse the unwinder,
> resulting in warnings like the above.
>
> There's an in_entry_code() check which normally silences such warnings
> for entry code. But in this case, ret_from_fork() is getting
> interrupted. It recently got moved out of .entry.text, so the
> in_entry_code() check no longer works.
>
> We could move it back into .entry.text, but that would break the noinstr
> validation because of the call to schedule_tail().
>
> Instead, initialize each new task's RBP to point to the task's entry
> regs via an encoded frame pointer. That will allow the unwinder to
> reach the end of the stack gracefully.
>
> Fixes: b9f6976bfb94 ("x86/entry/64: Move non entry code into .text section")
> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Reported-by: Logan Gunthorpe <logang@deltatee.com>
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [tip: x86/urgent] x86/unwind/fp: Fix FP unwinding in ret_from_fork
2020-09-14 17:04 [PATCH] x86/unwind/fp: Fix FP unwinding in ret_from_fork Josh Poimboeuf
2020-09-15 8:43 ` peterz
@ 2020-09-18 8:19 ` tip-bot2 for Josh Poimboeuf
1 sibling, 0 replies; 3+ messages in thread
From: tip-bot2 for Josh Poimboeuf @ 2020-09-18 8:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Naresh Kamboju, Logan Gunthorpe, Josh Poimboeuf, Borislav Petkov,
Peter Zijlstra (Intel),
Thomas Gleixner, x86, LKML
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: 6f9885a36c006d798319661fa849f9c2922223b9
Gitweb: https://git.kernel.org/tip/6f9885a36c006d798319661fa849f9c2922223b9
Author: Josh Poimboeuf <jpoimboe@redhat.com>
AuthorDate: Mon, 14 Sep 2020 12:04:22 -05:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Fri, 18 Sep 2020 09:59:40 +02:00
x86/unwind/fp: Fix FP unwinding in ret_from_fork
There have been some reports of "bad bp value" warnings printed by the
frame pointer unwinder:
WARNING: kernel stack regs at 000000005bac7112 in sh:1014 has bad 'bp' value 0000000000000000
This warning happens when unwinding from an interrupt in
ret_from_fork(). If entry code gets interrupted, the state of the
frame pointer (rbp) may be undefined, which can confuse the unwinder,
resulting in warnings like the above.
There's an in_entry_code() check which normally silences such
warnings for entry code. But in this case, ret_from_fork() is getting
interrupted. It recently got moved out of .entry.text, so the
in_entry_code() check no longer works.
It could be moved back into .entry.text, but that would break the
noinstr validation because of the call to schedule_tail().
Instead, initialize each new task's RBP to point to the task's entry
regs via an encoded frame pointer. That will allow the unwinder to
reach the end of the stack gracefully.
Fixes: b9f6976bfb94 ("x86/entry/64: Move non entry code into .text section")
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reported-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/f366bbf5a8d02e2318ee312f738112d0af74d16f.1600103007.git.jpoimboe@redhat.com
---
arch/x86/include/asm/frame.h | 19 +++++++++++++++++++
arch/x86/kernel/process.c | 3 ++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/frame.h b/arch/x86/include/asm/frame.h
index 296b346..fb42659 100644
--- a/arch/x86/include/asm/frame.h
+++ b/arch/x86/include/asm/frame.h
@@ -60,12 +60,26 @@
#define FRAME_END "pop %" _ASM_BP "\n"
#ifdef CONFIG_X86_64
+
#define ENCODE_FRAME_POINTER \
"lea 1(%rsp), %rbp\n\t"
+
+static inline unsigned long encode_frame_pointer(struct pt_regs *regs)
+{
+ return (unsigned long)regs + 1;
+}
+
#else /* !CONFIG_X86_64 */
+
#define ENCODE_FRAME_POINTER \
"movl %esp, %ebp\n\t" \
"andl $0x7fffffff, %ebp\n\t"
+
+static inline unsigned long encode_frame_pointer(struct pt_regs *regs)
+{
+ return (unsigned long)regs & 0x7fffffff;
+}
+
#endif /* CONFIG_X86_64 */
#endif /* __ASSEMBLY__ */
@@ -83,6 +97,11 @@
#define ENCODE_FRAME_POINTER
+static inline unsigned long encode_frame_pointer(struct pt_regs *regs)
+{
+ return 0;
+}
+
#endif
#define FRAME_BEGIN
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 13ce616..ba4593a 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -42,6 +42,7 @@
#include <asm/spec-ctrl.h>
#include <asm/io_bitmap.h>
#include <asm/proto.h>
+#include <asm/frame.h>
#include "process.h"
@@ -133,7 +134,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, unsigned long arg,
fork_frame = container_of(childregs, struct fork_frame, regs);
frame = &fork_frame->frame;
- frame->bp = 0;
+ frame->bp = encode_frame_pointer(childregs);
frame->ret_addr = (unsigned long) ret_from_fork;
p->thread.sp = (unsigned long) fork_frame;
p->thread.io_bitmap = NULL;
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-09-18 8:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-14 17:04 [PATCH] x86/unwind/fp: Fix FP unwinding in ret_from_fork Josh Poimboeuf
2020-09-15 8:43 ` peterz
2020-09-18 8:19 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).