From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A8C9C54E71 for ; Wed, 20 Mar 2024 02:46:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2208A6B007B; Tue, 19 Mar 2024 22:46:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1AAD68D0003; Tue, 19 Mar 2024 22:46:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 023328D0002; Tue, 19 Mar 2024 22:46:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E0D936B007B for ; Tue, 19 Mar 2024 22:46:30 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C1ABCA0B3D for ; Wed, 20 Mar 2024 02:46:30 +0000 (UTC) X-FDA: 81915878940.12.70CE887 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by imf21.hostedemail.com (Postfix) with ESMTP id 224C81C0005 for ; Wed, 20 Mar 2024 02:46:28 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Xk8kdsJX; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf21.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.179 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710902789; a=rsa-sha256; cv=none; b=vrbxhDUZRDqGBRUVaMzxm2VCg5U6SWfTvwqRWvz18pXpJK8YiaYwExCax/p1U4uUkFk8WT gdF93QxJLKroBvnvYqcwMXFG/aweTPmF7a1jbQimHfimCN1zcDme49FIO4wnc/cyo0biAc idpdHUaAYfZaGroPKFPOXn/ebjhVbuk= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Xk8kdsJX; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf21.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.179 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710902789; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cGTF9Nqn4Dca/jo1w4nba4BHLmqxxk4U39bw7VuO9FI=; b=4Dvya6S83Q6Ir/7lSAIoTbt08yoBNN4zKW9RrpS71NMI6PeZX34wx3d61FuhIkZR8xqMfc Ifzd+u5XNG+oG9CTGqxfC4jMXfpt636HmiK8AytJkr0Tvi7XNINQlslAtcWHzue0YjYOQi bQNE8b4jNtPnI07mNFsG26nOf90W6J4= Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-6e6f69e850bso5212332b3a.0 for ; Tue, 19 Mar 2024 19:46:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1710902788; x=1711507588; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=cGTF9Nqn4Dca/jo1w4nba4BHLmqxxk4U39bw7VuO9FI=; b=Xk8kdsJXIzmPe7w4F1jRbIMrC0TKI4GPhrUNFNQzr2tk1pd/jehclY4a6dyPvYC2gU s+eaUMuXf8CdxokLlw+NfI3nms46TwTG8zVx29jfZU+VyFiQnEWqfYjKIVKD0PjNkMLy thRtqTfUSeQ08CcEL38qhrrjBUoKvdQsIcsWU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710902788; x=1711507588; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=cGTF9Nqn4Dca/jo1w4nba4BHLmqxxk4U39bw7VuO9FI=; b=LtXf8MYtcWsSQ388tw5NSUJpkX0t4TIMsAoYDRt/7X9l1OYjbagYZ71y6XJ4h+OZMt QwwS9BjiMpaJPnwpUQ4nlMNhY4Y0xxyCpEqmx64Afc53Ej03xBFX5XM9quM0ZDTgj2o5 X59ZeDX5uUWfHQel2Lonn5ozkbLvTL2EgBjlWEd7dW8EJPJGPqsqZgcagMz/WioZgPs+ XgYhwBTtY/quxybHTnFF6qgi1gjNsba59mlQeE6IqqTkYnTFVUY/dSR9FDHP9472cncz +9ppKq5FfRHWjWs/yvEvqreXpPt4dWXBb18L9yLk/2QtfX+1HlIGvJTa6u2nHV6XHVrO hyHA== X-Forwarded-Encrypted: i=1; AJvYcCX5xHSsyEv3MFYL47awOYehGZMYZ2rAR+YPDBajNNWv5zS60PjqNnjmEoxtS4zi++iLOe5YLvCF1UEqlVDGBSalMgI= X-Gm-Message-State: AOJu0Yy72VWgr/0wchVJEV1WmHi4Qyew3q/tgJdRl6/fThHZFoNbwIy+ qaKe2wakqwfuCYdNw545ju+FXs/rRKkXa1hWlxWkKS0T0+DWF1D5xl73mtxnKQ== X-Google-Smtp-Source: AGHT+IHMO54sk1bZevLf6ifDyik54S8eAD4YWyeqV6LU2GS67mRVS0zXx3gGjb3AIaL23q+4sbrK8w== X-Received: by 2002:a05:6a20:e68f:b0:1a3:5581:1692 with SMTP id mz15-20020a056a20e68f00b001a355811692mr14963645pzb.30.1710902787798; Tue, 19 Mar 2024 19:46:27 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id kx16-20020a17090b229000b0029b77fbeb7fsm321684pjb.16.2024.03.19.19.46.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Mar 2024 19:46:26 -0700 (PDT) Date: Tue, 19 Mar 2024 19:46:26 -0700 From: Kees Cook To: Jiangfeng Xiao Cc: linux@armlinux.org.uk, arnd@arndb.de, rmk+kernel@armlinux.org.uk, haibo.li@mediatek.com, angelogioacchino.delregno@collabora.com, amergnat@baylibre.com, akpm@linux-foundation.org, dave.hansen@linux.intel.com, douzhaolei@huawei.com, gustavoars@kernel.org, jpoimboe@kernel.org, kepler.chenxin@huawei.com, kirill.shutemov@linux.intel.com, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, nixiaoming@huawei.com, peterz@infradead.org, wangbing6@huawei.com, wangfangpeng1@huawei.com, jannh@google.com, David.Laight@aculab.com Subject: Re: [PATCH] ARM: unwind: improve unwinders for noreturn case Message-ID: <202403191945.661DBCE8@keescook> References: <1709516385-7778-1-git-send-email-xiaojiangfeng@huawei.com> <1710901169-22763-1-git-send-email-xiaojiangfeng@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1710901169-22763-1-git-send-email-xiaojiangfeng@huawei.com> X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 224C81C0005 X-Stat-Signature: qs69adyg1uin5mru1kgezrxp9kcwabua X-HE-Tag: 1710902788-988149 X-HE-Meta: U2FsdGVkX18v9l6AmpmYiCN2Yh5e5TfHOQsKJztnc72e+5FgInLenzECku5xZYSyIEDIjW8bGanr8YN9q2CNj13bxVtJilbE0Z33masRM5WL20WYrRa8IWwl8Lomizpn7OQumwBRQLs+Wg7KwGENiRivfXx8PNTpVRSwUt0lbN0Vbl8M2OP5m+fidw+j6EchthbeH0l1gRLOeRtAUMPl0uUb9z6e0Hd81p1dmwSNFOfgJxSllCqoER8k9mO9IM2aO1UQTmacienvFVlzt3mOM5yA/Uoly+9BGi8b6kPnektUUfpZ91GitZdYxzmv3uEpQaK3500kRGQF6mEc63ZJKikLpDflSBinAUBVl4FQLAjBRZwUtH9t5ozibP7jrB+Ym70buU8pHcz+5uu2peVcghRjH9VPl513wJUhkMQtmTF7F5FN/RxYemUP2cYv5ycVySL5Xp+x+sP1e24+bLU9YZfnSMxehstbVFKc29EEDUDe75HmNz/i3eI+USu9mMifgDMJpV/cuTTzVHcy55VlR7Rg0hlnlxOpdXY/eqCkPU1OXA6pZoOL6pf1MQ1FwQnmnLt7HyIxSNyYYXG3JPa9Qo1Laph5tpKIWyK4qCqqXfyZSQLhW+tj79XfaXqZ8nsFBYc8JZ4fD9FjYOnQ6COTq+8OVbAjAsYeqPJtV3yl6h4DRig4Ktr16bxd4AryTJYq7uO5h+NcKVXzssSdfq/EOmnacCSAMBlaAluY2wuFCqWJCXImO14bT8FmID62w7FbEKtTfmAuWcmxwQQr7uoDIMApMY1CGClgBnfbF6nfYa7Jz26fvRAzClBuBTVte5SMx/30LwE/tbcENP43tPsJnA7X1T3uRHZGwah+OEtXc6/1OFbbgNc836WR5IonNdKkNbUgq1Ez4gEsr5l02cduU/q2cb9oK8f9hyRS+6X8CSQ0KyVaC1+qIs1fsR6hnsdfaXvtquzium64mXycZWA ucacLStj Pt11vR2EFZ6QNsMPL14D3ROcUJqe6OJxjqt7dj/4ViELbdT4wAFrm/fyZQRSQMA9vU5hbhDUP4K9twVyeYHiTwajPDtJvYlaThsOSOC+KXOgFGxD7+818Mt3FZXRwmqv9HV133Ge9CRhl51X9GzYy7mvct268n1Mj14lE X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Mar 20, 2024 at 10:19:29AM +0800, Jiangfeng Xiao wrote: > This is an off-by-one bug which is common in unwinders, > due to the fact that the address on the stack points > to the return address rather than the call address. > > So, for example, when the last instruction of a function > is a function call (e.g., to a noreturn function), it can > cause the unwinder to incorrectly try to unwind from > the function after the callee. > > foo: > ... > bl bar > ... end of function and thus next function ... > > which results in LR pointing into the next function. > > Fixed this by subtracting 1 from frmae->pc in the call frame > (but not exception frames) like ORC on x86 does. > > Refer to the unwind_next_frame function in the unwind_orc.c > > Suggested-by: Josh Poimboeuf > Link: https://lkml.kernel.org/lkml/20240305175846.qnyiru7uaa7itqba@treble/ > Signed-off-by: Jiangfeng Xiao > --- > arch/arm/include/asm/stacktrace.h | 4 ---- > arch/arm/kernel/stacktrace.c | 2 -- > arch/arm/kernel/traps.c | 4 ++-- > arch/arm/kernel/unwind.c | 18 +++++++++++++++--- > 4 files changed, 17 insertions(+), 11 deletions(-) > > diff --git a/arch/arm/include/asm/stacktrace.h b/arch/arm/include/asm/stacktrace.h > index 360f0d2..07e4c16 100644 > --- a/arch/arm/include/asm/stacktrace.h > +++ b/arch/arm/include/asm/stacktrace.h > @@ -21,9 +21,7 @@ struct stackframe { > struct llist_node *kr_cur; > struct task_struct *tsk; > #endif > -#ifdef CONFIG_UNWINDER_FRAME_POINTER > bool ex_frame; > -#endif > }; > > static __always_inline > @@ -37,9 +35,7 @@ void arm_get_current_stackframe(struct pt_regs *regs, struct stackframe *frame) > frame->kr_cur = NULL; > frame->tsk = current; > #endif > -#ifdef CONFIG_UNWINDER_FRAME_POINTER > frame->ex_frame = in_entry_text(frame->pc); > -#endif > } > > extern int unwind_frame(struct stackframe *frame); > diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c > index 620aa82..1abd4f9 100644 > --- a/arch/arm/kernel/stacktrace.c > +++ b/arch/arm/kernel/stacktrace.c > @@ -154,9 +154,7 @@ static void start_stack_trace(struct stackframe *frame, struct task_struct *task > frame->kr_cur = NULL; > frame->tsk = task; > #endif > -#ifdef CONFIG_UNWINDER_FRAME_POINTER > frame->ex_frame = in_entry_text(frame->pc); > -#endif > } > > void arch_stack_walk(stack_trace_consume_fn consume_entry, void *cookie, > diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c > index 3bad79d..b64e442 100644 > --- a/arch/arm/kernel/traps.c > +++ b/arch/arm/kernel/traps.c > @@ -84,10 +84,10 @@ void dump_backtrace_entry(unsigned long where, unsigned long from, > printk("%sFunction entered at [<%08lx>] from [<%08lx>]\n", > loglvl, where, from); > #elif defined CONFIG_BACKTRACE_VERBOSE > - printk("%s[<%08lx>] (%ps) from [<%08lx>] (%pS)\n", > + pr_warn("%s[<%08lx>] (%ps) from [<%08lx>] (%pB)\n", > loglvl, where, (void *)where, from, (void *)from); This should stay printk("%s...", loglvl, ...) or loglvl should be dropped when converting to pr_warn(): pr_warn([<%08lx>] (%ps) from [<%08lx>] (%pB)\n", where, (void *)where, from, (void *)from); Why did you want to force the "warn" log level? > #else > - printk("%s %ps from %pS\n", loglvl, (void *)where, (void *)from); > + pr_warn("%s %ps from %pB\n", loglvl, (void *)where, (void *)from); Ditto. -Kees -- Kees Cook