LKML Archive on
 help / color / Atom feed
* [PATCH] x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
       [not found]           ` <>
@ 2020-05-22 13:54             ` Josh Poimboeuf
  0 siblings, 0 replies; only message in thread
From: Josh Poimboeuf @ 2020-05-22 13:54 UTC (permalink / raw)
  To: Miroslav Benes
  Cc: Tetsuo Handa, Ingo Molnar, x86, Dmitry Vyukov, Linus Torvalds,
	Andy Lutomirski, Dave Jones, Jann Horn, Peter Zijlstra,
	Thomas Gleixner, Vince Weaver

Normally, show_trace_log_lvl() scans the stack, looking for text
addresses to print.  In parallel, it unwinds the stack with
unwind_next_frame().  If the stack address matches the pointer returned
by unwind_get_return_address_ptr() for the current frame, the text
address is printed normally without a question mark.  Otherwise it's
considered a breadcrumb (potentially from a previous call path) and it's
printed with a question mark to indicate that the address is unreliable
and typically can be ignored.

Since the following commit:

  f1d9a2abff66 ("x86/unwind/orc: Don't skip the first frame for inactive tasks")

... for inactive tasks, show_trace_log_lvl() prints *only* unreliable
addresses (prepended with '?').

That happens because, for the first frame of an inactive task,
unwind_get_return_address_ptr() returns the wrong return address
pointer: one word *below* the task stack pointer.  show_trace_log_lvl()
starts scanning at the stack pointer itself, so it never finds the first
'reliable' address, causing only guesses to being printed.

The first frame of an inactive task isn't a normal stack frame.  It's
actually just an instance of 'struct inactive_task_frame' which is left
behind by __switch_to_asm().  Now that this inactive frame is actually
exposed to callers, fix unwind_get_return_address_ptr() to interpret it

Reported-by: Tetsuo Handa <>
Fixes: f1d9a2abff66 ("x86/unwind/orc: Don't skip the first frame for inactive tasks")
Signed-off-by: Josh Poimboeuf <>
 arch/x86/kernel/unwind_orc.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c
index fa79e4227d3d..7f969b2d240f 100644
--- a/arch/x86/kernel/unwind_orc.c
+++ b/arch/x86/kernel/unwind_orc.c
@@ -320,12 +320,19 @@ EXPORT_SYMBOL_GPL(unwind_get_return_address);
 unsigned long *unwind_get_return_address_ptr(struct unwind_state *state)
+	struct task_struct *task = state->task;
 	if (unwind_done(state))
 		return NULL;
 	if (state->regs)
 		return &state->regs->ip;
+	if (task != current && state->sp == task->thread.sp) {
+		struct inactive_task_frame *frame = (void *)task->thread.sp;
+		return &frame->ret_addr;
+	}
 	if (state->sp)
 		return (unsigned long *)state->sp - 1;

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-20 20:53 INFO: task hung in locks_remove_posix syzbot
2020-05-21 14:09 ` Tetsuo Handa
2020-05-21 14:21   ` Dmitry Vyukov
2020-05-21 23:34     ` [5.7-rc5 x86 regression] ORC unwinder generates unreliable traces Tetsuo Handa
     [not found]       ` <>
     [not found]         ` <20200522043037.fny37n7kjbfyrxo4@treble>
     [not found]           ` <>
2020-05-22 13:54             ` [PATCH] x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks Josh Poimboeuf

LKML Archive on

Archives are clonable:
	git clone --mirror lkml/git/0.git
	git clone --mirror lkml/git/1.git
	git clone --mirror lkml/git/2.git
	git clone --mirror lkml/git/3.git
	git clone --mirror lkml/git/4.git
	git clone --mirror lkml/git/5.git
	git clone --mirror lkml/git/6.git
	git clone --mirror lkml/git/7.git
	git clone --mirror lkml/git/8.git
	git clone --mirror lkml/git/9.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ \
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone