* [PATCH] x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder
@ 2017-04-20 21:22 Steven Rostedt (VMware)
2017-04-20 21:38 ` Josh Poimboeuf
2017-04-21 7:52 ` [tip:x86/asm] " tip-bot for Steven Rostedt (VMware)
0 siblings, 2 replies; 3+ messages in thread
From: Steven Rostedt (VMware) @ 2017-04-20 21:22 UTC (permalink / raw)
To: LKML
Cc: Ingo Molnar, Thomas Gleixner, H. Peter Anvin, Josh Poimboeuf,
Masami Hiramatsu, kernel test robot
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
Fengguang Wu's zero day bot triggered a stack unwinder dump. This can
be easily triggered when CONFIG_FRAME_POINTERS is enabled and -mfentry
is in use on x86_32.
># cd /sys/kernel/debug/tracing
># echo 'p:schedule schedule' > kprobe_events
># echo stacktrace > events/kprobes/schedule/trigger
This is because the code that implemented fentry in the
ftrace_regs_caller tried to use the least amount of #ifdefs, and
modified ebp when CC_USE_FENTRY was defined to point to the parent ip
as it does when CC_USE_FENTRY is not defined. But when
CONFIG_FRAME_POINTERS is set, it corrupts the ebp register for this
frame while doing the tracing.
NOTE, it does not corrupt ebp in any other way. It is just a bad
frame pointer when calling into the tracing infrastructure. The original
ebp is restored before returning from the fentry call. But if a stack
trace is performed inside the tracing, the unwinder will notice the bad
ebp.
Instead of toying with ebp with CC_USING_FENTRY, just slap the parent
ip into the second parameter (%edx), and have an #else that does it the
original way.
The unwinder will unfortunately miss the function being traced, as the
stack frame is not set up yet for it, as it is for x86_64. But fixing
that is a bit more complex and did not work before anyway.
This has been tested with and without FRAME_POINTERS being set while
using -mfentry, as well as using an older compiler that uses mcount.
Reported-by: kernel test robot <fengguang.wu@intel.com>
Analyzed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lists.01.org/pipermail/lkp/2017-April/006165.html
Fixes: 644e0e8dc76b ("x86/ftrace: Add -mfentry support to x86_32 with DYNAMIC_FTRACE set")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
---
diff --git a/arch/x86/kernel/ftrace_32.S b/arch/x86/kernel/ftrace_32.S
index 07f4035..722a145 100644
--- a/arch/x86/kernel/ftrace_32.S
+++ b/arch/x86/kernel/ftrace_32.S
@@ -128,14 +128,14 @@ ENTRY(ftrace_regs_caller)
pushl %edx
pushl %ecx
pushl %ebx
-#ifdef CC_USING_FENTRY
- /* Load 4 off of the parent ip addr into ebp */
- lea 14*4(%esp), %ebp
-#endif
movl 12*4(%esp), %eax /* Load ip (1st parameter) */
subl $MCOUNT_INSN_SIZE, %eax /* Adjust ip */
+#ifdef CC_USING_FENTRY
+ movl 15*4(%esp), %edx /* Load parent ip (2nd parameter) */
+#else
movl 0x4(%ebp), %edx /* Load parent ip (2nd parameter) */
+#endif
movl function_trace_op, %ecx /* Save ftrace_pos in 3rd parameter */
pushl %esp /* Save pt_regs as 4th parameter */
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder
2017-04-20 21:22 [PATCH] x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder Steven Rostedt (VMware)
@ 2017-04-20 21:38 ` Josh Poimboeuf
2017-04-21 7:52 ` [tip:x86/asm] " tip-bot for Steven Rostedt (VMware)
1 sibling, 0 replies; 3+ messages in thread
From: Josh Poimboeuf @ 2017-04-20 21:38 UTC (permalink / raw)
To: Steven Rostedt (VMware)
Cc: LKML, Ingo Molnar, Thomas Gleixner, H. Peter Anvin,
Masami Hiramatsu, kernel test robot
On Thu, Apr 20, 2017 at 05:22:36PM -0400, Steven Rostedt (VMware) wrote:
> From: Steven Rostedt (VMware) <rostedt@goodmis.org>
>
> Fengguang Wu's zero day bot triggered a stack unwinder dump. This can
> be easily triggered when CONFIG_FRAME_POINTERS is enabled and -mfentry
> is in use on x86_32.
>
> ># cd /sys/kernel/debug/tracing
> ># echo 'p:schedule schedule' > kprobe_events
> ># echo stacktrace > events/kprobes/schedule/trigger
>
> This is because the code that implemented fentry in the
> ftrace_regs_caller tried to use the least amount of #ifdefs, and
> modified ebp when CC_USE_FENTRY was defined to point to the parent ip
> as it does when CC_USE_FENTRY is not defined. But when
> CONFIG_FRAME_POINTERS is set, it corrupts the ebp register for this
> frame while doing the tracing.
>
> NOTE, it does not corrupt ebp in any other way. It is just a bad
> frame pointer when calling into the tracing infrastructure. The original
> ebp is restored before returning from the fentry call. But if a stack
> trace is performed inside the tracing, the unwinder will notice the bad
> ebp.
>
> Instead of toying with ebp with CC_USING_FENTRY, just slap the parent
> ip into the second parameter (%edx), and have an #else that does it the
> original way.
>
> The unwinder will unfortunately miss the function being traced, as the
> stack frame is not set up yet for it, as it is for x86_64. But fixing
> that is a bit more complex and did not work before anyway.
>
> This has been tested with and without FRAME_POINTERS being set while
> using -mfentry, as well as using an older compiler that uses mcount.
>
> Reported-by: kernel test robot <fengguang.wu@intel.com>
> Analyzed-by: Josh Poimboeuf <jpoimboe@redhat.com>
> Link: https://lists.01.org/pipermail/lkp/2017-April/006165.html
> Fixes: 644e0e8dc76b ("x86/ftrace: Add -mfentry support to x86_32 with DYNAMIC_FTRACE set")
> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
It's actually CONFIG_FRAME_POINTER (no 'S'). Otherwise,
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
--
Josh
^ permalink raw reply [flat|nested] 3+ messages in thread
* [tip:x86/asm] x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder
2017-04-20 21:22 [PATCH] x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder Steven Rostedt (VMware)
2017-04-20 21:38 ` Josh Poimboeuf
@ 2017-04-21 7:52 ` tip-bot for Steven Rostedt (VMware)
1 sibling, 0 replies; 3+ messages in thread
From: tip-bot for Steven Rostedt (VMware) @ 2017-04-21 7:52 UTC (permalink / raw)
To: linux-tip-commits
Cc: mhiramat, mingo, hpa, rostedt, fengguang.wu, linux-kernel,
jpoimboe, tglx
Commit-ID: dc912c303517b01960dcee6875a78b2999f7c098
Gitweb: http://git.kernel.org/tip/dc912c303517b01960dcee6875a78b2999f7c098
Author: Steven Rostedt (VMware) <rostedt@goodmis.org>
AuthorDate: Thu, 20 Apr 2017 17:22:36 -0400
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Fri, 21 Apr 2017 09:48:16 +0200
x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder
Fengguang Wu's zero day bot triggered a stack unwinder dump. This can
be easily triggered when CONFIG_FRAME_POINTERS is enabled and -mfentry
is in use on x86_32.
># cd /sys/kernel/debug/tracing
># echo 'p:schedule schedule' > kprobe_events
># echo stacktrace > events/kprobes/schedule/trigger
This is because the code that implemented fentry in the ftrace_regs_caller
tried to use the least amount of #ifdefs, and modified ebp when
CC_USE_FENTRY was defined to point to the parent ip as it does when
CC_USE_FENTRY is not defined. But when CONFIG_FRAME_POINTERS is set, it
corrupts the ebp register for this frame while doing the tracing.
NOTE, it does not corrupt ebp in any other way. It is just a bad frame
pointer when calling into the tracing infrastructure. The original ebp is
restored before returning from the fentry call. But if a stack trace is
performed inside the tracing, the unwinder will notice the bad ebp.
Instead of toying with ebp with CC_USING_FENTRY, just slap the parent ip
into the second parameter (%edx), and have an #else that does it the
original way.
The unwinder will unfortunately miss the function being traced, as the
stack frame is not set up yet for it, as it is for x86_64. But fixing that
is a bit more complex and did not work before anyway.
This has been tested with and without FRAME_POINTERS being set while using
-mfentry, as well as using an older compiler that uses mcount.
Analyzed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Fixes: 644e0e8dc76b ("x86/ftrace: Add -mfentry support to x86_32 with DYNAMIC_FTRACE set")
Reported-by: kernel test robot <fengguang.wu@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lists.01.org/pipermail/lkp/2017-April/006165.html
Link: http://lkml.kernel.org/r/20170420172236.7af7f6e5@gandalf.local.home
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/kernel/ftrace_32.S | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/ftrace_32.S b/arch/x86/kernel/ftrace_32.S
index 07f4035..722a145 100644
--- a/arch/x86/kernel/ftrace_32.S
+++ b/arch/x86/kernel/ftrace_32.S
@@ -128,14 +128,14 @@ ENTRY(ftrace_regs_caller)
pushl %edx
pushl %ecx
pushl %ebx
-#ifdef CC_USING_FENTRY
- /* Load 4 off of the parent ip addr into ebp */
- lea 14*4(%esp), %ebp
-#endif
movl 12*4(%esp), %eax /* Load ip (1st parameter) */
subl $MCOUNT_INSN_SIZE, %eax /* Adjust ip */
+#ifdef CC_USING_FENTRY
+ movl 15*4(%esp), %edx /* Load parent ip (2nd parameter) */
+#else
movl 0x4(%ebp), %edx /* Load parent ip (2nd parameter) */
+#endif
movl function_trace_op, %ecx /* Save ftrace_pos in 3rd parameter */
pushl %esp /* Save pt_regs as 4th parameter */
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-04-21 7:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-20 21:22 [PATCH] x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder Steven Rostedt (VMware)
2017-04-20 21:38 ` Josh Poimboeuf
2017-04-21 7:52 ` [tip:x86/asm] " tip-bot for Steven Rostedt (VMware)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).