From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B11D9C433E7 for ; Tue, 13 Oct 2020 11:43:51 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4B1AA207C3 for ; Tue, 13 Oct 2020 11:43:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HYDPRGVL" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4B1AA207C3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=v7aqoMRKXea/2cz+GH1IaEEtVRFnTDMJs0L3wEMeZbA=; b=HYDPRGVL97fOgOT5t0wPLPLnk Dgq1zHjFGOYI23le/8iOYI7aUI5X81rrGLjunnIklawS2QVUFhfma9djz2NKSOecJcX9th5tb1AdO cjQs2tofPCyPj9JxuPXdRbao9WS75l4IilVf5aTw8Qva0w45drJRFRPCuwt4B90X7NjmJEa1o/qtS U1Eo4lZj5IhUh9fktsyzuET4+t3aBD60B/FpAuBmsoBMnzQMn6at0ztcYAUijy5xKRg7zyIqldvg1 lw0HyDFyUXxrqNtqdrjW9pMzv+Zquzaq2kpp8pWDtIk7MaNMFrSfXKmXkhXWZZCiZPKxmZ/kIgBRb kx3exf2hA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kSIhR-0005eO-VD; Tue, 13 Oct 2020 11:42:37 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kSIhP-0005dt-KL for linux-arm-kernel@lists.infradead.org; Tue, 13 Oct 2020 11:42:36 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CCAC61FB; Tue, 13 Oct 2020 04:42:34 -0700 (PDT) Received: from C02TD0UTHF1T.local (unknown [10.57.49.142]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 921C63F719; Tue, 13 Oct 2020 04:42:33 -0700 (PDT) Date: Tue, 13 Oct 2020 12:42:30 +0100 From: Mark Rutland To: Mark Brown Subject: Re: [RFC PATCH 3/3] arm64: stacktrace: Implement reliable stacktrace Message-ID: <20201013114230.GB774@C02TD0UTHF1T.local> References: <20201012172605.10715-1-broonie@kernel.org> <20201012172605.10715-4-broonie@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20201012172605.10715-4-broonie@kernel.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201013_074235_753320_F62B38E9 X-CRM114-Status: GOOD ( 29.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , Miroslav Benes , Will Deacon , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Oct 12, 2020 at 06:26:05PM +0100, Mark Brown wrote: > Live patching has a consistency model which requires that the > architecture provide a reliable stack trace interface which specifically > indicates that the stack has been fully walked and that it is reliable > and consistent. This is done by providing arch_stack_walk_reliable(), a > variant of arch_stack_walk() which should verify that the stack has > these properties and return an error if not. > > The arm64 unwinder is already reasonably thorough in verifying the stack > as it walks it and reports errors but we additionally check that > we do not see any kretprobe trampolines on the stack. Since the unwinder > is able to resolve function graph tracer probes transparently we do not > reject those. > > Signed-off-by: Mark Brown > --- > arch/arm64/Kconfig | 1 + > arch/arm64/kernel/stacktrace.c | 42 ++++++++++++++++++++++++++++++++++ > 2 files changed, 43 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index d1ba52e4b976..026f69515a86 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -174,6 +174,7 @@ config ARM64 > select HAVE_FUNCTION_ARG_ACCESS_API > select HAVE_FUTEX_CMPXCHG if FUTEX > select MMU_GATHER_RCU_TABLE_FREE > + select HAVE_RELIABLE_STACKTRACE > select HAVE_RSEQ > select HAVE_STACKPROTECTOR > select HAVE_SYSCALL_TRACEPOINTS > diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c > index ad20981dfda4..795b2c14481d 100644 > --- a/arch/arm64/kernel/stacktrace.c > +++ b/arch/arm64/kernel/stacktrace.c > @@ -14,6 +14,7 @@ > #include > > #include > +#include > #include > #include > #include > @@ -212,4 +213,45 @@ void arch_stack_walk(stack_trace_consume_fn consume_entry, void *cookie, > walk_stackframe(task, &frame, consume_entry, cookie); > } > > +/* > + * This function returns an error if it detects any unreliable features of the > + * stack. Otherwise it guarantees that the stack trace is reliable. > + * > + * If the task is not 'current', the caller *must* ensure the task is inactive. > + */ Is the caller responsible for pinning a non-current task's stack? e.g. in dump_backtrace() we do that with try_get_task_stack(). If so, it might be worth making the comment say "the task is inactive and its stack is pinned". > +int arch_stack_walk_reliable(stack_trace_consume_fn consume_entry, > + void *cookie, struct task_struct *task) > +{ > + struct stackframe frame; > + > + if (task == current) > + start_backtrace(&frame, > + (unsigned long)__builtin_frame_address(0), > + (unsigned long)arch_stack_walk_reliable); > + else > + start_backtrace(&frame, thread_saved_fp(task), > + thread_saved_pc(task)); > + Codestyle nit: as these spread over multiple lines the if-else clauses should have braces. > + while (1) { > + int ret; > + > +#ifdef CONFIG_KPROBES > + /* > + * Mark stacktraces with kretprobed functions on them > + * as unreliable. > + */ > + if (frame.pc == (unsigned long)kretprobe_trampoline) > + return -EINVAL; > +#endif I'm going to reply separately on this -- I think the check isn't quite sufficient, and there's a larger semantic problem, so I'll write that up with the livepatch and arch maintainers on Cc. Otherwise, (modulo pac stripping) this looks about right to me. Thanks, Mark. > + > + if (!consume_entry(cookie, frame.pc)) > + return -EINVAL; > + ret = unwind_frame(task, &frame); > + if (ret == -ENOENT) > + return 0; > + if (ret < 0) > + return ret; > + } > +} > + > #endif > -- > 2.20.1 > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel