From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D027C433DB for ; Tue, 23 Mar 2021 17:25:15 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1C55C6157E for ; Tue, 23 Mar 2021 17:25:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1C55C6157E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pgb/kkakJbUPAty6qn3Uzwy/LxiWRkwJ8T+w0eSJyWY=; b=ZeOrA/QLsjuXpcwSHGSkXF6jY gkNFyUY6E3ZdubDNrttFYdXrxeTtiQo15HusLe89Qum9KAHqjdOrC7dRE78Mp/Ku8lPAA0EP9vgU5 nbL6FfTUqkzGRCaBiTEoN2VgWw5VYB60o8gjwOQSAxvVKgvysU9ofeiAU9oAIVwUmJfX4uxBPZDk0 7BFkz5wpCMUBGRUqBjfuepo9mchaMaaDHaDC7MP6Uu56twcnEzNG0VLW0DNiiHPv3j2ncB71H18Cn GNOGSvYdsvgSZb7IQzRxXzY9J5W7sCESqY3SCyVmYy8rtA2qhjBvWoyrfW/02HnXH+ceV0SZT0Ubh 6+mfXAo+g==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lOkkp-00FOJa-SG; Tue, 23 Mar 2021 17:23:44 +0000 Received: from linux.microsoft.com ([13.77.154.182]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lOkkj-00FOIg-Am for linux-arm-kernel@lists.infradead.org; Tue, 23 Mar 2021 17:23:42 +0000 Received: from [192.168.254.32] (unknown [47.187.194.202]) by linux.microsoft.com (Postfix) with ESMTPSA id 9AA3420B5680; Tue, 23 Mar 2021 10:23:35 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 9AA3420B5680 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1616520216; bh=PM8Qdk/WCeDqXgn2AoeUQIp08lqJPb7gu6b/rTGuz04=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=kfMcJ+ODNE5qV9jvFnYJ3dJ/ETBOczzAvacZidoHoy+GVzwWx1JZJBiJ9WbzM0W30 hvxQh5nxs5vzlUEKkbgXeAuaX6JWGY2q8v9wHxWbLHk4zK4kFQn1WtcblT+a0vnxJU CfESZ5owUbNogh0XCVbRZBzVLOXjNQl4LrFY8HV8= Subject: Re: [RFC PATCH v2 5/8] arm64: Detect an FTRACE frame and mark a stack trace unreliable To: Mark Rutland Cc: broonie@kernel.org, jpoimboe@redhat.com, jthierry@redhat.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org References: <20210315165800.5948-1-madvenka@linux.microsoft.com> <20210315165800.5948-6-madvenka@linux.microsoft.com> <20210323105118.GE95840@C02TD0UTHF1T.local> <2167f3c5-e7d0-40c8-99e3-ae89ceb2d60e@linux.microsoft.com> <20210323133611.GB98545@C02TD0UTHF1T.local> <20210323145734.GD98545@C02TD0UTHF1T.local> <20210323170236.GF98545@C02TD0UTHF1T.local> From: "Madhavan T. Venkataraman" Message-ID: Date: Tue, 23 Mar 2021 12:23:34 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <20210323170236.GF98545@C02TD0UTHF1T.local> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210323_172337_733660_292F7C57 X-CRM114-Status: GOOD ( 34.39 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 3/23/21 12:02 PM, Mark Rutland wrote: > On Tue, Mar 23, 2021 at 11:20:44AM -0500, Madhavan T. Venkataraman wrote: >> On 3/23/21 10:26 AM, Madhavan T. Venkataraman wrote: >>> On 3/23/21 9:57 AM, Mark Rutland wrote: >>>> On Tue, Mar 23, 2021 at 09:15:36AM -0500, Madhavan T. Venkataraman wrote: >>> So, my next question is - can we define a practical limit for the >>> nesting so that any nesting beyond that is fatal? The reason I ask >>> is - if there is a max, then we can allocate an array of stack >>> frames out of band for the special frames so they are not part of >>> the stack and will not likely get corrupted. >>> >>> Also, we don't have to do any special detection. If the number of >>> out of band frames used is one or more then we have exceptions and >>> the stack trace is unreliable. >> >> Alternatively, if we can just increment a counter in the task >> structure when an exception is entered and decrement it when an >> exception returns, that counter will tell us that the stack trace is >> unreliable. > > As I noted earlier, we must treat *any* EL1 exception boundary needs to > be treated as unreliable for unwinding, and per my other comments w.r.t. > corrupting the call chain I don't think we need additional protection on > exception boundaries specifically. > >> Is this feasible? >> >> I think I have enough for v3 at this point. If you think that the >> counter idea is OK, I can implement it in v3. Once you confirm, I will >> start working on v3. > > Currently, I don't see a compelling reason to need this, and would > prefer to avoid it. > I think that I did a bad job of explaining what I wanted to do. It is not for any additional protection at all. So, let us say we create a field in the task structure: u64 unreliable_stack; Whenever an EL1 exception is entered or FTRACE is entered and pt_regs get set up and pt_regs->stackframe gets chained, increment unreliable_stack. On exiting the above, decrement unreliable_stack. In arch_stack_walk_reliable(), simply do this check upfront: if (task->unreliable_stack) return -EINVAL; This way, the function does not even bother unwinding the stack to find exception frames or checking for different return addresses or anything. We also don't have to worry about code being reorganized, functions being renamed, etc. It also may help in debugging to know if a task is experiencing an exception and the level of nesting, etc. > More generally, could we please break this work into smaller steps? I > reckon we can break this down into the following chunks: > > 1. Add the explicit final frame and associated handling. I suspect that > this is complicated enough on its own to be an independent series, > and it's something that we can merge without all the bits and pieces > necessary for truly reliable stacktracing. > OK. I can do that. > 2. Figure out how we must handle kprobes and ftrace. That probably means > rejecting unwinds from specific places, but we might also want to > adjust the trampolines if that makes this easier. > I think I am already doing all the checks except the one you mentioned earlier. Yes, I can do this separately. > 3. Figure out exception boundary handling. I'm currently working to > simplify the entry assembly down to a uniform set of stubs, and I'd > prefer to get that sorted before we teach the unwinder about > exception boundaries, as it'll be significantly simpler to reason > about and won't end up clashing with the rework. > So, here is where I still have a question. Is it necessary for the unwinder to know the exception boundaries? Is it not enough if it knows if there are exceptions present? For instance, using something like num_special_frames I suggested above? Thanks, Madhavan _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel