From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B029EC54E5D for ; Mon, 18 Mar 2024 04:01:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ED3DB6B0082; Mon, 18 Mar 2024 00:01:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E85B96B0083; Mon, 18 Mar 2024 00:01:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D4CE06B0085; Mon, 18 Mar 2024 00:01:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C207A6B0082 for ; Mon, 18 Mar 2024 00:01:41 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 2A5FA1A0A91 for ; Mon, 18 Mar 2024 04:01:41 +0000 (UTC) X-FDA: 81908810802.25.3F2576C Received: from szxga07-in.huawei.com (szxga07-in.huawei.com [45.249.212.35]) by imf23.hostedemail.com (Postfix) with ESMTP id 011EC140010 for ; Mon, 18 Mar 2024 04:01:37 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=none; spf=pass (imf23.hostedemail.com: domain of xiaojiangfeng@huawei.com designates 45.249.212.35 as permitted sender) smtp.mailfrom=xiaojiangfeng@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710734499; a=rsa-sha256; cv=none; b=rRdNoQiRaLYmfF0VJWn/L84W3RTZQwT3YYR4l9JvT77nf73PcPV82PO/BIimXMFUJ6r6TM 5EfaHwKDZlQoP6+hQOWr2JoUsQ7rem3UPLjHLKpov3mEinjg1PUrjBqtcn9CMgBGypv1YA lpcs2ZucboLt4p0w0YV5tDsrkxqHIJ4= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=none; spf=pass (imf23.hostedemail.com: domain of xiaojiangfeng@huawei.com designates 45.249.212.35 as permitted sender) smtp.mailfrom=xiaojiangfeng@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710734499; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9/ivhfUbajPAvoBRFl9GhktmC+++z3MZ1RYQ+qBlM+o=; b=FA8o14HgQYKYLHK13IqWRZvuOfiV/QHXxWFW1ZuPX1LWfZPGfdxhvWE5hViG1dj2hviOmc MIhkdZuRcXOI8+Mes4bVDte2shyTmvGH31mQcGQK+UaS2vDXluNOvuvJxEnAgtl5gelRVt BOBVqpfWaXFAMhLgBvAi8u32TJK+U+4= Received: from mail.maildlp.com (unknown [172.19.88.214]) by szxga07-in.huawei.com (SkyGuard) with ESMTP id 4Tyh1K5L67z1QBmM; Mon, 18 Mar 2024 11:59:01 +0800 (CST) Received: from canpemm500010.china.huawei.com (unknown [7.192.105.118]) by mail.maildlp.com (Postfix) with ESMTPS id 7D15C1A016F; Mon, 18 Mar 2024 12:01:33 +0800 (CST) Received: from [10.67.111.82] (10.67.111.82) by canpemm500010.china.huawei.com (7.192.105.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 18 Mar 2024 12:01:33 +0800 Subject: Re: [PATCH] usercopy: delete __noreturn from usercopy_abort To: Josh Poimboeuf References: <1709516385-7778-1-git-send-email-xiaojiangfeng@huawei.com> <202403040938.D770633@keescook> <77bb0d81-f496-7726-9495-57088a4c0bfc@huawei.com> <202403050129.5B72ACAA0D@keescook> <20240305175846.qnyiru7uaa7itqba@treble> CC: Kees Cook , Jann Horn , , , , , , , , , , , , , , Russell King , , Ard Biesheuvel From: Jiangfeng Xiao Message-ID: Date: Mon, 18 Mar 2024 12:01:27 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <20240305175846.qnyiru7uaa7itqba@treble> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.111.82] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To canpemm500010.china.huawei.com (7.192.105.118) X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 011EC140010 X-Stat-Signature: gwybugizsrsw6ot7f6h7iga5k4royqhe X-HE-Tag: 1710734497-263613 X-HE-Meta: U2FsdGVkX1/Km+5UiqV+Xbn46sMlq/+qJRRiiD98krZLNAZ2UcXAX1UwDUTzpUY0eFY3IwEu5sva9UFGOYItISyOEktgHtD0WH689PCXhQQjNgVFVwsa2ZPlu3Q69ly67vM6vhjisGIPZ32hXSx+mJFLM4WTJegVrIHIXuXfWyciudIKMFUQJq/NHCs+qV2UOrMcpO7irq+qF+4w0G1oemPDV3+mr2autzrai7E7yXHke4IEBXZV0C2/FF1Ew5pzpp/0YGTBzKNgULaBeJ9JfThuKI8kM5+7mEJF6w60FjuNA28Ch+4TtLI9pAANoWMqJ0J6xvKGv+bxjVszPZsw6P8yEuAplPOVEqRp1C1KZGanqo821akmW8bm4or2BI1UON1/vD27Fd1ANoFmSkBhpsZhzrp6cTCaojHW/qEui7eVgrAizXPPwxItA6PAE9fGFroBMz/xpKdOpg2hK79x5yuPod72iBxmMe3TOkydvgapH9m2WIvEvrYcdRAE+/OHD6ugnZNSqOy8wsUrUtuI/ZQ7y5YDkXk/ZGl9eYVUVq/EjGumRLu4ztdyXua8v8OOA+B6PfgYin0B7ah/ESqhc6gF9IRjW1f1EhDy6cvG90OqZIJAYXDR7bc+jg8SGX+gqchylXxNO29cRSNN0Y4TyE502HaagWv2Y/f6x61QFRtrEXk5As8QA5Z/ACel7ghKaQ0mzAKbkqlbdT2xuqPZRX9FD3YxiiWmMIbEnC1wL8GefnliR14S6bIcZy4xN183ohPW1QbNmcWbdzEHBsVUM65Ug+auOZrGfk7mDKbp5tMI88ty3HVlkgpZEk/8yyVxkrxNwMZnUmUhLEdEjXh1f4kNGPUxx97oJILRCZGvCe1N3BEVhlmuLQaBQ7ZS+9Yepx1pjSFzBUVZXBIzGQ5lMB0aVCtvx35PbLcCaeWN6kBPN89tki1cFhBkHVuYxHk4idgHx5Mx+kzosUEgpuN Mn4+KzEY BwDpFL1LsHgpe+Iq0VK6yRB5HHqCh6W4okipLel9joBrPM1jvJLdRLFx7JAJEQWXDjvUyPmHicqw778euE46kHpt4v7ZeUyFFTDCNNWfPcs3a+lC2WB6hVPwLWlRuSSKAm3faxmebfJbs7AT1Fg2Utk38Jmv9Eorj5hFy/OnH8MvVKFeU9GQ+csbwE+mr5ysn6ArAJ+yoXlivmQZMjwGYwt7FQ+iG6O2IM9fmw7ogu0NLi2cpCiJgUwk6AlmamTsmqWzZ97LcDegBysI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2024/3/6 1:58, Josh Poimboeuf wrote: > Adding ARM folks -- see > https://lkml.kernel.org/lkml/1709516385-7778-1-git-send-email-xiaojiangfeng@huawei.com > for the original bug report. > > This is an off-by-one bug which is common in unwinders, due to the fact > that the address on the stack points to the return address rather than > the call address. > > So, for example, when the last instruction of a function is a function > call (e.g., to a noreturn function), it can cause the unwinder to > incorrectly try to unwind from the function *after* the callee. > > For ORC (x86), we fixed this by decrementing the PC for call frames (but > not exception frames). I've seen user space unwinders do similar, for > non-signal frames. > > Something like the following might fix your issue (completely untested): > Thank you very much. I have verified that your patch can fix my issue. But I have some little questions. > diff --git a/arch/arm/include/asm/stacktrace.h b/arch/arm/include/asm/stacktrace.h > index 360f0d2406bf..4891e38cdc1f 100644 > --- a/arch/arm/include/asm/stacktrace.h > +++ b/arch/arm/include/asm/stacktrace.h > @@ -21,9 +21,7 @@ struct stackframe { > struct llist_node *kr_cur; > struct task_struct *tsk; > #endif > -#ifdef CONFIG_UNWINDER_FRAME_POINTER > bool ex_frame; > -#endif > }; > > static __always_inline > @@ -37,9 +35,8 @@ void arm_get_current_stackframe(struct pt_regs *regs, struct stackframe *frame) > frame->kr_cur = NULL; > frame->tsk = current; > #endif > -#ifdef CONFIG_UNWINDER_FRAME_POINTER > - frame->ex_frame = in_entry_text(frame->pc); > -#endif > + frame->ex_frame = !!regs; > + 'regs' must not be NULL, frame->ex_frame will always be TRUE. So I think we just need to remove CONFIG_UNWINDER_FRAME_POINTER here. We don't need to change the frame->ex_frame assignment statement. > diff --git a/arch/arm/kernel/unwind.c b/arch/arm/kernel/unwind.c > index 9d2192156087..99ded32196af 100644 > --- a/arch/arm/kernel/unwind.c > +++ b/arch/arm/kernel/unwind.c > @@ -407,7 +407,7 @@ int unwind_frame(struct stackframe *frame) > { > const struct unwind_idx *idx; > struct unwind_ctrl_block ctrl; > - unsigned long sp_low; > + unsigned long sp_low, pc; > > /* store the highest address on the stack to avoid crossing it*/ > sp_low = frame->sp; > @@ -417,19 +417,22 @@ int unwind_frame(struct stackframe *frame) > pr_debug("%s(pc = %08lx lr = %08lx sp = %08lx)\n", __func__, > frame->pc, frame->lr, frame->sp); > > - idx = unwind_find_idx(frame->pc); > + pc = frame->ex_frame ? frame->pc : frame->pc - 4; For details, see the unwind_next_frame function in the unwind_orc.c. Why subtract 4 here instead of 1? `pc = frame->ex_frame ? frame->pc : frame->pc - 1` Is it more appropriate? > + > + idx = unwind_find_idx(pc); > if (!idx) { > - if (frame->pc && kernel_text_address(frame->pc)) { > - if (in_module_plt(frame->pc) && frame->pc != frame->lr) { > + if (kernel_text_address(pc)) { > + if (in_module_plt(pc) && frame->pc != frame->lr) { > /* > * Quoting Ard: Veneers only set PC using a > * PC+immediate LDR, and so they don't affect > * the state of the stack or the register file > */ > frame->pc = frame->lr; > + frame->ex_frame = false; > return URC_OK; > } > - pr_warn("unwind: Index not found %08lx\n", frame->pc); > + pr_warn("unwind: Index not found %08lx\n", pc); > } > return -URC_FAILURE; > } > @@ -442,7 +445,7 @@ int unwind_frame(struct stackframe *frame) > if (idx->insn == 1) > /* can't unwind */ > return -URC_FAILURE; > - else if (frame->pc == prel31_to_addr(&idx->addr_offset)) { > + else if (frame->ex_frame && pc == prel31_to_addr(&idx->addr_offset)) { > /* > * Unwinding is tricky when we're halfway through the prologue, > * since the stack frame that the unwinder expects may not be > @@ -451,9 +454,10 @@ int unwind_frame(struct stackframe *frame) > * a function, we are still effectively in the stack frame of > * the caller, and the unwind info has no relevance yet. > */ > - if (frame->pc == frame->lr) > + if (pc == frame->lr) > return -URC_FAILURE; > frame->pc = frame->lr; > + frame->ex_frame = false; > return URC_OK; > } else if ((idx->insn & 0x80000000) == 0) > /* prel31 to the unwind table */ > @@ -515,6 +519,7 @@ int unwind_frame(struct stackframe *frame) > frame->lr = ctrl.vrs[LR]; > frame->pc = ctrl.vrs[PC]; > frame->lr_addr = ctrl.lr_addr; > + frame->ex_frame = false; Why is the value of `frame->ex_frame` directly set to false? Why is the value not determined based on `frame->pc`? That is, `frame->ex_frame = in_entry_text(frame->pc)` > > return URC_OK; > } > @@ -544,6 +549,7 @@ void unwind_backtrace(struct pt_regs *regs, struct task_struct *tsk, > */ > here: > frame.pc = (unsigned long)&&here; > + frame.ex_frame = false; > } else { > /* task blocked in __switch_to */ > frame.fp = thread_saved_fp(tsk); > @@ -554,11 +560,12 @@ void unwind_backtrace(struct pt_regs *regs, struct task_struct *tsk, > */ > frame.lr = 0; > frame.pc = thread_saved_pc(tsk); > + frame.ex_frame = false; > } > > while (1) { > int urc; > - unsigned long where = frame.pc; > + unsigned long where = frame.ex_frame ? frame.pc : frame.pc - 4; > > urc = unwind_frame(&frame); > if (urc < 0) > . > If I refer to your demo patch and submit a new bugfix patch, can I mark you as "Co-developed-by" in this new bugfix patch?