From: sashiko-bot@kernel.org
To: "Jens Remus" <jremus@linux.ibm.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH v15 13/20] unwind_user: Enable archs that pass RA in a register
Date: Wed, 20 May 2026 16:21:46 +0000 [thread overview]
Message-ID: <20260520162147.195FA1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260520154004.3845823-14-jremus@linux.ibm.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
New issues:
- [Low] The header file `<linux/unwind_user.h>` uses `pr_debug_once` and `current` without including the necessary headers.
Pre-existing issues:
- [High] The SFrame FRE size calculation computes an incorrect length because `dataword_count` is consumed before it is used in the size formula.
--
commit 842bbe46528fb50996a02de1f8b7f5df1d8b1026
Author: Jens Remus <jremus@linux.ibm.com>
unwind_user: Enable archs that pass RA in a register
This commit updates the user-space unwinder to support architectures that do
not mandate saving the return address (RA) on the stack, such as s390 and
arm64. It treats an RA offset of zero as an indication that the RA is in the
link register for the topmost frame, and allows the stack pointer to remain
unchanged in the topmost frame.
> diff --git a/include/linux/unwind_user.h b/include/linux/unwind_user.h
> index 64618618febde..7bf58f23aa64a 100644
> --- a/include/linux/unwind_user.h
> +++ b/include/linux/unwind_user.h
> @@ -23,6 +23,16 @@ static inline bool unwind_user_at_function_start(struct pt_regs *regs)
> #define unwind_user_at_function_start unwind_user_at_function_start
> #endif
>
> +#ifndef unwind_user_get_ra_reg
> +static inline int unwind_user_get_ra_reg(unsigned long *val)
> +{
> + pr_debug_once("%s (%d): unwind_user_get_ra_reg() not implemented\n",
> + current->comm, current->pid);
[Severity: Low]
Does this require including <linux/printk.h> and <linux/sched.h> or
<asm/current.h>?
Using pr_debug_once and current without these headers might cause compilation
failures for files that include <linux/unwind_user.h> without prior inclusion
of these dependencies.
> + return -EINVAL;
> +}
> +#define unwind_user_get_ra_reg unwind_user_get_ra_reg
> +#endif
[ ... ]
> diff --git a/kernel/unwind/sframe.c b/kernel/unwind/sframe.c
> index b5f984fb2df21..4af533e9f9804 100644
> --- a/kernel/unwind/sframe.c
> +++ b/kernel/unwind/sframe.c
> @@ -255,10 +255,8 @@ static __always_inline int __read_fre(struct sframe_section *sec,
> dataword_count--;
>
> ra_off = sec->ra_off;
> - if (!ra_off) {
> - if (!dataword_count--)
> - return -EINVAL;
> -
> + if (!ra_off && dataword_count) {
> + dataword_count--;
[Severity: High]
This isn't a bug introduced by this patch, but does the SFrame FRE size
calculation compute an incorrect length here?
Because dataword_count is decremented as each offset is read from user space,
by the time it reaches the size calculation at the end of __read_fre():
if (dataword_count)
return -EINVAL;
done:
fre->size = addr_size + 1 + (dataword_count * dataword_size);
dataword_count is guaranteed to be 0.
This completely omits the size of the parsed datawords, causing fre_addr to
advance by an incorrectly small amount during iteration and breaking SFrame
unwinding for functions with multiple FREs.
This issue was introduced earlier in the series by commit "unwind_user/sframe:
Add support for reading .sframe contents", and appears to be fixed later in
the series in commit "unwind_user/sframe: Add support for SFrame V3 flexible
FDEs", where the size assignment is moved before the decrements.
> UNSAFE_GET_USER_INC(ra_off, cur, dataword_size, Efault);
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260520154004.3845823-1-jremus@linux.ibm.com?part=13
next prev parent reply other threads:[~2026-05-20 16:21 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-20 15:39 [PATCH v15 00/20] unwind_deferred: Implement sframe handling Jens Remus
2026-05-20 15:39 ` [PATCH v15 01/20] unwind_user: Add generic and arch-specific headers to MAINTAINERS Jens Remus
2026-05-20 15:39 ` [PATCH v15 02/20] unwind_user/sframe: Add support for reading .sframe headers Jens Remus
2026-05-20 16:02 ` sashiko-bot
2026-05-21 7:58 ` Jens Remus
2026-05-20 15:39 ` [PATCH v15 03/20] unwind_user/sframe: Store .sframe section data in per-mm maple tree Jens Remus
2026-05-20 16:29 ` sashiko-bot
2026-05-21 9:39 ` Jens Remus
2026-05-21 16:08 ` Steven Rostedt
2026-05-20 15:39 ` [PATCH v15 04/20] x86/uaccess: Add unsafe_copy_from_user() implementation Jens Remus
2026-05-20 16:13 ` sashiko-bot
2026-05-20 15:39 ` [PATCH v15 05/20] unwind_user/sframe: Add support for reading .sframe contents Jens Remus
2026-05-20 16:33 ` sashiko-bot
2026-05-21 9:40 ` Jens Remus
2026-05-20 15:39 ` [PATCH v15 06/20] unwind_user/sframe: Detect .sframe sections in executables Jens Remus
2026-05-20 15:39 ` [PATCH v15 07/20] unwind_user/sframe: Wire up unwind_user to sframe Jens Remus
2026-05-20 16:23 ` sashiko-bot
2026-05-21 10:44 ` Jens Remus
2026-05-20 15:39 ` [PATCH v15 08/20] unwind_user: Stop when reaching an outermost frame Jens Remus
2026-05-20 16:01 ` sashiko-bot
2026-05-21 10:45 ` Jens Remus
2026-05-20 15:39 ` [PATCH v15 09/20] unwind_user/sframe: Add support for outermost frame indication Jens Remus
2026-05-20 16:01 ` sashiko-bot
2026-05-21 10:46 ` Jens Remus
2026-05-20 15:39 ` [PATCH v15 10/20] unwind_user/sframe: Remove .sframe section on detected corruption Jens Remus
2026-05-20 16:26 ` sashiko-bot
2026-05-20 15:39 ` [PATCH v15 11/20] unwind_user/sframe: Show file name in debug output Jens Remus
2026-05-20 16:14 ` sashiko-bot
2026-05-21 10:55 ` Jens Remus
2026-05-21 16:20 ` Steven Rostedt
2026-05-20 15:39 ` [PATCH v15 12/20] unwind_user/sframe: Add .sframe validation option Jens Remus
2026-05-20 16:15 ` sashiko-bot
2026-05-21 12:51 ` Jens Remus
2026-05-20 15:39 ` [PATCH v15 13/20] unwind_user: Enable archs that pass RA in a register Jens Remus
2026-05-20 16:21 ` sashiko-bot [this message]
2026-05-21 13:00 ` Jens Remus
2026-05-20 15:39 ` [PATCH v15 14/20] unwind_user: Flexible FP/RA recovery rules Jens Remus
2026-05-20 15:39 ` [PATCH v15 15/20] unwind_user: Flexible CFA " Jens Remus
2026-05-20 16:22 ` sashiko-bot
2026-05-21 11:33 ` Jens Remus
2026-05-20 15:40 ` [PATCH v15 16/20] unwind_user/sframe: Add support for SFrame V3 flexible FDEs Jens Remus
2026-05-20 17:04 ` sashiko-bot
2026-05-21 11:58 ` Jens Remus
2026-05-20 15:40 ` [PATCH v15 17/20] unwind_user/sframe: Separate reading of FRE from reading of FRE data words Jens Remus
2026-05-20 16:48 ` sashiko-bot
2026-05-20 15:40 ` [PATCH v15 18/20] unwind_user/sframe: Duplicate registered .sframe section data on clone/fork Jens Remus
2026-05-20 17:01 ` sashiko-bot
2026-05-21 12:05 ` Jens Remus
2026-05-20 15:40 ` [PATCH v15 19/20] unwind_user/sframe/x86: Enable sframe unwinding on x86 Jens Remus
2026-05-20 15:40 ` [PATCH v15 20/20] unwind_user/sframe: Add prctl() interface for registering .sframe sections Jens Remus
2026-05-20 16:52 ` sashiko-bot
2026-05-21 12:08 ` Jens Remus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260520162147.195FA1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=jremus@linux.ibm.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox