From: takahiro.akashi@linaro.org (AKASHI Takahiro)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: ftrace: fix function_graph tracer panic
Date: Thu, 1 Oct 2015 15:11:29 +0900 [thread overview]
Message-ID: <560CCE91.3020407@linaro.org> (raw)
In-Reply-To: <1443581395-30088-1-git-send-email-huawei.libin@huawei.com>
On 09/30/2015 11:49 AM, Li Bin wrote:
> When function graph tracer is enabled, the following operation
> will trigger panic:
>
> mount -t debugfs nodev /sys/kernel
> echo next_tgid > /sys/kernel/tracing/set_ftrace_filter
> echo function_graph > /sys/kernel/tracing/current_tracer
> ls /proc/
>
> ------------[ cut here ]------------
> [ 198.501417] Unable to handle kernel paging request at virtual address cb88537fdc8ba316
> [ 198.506126] pgd = ffffffc008f79000
> [ 198.509363] [cb88537fdc8ba316] *pgd=00000000488c6003, *pud=00000000488c6003, *pmd=0000000000000000
> [ 198.517726] Internal error: Oops: 94000005 [#1] SMP
> [ 198.518798] Modules linked in:
> [ 198.520582] CPU: 1 PID: 1388 Comm: ls Tainted: G
> [ 198.521800] Hardware name: linux,dummy-virt (DT)
> [ 198.522852] task: ffffffc0fa9e8000 ti: ffffffc0f9ab0000 task.ti: ffffffc0f9ab0000
> [ 198.524306] PC is at next_tgid+0x30/0x100
> [ 198.525205] LR is at return_to_handler+0x0/0x20
> [ 198.526090] pc : [<ffffffc0002a1070>] lr : [<ffffffc0000907c0>] pstate: 60000145
> [ 198.527392] sp : ffffffc0f9ab3d40
> [ 198.528084] x29: ffffffc0f9ab3d40 x28: ffffffc0f9ab0000
> [ 198.529406] x27: ffffffc000d6a000 x26: ffffffc000b786e8
> [ 198.530659] x25: ffffffc0002a1900 x24: ffffffc0faf16c00
> [ 198.531942] x23: ffffffc0f9ab3ea0 x22: 0000000000000002
> [ 198.533202] x21: ffffffc000d85050 x20: 0000000000000002
> [ 198.534446] x19: 0000000000000002 x18: 0000000000000000
> [ 198.535719] x17: 000000000049fa08 x16: ffffffc000242efc
> [ 198.537030] x15: 0000007fa472b54c x14: ffffffffff000000
> [ 198.538347] x13: ffffffc0fada84a0 x12: 0000000000000001
> [ 198.539634] x11: ffffffc0f9ab3d70 x10: ffffffc0f9ab3d70
> [ 198.540915] x9 : ffffffc0000907c0 x8 : ffffffc0f9ab3d40
> [ 198.542215] x7 : 0000002e330f08f0 x6 : 0000000000000015
> [ 198.543508] x5 : 0000000000000f08 x4 : ffffffc0f9835ec0
> [ 198.544792] x3 : cb88537fdc8ba316 x2 : cb88537fdc8ba306
> [ 198.546108] x1 : 0000000000000002 x0 : ffffffc000d85050
> [ 198.547432]
> [ 198.547920] Process ls (pid: 1388, stack limit = 0xffffffc0f9ab0020)
> [ 198.549170] Stack: (0xffffffc0f9ab3d40 to 0xffffffc0f9ab4000)
> [ 198.582568] Call trace:
> [ 198.583313] [<ffffffc0002a1070>] next_tgid+0x30/0x100
> [ 198.584359] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
> [ 198.585503] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
> [ 198.586574] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
> [ 198.587660] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
> [ 198.588896] Code: aa0003f5 2a0103f4 b4000102 91004043 (885f7c60)
> [ 198.591092] ---[ end trace 6a346f8f20949ac8 ]---
>
> This is because when using function graph tracer, if the traced
> function return value is in multi regs ([0x-07]), return_to_handler
> may corrupt them. So in return_to_handler, the parameter regs should
> be protected properly.
You're right. we should preserve x0-x7 around a call to ftrace_return_to_handler()
just in case they might be used as a "composite type" (ie. struct) of return value.
Thanks,
-Takahiro AKASHI
> Cc: <stable@vger.kernel.org> # 3.18+
> Signed-off-by: Li Bin <huawei.libin@huawei.com>
> ---
> arch/arm64/kernel/entry-ftrace.S | 22 ++++++++++++++++++++--
> 1 files changed, 20 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S
> index 08cafc5..0f03a8f 100644
> --- a/arch/arm64/kernel/entry-ftrace.S
> +++ b/arch/arm64/kernel/entry-ftrace.S
> @@ -178,6 +178,24 @@ ENTRY(ftrace_stub)
> ENDPROC(ftrace_stub)
>
> #ifdef CONFIG_FUNCTION_GRAPH_TRACER
> + /* save return value regs*/
> + .macro save_return_regs
> + sub sp, sp, #64
> + stp x0, x1, [sp]
> + stp x2, x3, [sp, #16]
> + stp x4, x5, [sp, #32]
> + stp x6, x7, [sp, #48]
> + .endm
> +
> + /* restore return value regs*/
> + .macro restore_return_regs
> + ldp x0, x1, [sp]
> + ldp x2, x3, [sp, #16]
> + ldp x4, x5, [sp, #32]
> + ldp x6, x7, [sp, #48]
> + add sp, sp, #64
> + .endm
> +
> /*
> * void ftrace_graph_caller(void)
> *
> @@ -204,11 +222,11 @@ ENDPROC(ftrace_graph_caller)
> * only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled.
> */
> ENTRY(return_to_handler)
> - str x0, [sp, #-16]!
> + save_return_regs
> mov x0, x29 // parent's fp
> bl ftrace_return_to_handler// addr = ftrace_return_to_hander(fp);
> mov x30, x0 // restore the original return address
> - ldr x0, [sp], #16
> + restore_return_regs
> ret
> END(return_to_handler)
> #endif /* CONFIG_FUNCTION_GRAPH_TRACER */
>
next prev parent reply other threads:[~2015-10-01 6:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-30 2:49 [PATCH] arm64: ftrace: fix function_graph tracer panic Li Bin
2015-10-01 6:11 ` AKASHI Takahiro [this message]
2015-10-01 15:27 ` Catalin Marinas
2015-10-02 7:56 ` AKASHI Takahiro
2015-10-02 12:42 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=560CCE91.3020407@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).