From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 24EC7C54E68
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 20 Mar 2024 02:46:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:
	Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=PK0r6zPvEEvbI8xiwpALGNcBZmxCDmCN7YoXPZg1Y40=; b=JGCZAzy4xDlX5N
	CSzdH4Y6MJu9wiI8yQgOpgRHamxOylH77I60tNrh3bZlAdeLtzKrr8X5nN2FS4R5z7G8wqf22aJi+
	2vUCGEa6WSidCTA1NX8bXdCtl1Imdp0o6wcv+JQmiZTyPpSJL5z1JBbv28xdqFzRmjUU0W0x6yEIh
	1vFVuqp7fWxMOMmxgxaYjIl6fVnkLzjQmdMb5dS6Dm7xaHKcE2bMZaBDT13OLj4DhmD8CiZWlEhhX
	qoO/Z0XkM5Qt44WD0NlW7joSqYSIo6035vdna7xNFmrNz4FuNjRLYiH4fpp0kzTCM0Z+ebWoqEoK9
	uL+qOvPsapjDsHOL7c1Q==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rmlyX-0000000F89m-13Ku;
	Wed, 20 Mar 2024 02:46:45 +0000
Received: from mail-pf1-x434.google.com ([2607:f8b0:4864:20::434])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rmlyJ-0000000F82t-0QNT
	for linux-arm-kernel@lists.infradead.org;
	Wed, 20 Mar 2024 02:46:34 +0000
Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6e782e955adso241699b3a.3
        for <linux-arm-kernel@lists.infradead.org>; Tue, 19 Mar 2024 19:46:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1710902788; x=1711507588; darn=lists.infradead.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=cGTF9Nqn4Dca/jo1w4nba4BHLmqxxk4U39bw7VuO9FI=;
        b=gmXns56bZA6nYGN2XjE8GMwOt6snSfvqdcIQowsqw2wYC/nBVel1W0LUjdToVkl6JY
         PNLCcq6OzskArZIzvUGhvCbDKxKXdV3vW1nXe13P8WrrSE7pFbJwHYCjY9H6TzVtE9aj
         lrk0incGmachbN2u+8DwDvbMQPAW2Z9E4j/tU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710902788; x=1711507588;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=cGTF9Nqn4Dca/jo1w4nba4BHLmqxxk4U39bw7VuO9FI=;
        b=eMj2EkBraV4b3tlxCOPclEidJaOpQ1fKAjtNh2An5vE88pTOMsO/BTfmnD/Ri15ICD
         64D52wB8ux/imsETKocx+uI+Ulp5NeeOp6ovy/HRDL7KC01jL2V6vUSJI3+aAdxK6Inj
         9wb6nd8f7QjUanUgK2LLzB9DCrgFHGHMsuqRBK55+KSQiyqJY+Ka7Tuci+1OwN+EondR
         J2dbxHveM62CaZSg5V11YPZMMAIhjPxDk5Znt4qBsJ9EOqkoMrPjqjH9Fume6U9zUb4Z
         ELhKyAtmoWFnX1SgyxzMt3CuQ4AMvi6tvFEhWiCbrPYYwoIzx5RUAZnY6hkW4aySRuta
         WCzg==
X-Forwarded-Encrypted: i=1; AJvYcCWfMBYVbPaYbiwvPge5LQz3Deo1JNgXL79yWJpkO9/4IXVvOdLHnAJN6q80Ua70N8z39tLvTqtlUS52zvTA/FaUXTphHSoioV7Bj4vBsH/6SF2R7qc=
X-Gm-Message-State: AOJu0YyPbRYB5KxlNYwmS0yZPGL9hxL1DtznkFFnvH0WhmGOSEEPU9+Q
	I9qb0ExQlKTcKN3RfipIXm+XUE/IloxrHk7HmVrM2J1Wwfh+WIiSC1wSbdyOwQ==
X-Google-Smtp-Source: AGHT+IHMO54sk1bZevLf6ifDyik54S8eAD4YWyeqV6LU2GS67mRVS0zXx3gGjb3AIaL23q+4sbrK8w==
X-Received: by 2002:a05:6a20:e68f:b0:1a3:5581:1692 with SMTP id mz15-20020a056a20e68f00b001a355811692mr14963645pzb.30.1710902787798;
        Tue, 19 Mar 2024 19:46:27 -0700 (PDT)
Received: from www.outflux.net ([198.0.35.241])
        by smtp.gmail.com with ESMTPSA id kx16-20020a17090b229000b0029b77fbeb7fsm321684pjb.16.2024.03.19.19.46.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Mar 2024 19:46:26 -0700 (PDT)
Date: Tue, 19 Mar 2024 19:46:26 -0700
From: Kees Cook <keescook@chromium.org>
To: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
Cc: linux@armlinux.org.uk, arnd@arndb.de, rmk+kernel@armlinux.org.uk,
	haibo.li@mediatek.com, angelogioacchino.delregno@collabora.com,
	amergnat@baylibre.com, akpm@linux-foundation.org,
	dave.hansen@linux.intel.com, douzhaolei@huawei.com,
	gustavoars@kernel.org, jpoimboe@kernel.org,
	kepler.chenxin@huawei.com, kirill.shutemov@linux.intel.com,
	linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org,
	nixiaoming@huawei.com, peterz@infradead.org, wangbing6@huawei.com,
	wangfangpeng1@huawei.com, jannh@google.com, David.Laight@aculab.com
Subject: Re: [PATCH] ARM: unwind: improve unwinders for noreturn case
Message-ID: <202403191945.661DBCE8@keescook>
References: <1709516385-7778-1-git-send-email-xiaojiangfeng@huawei.com>
 <1710901169-22763-1-git-send-email-xiaojiangfeng@huawei.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1710901169-22763-1-git-send-email-xiaojiangfeng@huawei.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240319_194631_195613_9ADAC335 
X-CRM114-Status: GOOD (  26.81  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Wed, Mar 20, 2024 at 10:19:29AM +0800, Jiangfeng Xiao wrote:
> This is an off-by-one bug which is common in unwinders,
> due to the fact that the address on the stack points
> to the return address rather than the call address.
> 
> So, for example, when the last instruction of a function
> is a function call (e.g., to a noreturn function), it can
> cause the unwinder to incorrectly try to unwind from
> the function after the callee.
> 
> foo:
> ...
> 	bl	bar
> ... end of function and thus next function ...
> 
> which results in LR pointing into the next function.
> 
> Fixed this by subtracting 1 from frmae->pc in the call frame
> (but not exception frames) like ORC on x86 does.
> 
> Refer to the unwind_next_frame function in the unwind_orc.c
> 
> Suggested-by: Josh Poimboeuf <jpoimboe@kernel.org>
> Link: https://lkml.kernel.org/lkml/20240305175846.qnyiru7uaa7itqba@treble/
> Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
> ---
>  arch/arm/include/asm/stacktrace.h |  4 ----
>  arch/arm/kernel/stacktrace.c      |  2 --
>  arch/arm/kernel/traps.c           |  4 ++--
>  arch/arm/kernel/unwind.c          | 18 +++++++++++++++---
>  4 files changed, 17 insertions(+), 11 deletions(-)
> 
> diff --git a/arch/arm/include/asm/stacktrace.h b/arch/arm/include/asm/stacktrace.h
> index 360f0d2..07e4c16 100644
> --- a/arch/arm/include/asm/stacktrace.h
> +++ b/arch/arm/include/asm/stacktrace.h
> @@ -21,9 +21,7 @@ struct stackframe {
>  	struct llist_node *kr_cur;
>  	struct task_struct *tsk;
>  #endif
> -#ifdef CONFIG_UNWINDER_FRAME_POINTER
>  	bool ex_frame;
> -#endif
>  };
>  
>  static __always_inline
> @@ -37,9 +35,7 @@ void arm_get_current_stackframe(struct pt_regs *regs, struct stackframe *frame)
>  		frame->kr_cur = NULL;
>  		frame->tsk = current;
>  #endif
> -#ifdef CONFIG_UNWINDER_FRAME_POINTER
>  		frame->ex_frame = in_entry_text(frame->pc);
> -#endif
>  }
>  
>  extern int unwind_frame(struct stackframe *frame);
> diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c
> index 620aa82..1abd4f9 100644
> --- a/arch/arm/kernel/stacktrace.c
> +++ b/arch/arm/kernel/stacktrace.c
> @@ -154,9 +154,7 @@ static void start_stack_trace(struct stackframe *frame, struct task_struct *task
>  	frame->kr_cur = NULL;
>  	frame->tsk = task;
>  #endif
> -#ifdef CONFIG_UNWINDER_FRAME_POINTER
>  	frame->ex_frame = in_entry_text(frame->pc);
> -#endif
>  }
>  
>  void arch_stack_walk(stack_trace_consume_fn consume_entry, void *cookie,
> diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
> index 3bad79d..b64e442 100644
> --- a/arch/arm/kernel/traps.c
> +++ b/arch/arm/kernel/traps.c
> @@ -84,10 +84,10 @@ void dump_backtrace_entry(unsigned long where, unsigned long from,
>  	printk("%sFunction entered at [<%08lx>] from [<%08lx>]\n",
>  		loglvl, where, from);
>  #elif defined CONFIG_BACKTRACE_VERBOSE
> -	printk("%s[<%08lx>] (%ps) from [<%08lx>] (%pS)\n",
> +	pr_warn("%s[<%08lx>] (%ps) from [<%08lx>] (%pB)\n",
>  		loglvl, where, (void *)where, from, (void *)from);

This should stay printk("%s...", loglvl, ...) or loglvl should be
dropped when converting to pr_warn():

	pr_warn([<%08lx>] (%ps) from [<%08lx>] (%pB)\n",
		where, (void *)where, from, (void *)from);

Why did you want to force the "warn" log level?

>  #else
> -	printk("%s %ps from %pS\n", loglvl, (void *)where, (void *)from);
> +	pr_warn("%s %ps from %pB\n", loglvl, (void *)where, (void *)from);

Ditto.

-Kees

-- 
Kees Cook

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel