Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure when catting /proc/xxx/stack #13

Closed
stffrdhrn opened this issue Jun 13, 2020 · 3 comments
Closed

Failure when catting /proc/xxx/stack #13

stffrdhrn opened this issue Jun 13, 2020 · 3 comments

Comments

@stffrdhrn
Copy link
Member

Seen with 5.7-rc2

Example:

/ # cat /proc/690/stack
[108997.050000] Unable to handle kernel access
[108997.050000]  at virtual address 0x7fc60f58
[108997.050000]
[108997.050000] Oops#: 0000
[108997.060000] CPU #: 0
[108997.060000]    PC: c00097fc    SR: 0000807f    SP: d6f09b9c
[108997.060000] GPR00: 00000000 GPR01: d6f09b9c GPR02: d6f09bb8 GPR03: d6f09bc4
[108997.060000] GPR04: 7fc60f5c GPR05: c00099b4 GPR06: 00000000 GPR07: d6f09ba3
[108997.060000] GPR08: ffffff00 GPR09: c0009804 GPR10: d6f08000 GPR11: 00000000
[108997.060000] GPR12: ffffe000 GPR13: dbb86000 GPR14: 00000001 GPR15: dbb86250
[108997.060000] GPR16: 7fc60f63 GPR17: 00000f5c GPR18: d6f09bc4 GPR19: 00000000
[108997.060000] GPR20: c00099b4 GPR21: ffffffc0 GPR22: 00000000 GPR23: 00000000
[108997.060000] GPR24: 00000001 GPR25: 000002c6 GPR26: d78b6850 GPR27: 00000001
[108997.060000] GPR28: 00000000 GPR29: dbb86000 GPR30: ffffffff GPR31: dbb862fc
[108997.060000]   RES: 00000000 oGPR11: ffffffff
[108997.060000] Process cat (pid: 702, stackpage=d79d6000)
[108997.060000]
[108997.060000] Stack:
[108997.060000] Call trace:
[108997.060000] [<598977f2>] save_stack_trace_tsk+0x40/0x74
[108997.060000] [<95063f0e>] stack_trace_save_tsk+0x44/0x58
[108997.060000] [<b557bfdd>] proc_pid_stack+0xd0/0x13c
[108997.060000] [<a2df8eda>] proc_single_show+0x6c/0xf0
[108997.060000] [<e5a737b7>] seq_read+0x1b4/0x688
[108997.060000] [<2d6c7480>] do_iter_read+0x208/0x248
[108997.060000] [<2182a2fb>] vfs_readv+0x64/0x90
[108997.060000] [<3ff02271>] ? iov_iter_get_pages_alloc+0x3d4/0x670
[108997.060000] [<bab8ec1a>] ? slob_alloc.isra.0+0xfc/0x348
[108997.070000] [<d58f9294>] ? __wake_up_common_lock+0x90/0xcc
[108997.070000] [<49544e36>] default_file_splice_read+0x1cc/0x3b0
[108997.070000] [<ab9ebd9e>] ? kmem_cache_alloc+0x48/0x104
[108997.070000] [<6dd300f2>] do_splice_to+0xa8/0x100
[108997.070000] [<caed44c0>] splice_direct_to_actor+0xf8/0x33c
[108997.070000] [<b2a5b2b1>] ? direct_splice_actor+0x0/0x70
[108997.070000] [<886bec27>] do_splice_direct+0xa4/0x100
[108997.070000] [<d3c7c436>] do_sendfile+0x2bc/0x4f0
[108997.070000] [<bd6b01e4>] sys_sendfile64+0x130/0x138
[108997.070000] [<7f032d7a>] ? _syscall_return+0x0/0x4
@stffrdhrn
Copy link
Member Author

stffrdhrn commented Jun 13, 2020
edited
Loading

Failure in openrisc code:

< shorne@lianli ~/work/linux > ./scripts/faddr2line vmlinux save_stack_trace_tsk+0x40/0x74 stack_trace_save_tsk+0x44/0x58
save_stack_trace_tsk+0x40/0x74:
save_stack_trace_tsk at arch/openrisc/kernel/stacktrace.c:77

stack_trace_save_tsk+0x44/0x58:
stack_trace_save_tsk at kernel/stacktrace.c:308

Code:

void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
{
        unsigned long *sp = NULL;

        if (tsk == current)
                sp = (unsigned long *) &sp;
        else
                sp = (unsigned long *) KSTK_ESP(tsk);

        unwind_stack(trace, sp, save_stack_address_nosched);  <-- Failed calling this
}

From above the args are:

  • GPR03: d6f09bc4 (trace)
  • GPR04: 7fc60f5c (sp) <-- this is getting a bogus value?
  • GPR05: c00099b4 (save_stack_address_nosched)

Confirmation on c00099b4

< shorne@lianli ~/work/linux > or1k-elf-objdump -d vmlinux| grep -A3 c00099b4                                                                                              
c00099b4 <save_stack_address_nosched>:                                                                                                                                     |
c00099b4:       9c 21 ff ec     l.addi r1,r1,-20                                                                                                                           |
c00099b8:       d4 01 a0 08     l.sw 8(r1),r20
c00099bc:       1a 80 00 00     l.movhi r20,0x0
c00099c0:       d4 01 10 0c     l.sw 12(r1),r2

PC reported c00097fc

c0009798 <unwind_stack>:
c0009798:       9e 24 00 03     l.addi r17,r4,3
c000979c:       a6 31 1f fc     l.andi r17,r17,0x1ffc
c00097a0:       1a 60 00 00     l.movhi r19,0x0
c00097a4:       e4 11 98 00     l.sfeq r17,r19
c00097a8:       10 00 00 49     l.bf c00098cc <unwind_stack+0x134>
c00097ac:       15 00 00 00     l.nop 0x0
c00097b0:       9c 21 ff e4     l.addi r1,r1,-28
c00097b4:       d4 01 80 00     l.sw 0(r1),r16
c00097b8:       d4 01 90 04     l.sw 4(r1),r18
c00097bc:       d4 01 a0 08     l.sw 8(r1),r20
c00097c0:       d4 01 b0 0c     l.sw 12(r1),r22
c00097c4:       d4 01 c0 10     l.sw 16(r1),r24
c00097c8:       d4 01 10 14     l.sw 20(r1),r2
c00097cc:       d4 01 48 18     l.sw 24(r1),r9
c00097d0:       9c 41 00 1c     l.addi r2,r1,28
c00097d4:       e2 43 18 04     l.or r18,r3,r3
c00097d8:       e2 85 28 04     l.or r20,r5,r5
c00097dc:       9e 04 00 07     l.addi r16,r4,7
c00097e0:       1a c0 00 00     l.movhi r22,0x0
c00097e4:       00 00 00 06     l.j c00097fc <unwind_stack+0x64>
c00097e8:       ab 00 00 01     l.ori r24,r0,0x1
c00097ec:       1a 60 00 00     l.movhi r19,0x0
c00097f0:       e4 31 98 00     l.sfne r17,r19
c00097f4:       0c 00 00 2a     l.bnf c000989c <unwind_stack+0x104>
c00097f8:       9e 10 00 04     l.addi r16,r16,4
c00097fc:       04 00 9b b7     l.jal c00306d8 <__kernel_text_address>  <--- PC is reported here
c0009800:       84 70 ff f5     l.lwz r3,-11(r16)
c0009804:       1a 20 00 00     l.movhi r17,0x0

@stffrdhrn
Copy link
Member Author

This is fixed with the following patch. However, the stack traces don't look so hot.

For example:

 # cat /proc/2/stack 
[<0>] lock_acquire+0x118/0x4b8

Compared to the x86 stack for kthread:

# sudo cat /proc/2/stack
[<0>] kthreadd+0x2d0/0x2f0
[<0>] ret_from_fork+0x35/0x40

diff --git a/arch/openrisc/kernel/stacktrace.c b/arch/openrisc/kernel/stacktrace.c
index 43f140a28bc7..ac91614509c8 100644
--- a/arch/openrisc/kernel/stacktrace.c
+++ b/arch/openrisc/kernel/stacktrace.c
@@ -13,6 +13,7 @@
 #include <linux/export.h>
 #include <linux/sched.h>
 #include <linux/sched/debug.h>
+#include <linux/sched/task_stack.h>
 #include <linux/stacktrace.h>
 
 #include <asm/processor.h>
@@ -68,12 +69,17 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
 {
        unsigned long *sp = NULL;
 
+       if (!try_get_task_stack(tsk))
+               return;
+
        if (tsk == current)
                sp = (unsigned long *) &sp;
        else
-               sp = (unsigned long *) KSTK_ESP(tsk);
+               sp = (unsigned long *) task_thread_info(tsk)->ksp;
 
        unwind_stack(trace, sp, save_stack_address_nosched);
+
+       put_task_stack(tsk);
 }

stffrdhrn pushed a commit that referenced this issue Aug 4, 2020
@acmel
tools lib traceevent: Fix memory leak in process_dynamic_array_len
e24c644 
I compiled with AddressSanitizer and I had these memory leaks while I
was using the tep_parse_format function:

    Direct leak of 28 byte(s) in 4 object(s) allocated from:
        #0 0x7fb07db49ffe in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dffe)
        #1 0x7fb07a724228 in extend_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:985
        #2 0x7fb07a724c21 in __read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1140
        #3 0x7fb07a724f78 in read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1206
        #4 0x7fb07a725191 in __read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1291
        #5 0x7fb07a7251df in read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1299
        #6 0x7fb07a72e6c8 in process_dynamic_array_len /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:2849
        #7 0x7fb07a7304b8 in process_function /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3161
        #8 0x7fb07a730900 in process_arg_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3207
        #9 0x7fb07a727c0b in process_arg /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1786
        #10 0x7fb07a731080 in event_read_print_args /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3285
        #11 0x7fb07a731722 in event_read_print /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3369
        #12 0x7fb07a740054 in __tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6335
        #13 0x7fb07a74047a in __parse_event /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6389
        #14 0x7fb07a740536 in tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6431
        torvalds#15 0x7fb07a785acf in parse_event ../../../src/fs-src/fs.c:251
        torvalds#16 0x7fb07a785ccd in parse_systems ../../../src/fs-src/fs.c:284
        torvalds#17 0x7fb07a786fb3 in read_metadata ../../../src/fs-src/fs.c:593
        torvalds#18 0x7fb07a78760e in ftrace_fs_source_init ../../../src/fs-src/fs.c:727
        torvalds#19 0x7fb07d90c19c in add_component_with_init_method_data ../../../../src/lib/graph/graph.c:1048
        torvalds#20 0x7fb07d90c87b in add_source_component_with_initialize_method_data ../../../../src/lib/graph/graph.c:1127
        torvalds#21 0x7fb07d90c92a in bt_graph_add_source_component ../../../../src/lib/graph/graph.c:1152
        torvalds#22 0x55db11aa632e in cmd_run_ctx_create_components_from_config_components ../../../src/cli/babeltrace2.c:2252
        torvalds#23 0x55db11aa6fda in cmd_run_ctx_create_components ../../../src/cli/babeltrace2.c:2347
        torvalds#24 0x55db11aa780c in cmd_run ../../../src/cli/babeltrace2.c:2461
        torvalds#25 0x55db11aa8a7d in main ../../../src/cli/babeltrace2.c:2673
        torvalds#26 0x7fb07d5460b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

The token variable in the process_dynamic_array_len function is
allocated in the read_expect_type function, but is not freed before
calling the read_token function.

Free the token variable before calling read_token in order to plug the
leak.

Signed-off-by: Philippe Duplessis-Guindon <pduplessis@efficios.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Link: https://lore.kernel.org/linux-trace-devel/20200730150236.5392-1-pduplessis@efficios.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
@stffrdhrn stffrdhrn changed the title Failure when catting /proc/xxx/self Failure when catting /proc/xxx/stack Aug 11, 2020
@stffrdhrn
Copy link
Member Author

fix queued for merge in 5.9 window

stffrdhrn pushed a commit that referenced this issue Apr 3, 2021
@jpbrucker @anakryiko
selftests/bpf: Add selftest for pointer-to-array-of-struct BTF dump
f118aac 
Bpftool used to issue forward declarations for a struct used as part of
a pointer to array, which is invalid. Add a test to check that the
struct is fully defined in this case:

	@@ -134,9 +134,9 @@
	 	};
	 };

	-struct struct_in_array {};
	+struct struct_in_array;

	-struct struct_in_array_typed {};
	+struct struct_in_array_typed;

	 typedef struct struct_in_array_typed struct_in_array_t[2];

	@@ -189,3 +189,7 @@
	 	struct struct_with_embedded_stuff _14;
	 };

	+struct struct_in_array {};
	+
	+struct struct_in_array_typed {};
	+
	...
	#13/1 btf_dump: syntax:FAIL

Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20210319112554.794552-3-jean-philippe@linaro.org
stffrdhrn pushed a commit that referenced this issue Apr 3, 2021
@namhyung @acmel
perf record: Fix memory leak in vDSO found using ASAN
41d5854 
I got several memory leak reports from Asan with a simple command.  It
was because VDSO is not released due to the refcount.  Like in
__dsos_addnew_id(), it should put the refcount after adding to the list.

  $ perf record true
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.030 MB perf.data (10 samples) ]

  =================================================================
  ==692599==ERROR: LeakSanitizer: detected memory leaks

  Direct leak of 439 byte(s) in 1 object(s) allocated from:
    #0 0x7fea52341037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x559bce4aa8ee in dso__new_id util/dso.c:1256
    #2 0x559bce59245a in __machine__addnew_vdso util/vdso.c:132
    #3 0x559bce59245a in machine__findnew_vdso util/vdso.c:347
    #4 0x559bce50826c in map__new util/map.c:175
    #5 0x559bce503c92 in machine__process_mmap2_event util/machine.c:1787
    #6 0x559bce512f6b in machines__deliver_event util/session.c:1481
    #7 0x559bce515107 in perf_session__deliver_event util/session.c:1551
    #8 0x559bce51d4d2 in do_flush util/ordered-events.c:244
    #9 0x559bce51d4d2 in __ordered_events__flush util/ordered-events.c:323
    #10 0x559bce519bea in __perf_session__process_events util/session.c:2268
    #11 0x559bce519bea in perf_session__process_events util/session.c:2297
    #12 0x559bce2e7a52 in process_buildids /home/namhyung/project/linux/tools/perf/builtin-record.c:1017
    #13 0x559bce2e7a52 in record__finish_output /home/namhyung/project/linux/tools/perf/builtin-record.c:1234
    #14 0x559bce2ed4f6 in __cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2026
    torvalds#15 0x559bce2ed4f6 in cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2858
    torvalds#16 0x559bce422db4 in run_builtin /home/namhyung/project/linux/tools/perf/perf.c:313
    torvalds#17 0x559bce2acac8 in handle_internal_command /home/namhyung/project/linux/tools/perf/perf.c:365
    torvalds#18 0x559bce2acac8 in run_argv /home/namhyung/project/linux/tools/perf/perf.c:409
    torvalds#19 0x559bce2acac8 in main /home/namhyung/project/linux/tools/perf/perf.c:539
    torvalds#20 0x7fea51e76d09 in __libc_start_main ../csu/libc-start.c:308

  Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7fea52341037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x559bce520907 in nsinfo__copy util/namespaces.c:169
    #2 0x559bce50821b in map__new util/map.c:168
    #3 0x559bce503c92 in machine__process_mmap2_event util/machine.c:1787
    #4 0x559bce512f6b in machines__deliver_event util/session.c:1481
    #5 0x559bce515107 in perf_session__deliver_event util/session.c:1551
    #6 0x559bce51d4d2 in do_flush util/ordered-events.c:244
    #7 0x559bce51d4d2 in __ordered_events__flush util/ordered-events.c:323
    #8 0x559bce519bea in __perf_session__process_events util/session.c:2268
    #9 0x559bce519bea in perf_session__process_events util/session.c:2297
    #10 0x559bce2e7a52 in process_buildids /home/namhyung/project/linux/tools/perf/builtin-record.c:1017
    #11 0x559bce2e7a52 in record__finish_output /home/namhyung/project/linux/tools/perf/builtin-record.c:1234
    #12 0x559bce2ed4f6 in __cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2026
    #13 0x559bce2ed4f6 in cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2858
    #14 0x559bce422db4 in run_builtin /home/namhyung/project/linux/tools/perf/perf.c:313
    torvalds#15 0x559bce2acac8 in handle_internal_command /home/namhyung/project/linux/tools/perf/perf.c:365
    torvalds#16 0x559bce2acac8 in run_argv /home/namhyung/project/linux/tools/perf/perf.c:409
    torvalds#17 0x559bce2acac8 in main /home/namhyung/project/linux/tools/perf/perf.c:539
    torvalds#18 0x7fea51e76d09 in __libc_start_main ../csu/libc-start.c:308

  SUMMARY: AddressSanitizer: 471 byte(s) leaked in 2 allocation(s).

Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Acked-by: Jiri Olsa <jolsa@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20210315045641.700430-1-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
stffrdhrn pushed a commit that referenced this issue Aug 5, 2021
@vaverin @davem330
ipv6: allocate enough headroom in ip6_finish_output2()
5796015 
When TEE target mirrors traffic to another interface, sk_buff may
not have enough headroom to be processed correctly.
ip_finish_output2() detect this situation for ipv4 and allocates
new skb with enogh headroom. However ipv6 lacks this logic in
ip_finish_output2 and it leads to skb_under_panic:

 skbuff: skb_under_panic: text:ffffffffc0866ad4 len:96 put:24
 head:ffff97be85e31800 data:ffff97be85e317f8 tail:0x58 end:0xc0 dev:gre0
 ------------[ cut here ]------------
 kernel BUG at net/core/skbuff.c:110!
 invalid opcode: 0000 [#1] SMP PTI
 CPU: 2 PID: 393 Comm: kworker/2:2 Tainted: G           OE     5.13.0 #13
 Hardware name: Virtuozzo KVM, BIOS 1.11.0-2.vz7.4 04/01/2014
 Workqueue: ipv6_addrconf addrconf_dad_work
 RIP: 0010:skb_panic+0x48/0x4a
 Call Trace:
  skb_push.cold.111+0x10/0x10
  ipgre_header+0x24/0xf0 [ip_gre]
  neigh_connected_output+0xae/0xf0
  ip6_finish_output2+0x1a8/0x5a0
  ip6_output+0x5c/0x110
  nf_dup_ipv6+0x158/0x1000 [nf_dup_ipv6]
  tee_tg6+0x2e/0x40 [xt_TEE]
  ip6t_do_table+0x294/0x470 [ip6_tables]
  nf_hook_slow+0x44/0xc0
  nf_hook.constprop.34+0x72/0xe0
  ndisc_send_skb+0x20d/0x2e0
  ndisc_send_ns+0xd1/0x210
  addrconf_dad_work+0x3c8/0x540
  process_one_work+0x1d1/0x370
  worker_thread+0x30/0x390
  kthread+0x116/0x130
  ret_from_fork+0x22/0x30

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
stffrdhrn pushed a commit that referenced this issue Jun 28, 2022
@ctmarinas
arm64: ftrace: consistently handle PLTs.
a625357 
Sometimes it is necessary to use a PLT entry to call an ftrace
trampoline. This is handled by ftrace_make_call() and ftrace_make_nop(),
with each having *almost* identical logic, but this is not handled by
ftrace_modify_call() since its introduction in commit:

  3b23e49 ("arm64: implement ftrace with regs")

Due to this, if we ever were to call ftrace_modify_call() for a callsite
which requires a PLT entry for a trampoline, then either:

a) If the old addr requires a trampoline, ftrace_modify_call() will use
   an out-of-range address to generate the 'old' branch instruction.
   This will result in warnings from aarch64_insn_gen_branch_imm() and
   ftrace_modify_code(), and no instructions will be modified. As
   ftrace_modify_call() will return an error, this will result in
   subsequent internal ftrace errors.

b) If the old addr does not require a trampoline, but the new addr does,
   ftrace_modify_call() will use an out-of-range address to generate the
   'new' branch instruction. This will result in warnings from
   aarch64_insn_gen_branch_imm(), and ftrace_modify_code() will replace
   the 'old' branch with a BRK. This will result in a kernel panic when
   this BRK is later executed.

Practically speaking, case (a) is vastly more likely than case (b), and
typically this will result in internal ftrace errors that don't
necessarily affect the rest of the system. This can be demonstrated with
an out-of-tree test module which triggers ftrace_modify_call(), e.g.

| # insmod test_ftrace.ko
| test_ftrace: Function test_function raw=0xffffb3749399201c, callsite=0xffffb37493992024
| branch_imm_common: offset out of range
| branch_imm_common: offset out of range
| ------------[ ftrace bug ]------------
| ftrace failed to modify
| [<ffffb37493992024>] test_function+0x8/0x38 [test_ftrace]
|  actual:   1d:00:00:94
| Updating ftrace call site to call a different ftrace function
| ftrace record flags: e0000002
|  (2) R
|  expected tramp: ffffb374ae42ed54
| ------------[ cut here ]------------
| WARNING: CPU: 0 PID: 165 at kernel/trace/ftrace.c:2085 ftrace_bug+0x280/0x2b0
| Modules linked in: test_ftrace(+)
| CPU: 0 PID: 165 Comm: insmod Not tainted 5.19.0-rc2-00002-g4d9ead8b45ce #13
| Hardware name: linux,dummy-virt (DT)
| pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : ftrace_bug+0x280/0x2b0
| lr : ftrace_bug+0x280/0x2b0
| sp : ffff80000839ba00
| x29: ffff80000839ba00 x28: 0000000000000000 x27: ffff80000839bcf0
| x26: ffffb37493994180 x25: ffffb374b0991c28 x24: ffffb374b0d70000
| x23: 00000000ffffffea x22: ffffb374afcc33b0 x21: ffffb374b08f9cc8
| x20: ffff572b8462c000 x19: ffffb374b08f9000 x18: ffffffffffffffff
| x17: 6c6c6163202c6331 x16: ffffb374ae5ad110 x15: ffffb374b0d51ee4
| x14: 0000000000000000 x13: 3435646532346561 x12: 3437336266666666
| x11: 203a706d61727420 x10: 6465746365707865 x9 : ffffb374ae5149e8
| x8 : 336266666666203a x7 : 706d617274206465 x6 : 00000000fffff167
| x5 : ffff572bffbc4a08 x4 : 00000000fffff167 x3 : 0000000000000000
| x2 : 0000000000000000 x1 : ffff572b84461e00 x0 : 0000000000000022
| Call trace:
|  ftrace_bug+0x280/0x2b0
|  ftrace_replace_code+0x98/0xa0
|  ftrace_modify_all_code+0xe0/0x144
|  arch_ftrace_update_code+0x14/0x20
|  ftrace_startup+0xf8/0x1b0
|  register_ftrace_function+0x38/0x90
|  test_ftrace_init+0xd0/0x1000 [test_ftrace]
|  do_one_initcall+0x50/0x2b0
|  do_init_module+0x50/0x1f0
|  load_module+0x17c8/0x1d64
|  __do_sys_finit_module+0xa8/0x100
|  __arm64_sys_finit_module+0x2c/0x3c
|  invoke_syscall+0x50/0x120
|  el0_svc_common.constprop.0+0xdc/0x100
|  do_el0_svc+0x3c/0xd0
|  el0_svc+0x34/0xb0
|  el0t_64_sync_handler+0xbc/0x140
|  el0t_64_sync+0x18c/0x190
| ---[ end trace 0000000000000000 ]---

We can solve this by consistently determining whether to use a PLT entry
for an address.

Note that since (the earlier) commit:

  f1a54ae ("arm64: module/ftrace: intialize PLT at load time")

... we can consistently determine the PLT address that a given callsite
will use, and therefore ftrace_make_nop() does not need to skip
validation when a PLT is in use.

This patch factors the existing logic out of ftrace_make_call() and
ftrace_make_nop() into a common ftrace_find_callable_addr() helper
function, which is used by ftrace_make_call(), ftrace_make_nop(), and
ftrace_modify_call(). In ftrace_make_nop() the patching is consistently
validated by ftrace_modify_code() as we can always determine what the
old instruction should have been.

Fixes: 3b23e49 ("arm64: implement ftrace with regs")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Will Deacon <will@kernel.org>
Tested-by: "Ivan T. Ivanov" <iivanov@suse.de>
Reviewed-by: Chengming Zhou <zhouchengming@bytedance.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20220614080944.1349146-3-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stffrdhrn