Re: [RFC PATCH 0/3] arm64: Implement reliable stack trace

["Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>]

On 10/12/20 12:26 PM, Mark Brown wrote:
> This patch series aims to implement reliable stacktrace for arm64. 
> Reliable stacktrace exists mainly to support live patching, it provides
> a version of stacktrace that checks for consistency problems in the
> traces it generates and provides an error code to callers indicating if
> any problems were detected.      
> 
> This is a first cut of support for arm64, I've not really even started
> testing it meaningfully at this point.  The main thing I'm looking for
> here is that I'm not sure if there are any more potential indicators of
> unrelabile stacks that I'm missing tests for or anything about the
> interfaces that I've misunderstood.
> 
> There's more work that can be done here, mainly that we could sync our
> unwinder more with what's done on S/390 and x86 which should if nothing
> else help with keeping up to date with generic changes, but this should 
> be what's needed to allow reliable stack trace.
> 
> Mark Brown (2):
>   arm64: stacktrace: Report when we reach the end of the stack
>   arm64: stacktrace: Implement reliable stacktrace
> 
> Mark Rutland (1):
>   arm64: remove EL0 exception frame record
> 
>  arch/arm64/Kconfig             |  1 +
>  arch/arm64/kernel/entry.S      | 10 +++----
>  arch/arm64/kernel/stacktrace.c | 55 ++++++++++++++++++++++++++++------
>  3 files changed, 52 insertions(+), 14 deletions(-)
> 

FP and no-FP functions
=====================

I have a suggestion for objtool and the unwinder for ARM64.

IIUC, objtool is responsible for walking all the code paths (except unreachable
and ignored ones) and making sure that every function has proper frame pointer
code (prolog, epilog, etc). If a function is found to not have it, the kernel
build is failed. Is this understanding correct?

If so, can we take a different approach for ARM64?

Instead of failing the kernel build, can we just mark the functions as:

	FP	Functions that have proper FP code
	no-FP	Functions that don't

May be, we can add an "FP" flag in the symbol table entry for this.

Then, the unwinder can check the functions it encounters in the stack trace and
inform the caller if it found any no-FP functions. The caller of the unwinder can
decide what he wants to do with that information.

	- the caller can ignore it

	- the caller can print the stack trace with a warning that no-FP functions
	  were found

	- if the caller is livepatch, the caller can retry until the no-FP functions
	  disappear from the stack trace. This way, we can have live patching even
	  when some of the functions in the kernel are no-FP.

Does this make any sense? Is this acceptable? What are the pitfalls?

If we can do this, the unwinder could detect cases such as:

- If gcc thinks that a function is a leaf function but the function contains
  inline assembly code that calls another function.

- If a call to a function bounces through some intermediate code such as a
  trampoline.

- etc.

For specific no-FP functions, the unwinder might be able to deduce the original
caller. In these cases, the stack trace would still be reliable. For all the others,
the stack trace would be considered unreliable.

Compiler instead of objtool
===========================

If the above suggestion is acceptable, I have another suggestion.

It is a lot of work for every new architecture to add frame pointer verification
support in objtool. Can we get some help from the compiler?

The compiler knows which C functions it generates the FP prolog and epilog for. It can
mark those functions as FP. As for assembly functions, kernel developers could manually
annotate functions that have proper FP code. The compiler/assembler would mark them
as FP. Only a small subset of assembly functions would even have FP prolog and epilog.

Is this acceptable? What are the pitfalls?

This can be implemented easily for all architectures for which the compiler generates
FP code.

Can this be implemented using a GCC plugin? I know squat about GCC plugins.

Thanks!

Madhavan





_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel