From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D219C54E58 for ; Wed, 20 Mar 2024 03:30:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EA6686B009E; Tue, 19 Mar 2024 23:30:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E56AC6B009F; Tue, 19 Mar 2024 23:30:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D1E146B00A2; Tue, 19 Mar 2024 23:30:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id C287E6B009E for ; Tue, 19 Mar 2024 23:30:28 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 6E01E160896 for ; Wed, 20 Mar 2024 03:30:28 +0000 (UTC) X-FDA: 81915989736.06.4AC12D6 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by imf17.hostedemail.com (Postfix) with ESMTP id E86054000D for ; Wed, 20 Mar 2024 03:30:24 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf17.hostedemail.com: domain of xiaojiangfeng@huawei.com designates 45.249.212.189 as permitted sender) smtp.mailfrom=xiaojiangfeng@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710905426; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2SQW1Rd45RZsfTg/+mSLnWoU/nK2sFkYhmxM2TOscNw=; b=X0o9QUVOg+MM8pphF4hSVO5Jw3jLqq3EGx+U2P9kveGAAuiSegYwqrkrJdwTmxXcH8KMeU 5PGJYZWYBQYwcQPzn8iP/Vy38nH/i6htLQJYN81Qr/I3BtW9AHaPZhaueyppUJs0wWWRKB cxxgLvAIpTfMH3Pk9LQxMaQjdJ/oowE= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf17.hostedemail.com: domain of xiaojiangfeng@huawei.com designates 45.249.212.189 as permitted sender) smtp.mailfrom=xiaojiangfeng@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710905426; a=rsa-sha256; cv=none; b=8XzAqGT8WtTl1v3ngYYZhsArAnQGZc7fwVPnn0VxoTVWFXhBVuSzNJoyJSUf3Wjmm2pumn a4HuwZ5lQK7vSeUOFlEsmV+oqNWzPbRYPFmjNfg5nz+1Fg+rFTV588JxjjQcePC9oLGkOD AqZfYgoypjZjDxMycGHPbCr5pAReZJ8= Received: from mail.maildlp.com (unknown [172.19.88.105]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4TzvF56Y93zNmFg; Wed, 20 Mar 2024 11:28:25 +0800 (CST) Received: from canpemm500010.china.huawei.com (unknown [7.192.105.118]) by mail.maildlp.com (Postfix) with ESMTPS id DE0BF140487; Wed, 20 Mar 2024 11:30:18 +0800 (CST) Received: from [10.67.111.82] (10.67.111.82) by canpemm500010.china.huawei.com (7.192.105.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 20 Mar 2024 11:30:18 +0800 Subject: Re: [PATCH] ARM: unwind: improve unwinders for noreturn case To: Kees Cook References: <1709516385-7778-1-git-send-email-xiaojiangfeng@huawei.com> <1710901169-22763-1-git-send-email-xiaojiangfeng@huawei.com> <202403191945.661DBCE8@keescook> CC: , , , , , , , , , , , , , , , , , , , , , , From: Jiangfeng Xiao Message-ID: Date: Wed, 20 Mar 2024 11:30:13 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <202403191945.661DBCE8@keescook> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.111.82] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500010.china.huawei.com (7.192.105.118) X-Rspamd-Queue-Id: E86054000D X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: u4ffq1e6cws7x7juhpjpiwkporibigaj X-HE-Tag: 1710905424-972898 X-HE-Meta: U2FsdGVkX19yi1Goo46eJ3meBXd2nb5FcQ5zdsXjUzxEkRMbby9YNT/xrW2JUeArxPM1WwfsPExmaQARgok9IEV7L02Zmr7OaAbsqnF1Dox0sD9t4IPL5FQZtyBHoSqXDVF8johusrkG+B5TtBwCuLlfYfe95zMumfbsiUunBXWXT+dnrZuV9tKPH9pGsSLAKeSDPoc+BpHHlGLg0e77ifeOZc6Z9MwQEWmnGNuuy++2ZrHCQXvfg65313f9VQNEF077K+dWYb7sbNc///RzC0xmAp0bJT1trDX6mnENyU3VM5FGOGZGnZe1YyazRnYlKwMNcaudZY73624G4hKYo3ZC0Uva05iw2+dKF7IHX+8894yNf2hiihqLPWxxkYjLyllTPxT8sgQRuUWuQqAis6NmXPpgyFM34ugFpWJ9hCNV8cujKiWV9czEOxKr0KWJUJzzu0BWSvI/DOAscnrpIOzmtZZJidjAmiJ5t4b4RFTArTOqEAMdRs5P56H+gzFXn/S9ZYJL2WmtWh3fYcm48+mDliT7bWW555RM7nRCaYijAEu+bueMSoFrFCwoPT30mustaaR9imb3XPoho6+1azM/UYcAiMFkHAhq0WoiDCLtX9dxbveYEu1e2jik2sAr3s6ttixpxKx7kH15w0ofVBYGmxs5+r/e/+7eVODtLrdSCIcFLAOljoUePS8s7LMG4J6ByOP1vK3+30NQNrVmuBS3v6jzONfG5latLW8z4nMyf29tZbQ+5JEdtgCgNUpuuCMJbNcjUbuprl7ExNgBLZmDyygYBG4aPGmA4sgsWklsDWR4vYIJDKwhwO9Ob82NrBAZTUISd2qv1+4u9hKXpUMNyqDiWr9wPFITHuH7jOa0gcUX0L50kNc/zMdXp+nZJ3PZdsvlGm75QbL6TNMFrm7b1BxAFI6pgQZGW65k+7MiY/XoC4D93o39TLxe7fk4P4uQ+b4tcZd9O4uDmLy gTZeLB35 eZTsog4+HIAgarhw5njJSJmtn85LcGyUK3kvBLYz3F0W2nP4KOlZe5M60x8+f1Glc7kZWqQsqrvpePCGSw7fVamz8m1BFwWBU2UknXUaOek2S+UsL+vLU0N88tBg1uGn5q14MmuPRb4+Cq64+kTeZ0l7GWviSo1sKbj62A42QZYi2D8HQ8b2WI2FoIpPg1+WfPqw5aUgmlN46WTRQ3i0pO3BXawTjaf2w8MT+not5TehTa/DY347lN2gxOknD6N/7BJtlcU20rtL4TMKqJJZMR0IRSp3zkZYtLKDJP+74MI1VKBU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2024/3/20 10:46, Kees Cook wrote: > On Wed, Mar 20, 2024 at 10:19:29AM +0800, Jiangfeng Xiao wrote: >> This is an off-by-one bug which is common in unwinders, >> due to the fact that the address on the stack points >> to the return address rather than the call address. >> >> So, for example, when the last instruction of a function >> is a function call (e.g., to a noreturn function), it can >> cause the unwinder to incorrectly try to unwind from >> the function after the callee. >> >> foo: >> ... >> bl bar >> ... end of function and thus next function ... >> >> which results in LR pointing into the next function. >> >> Fixed this by subtracting 1 from frmae->pc in the call frame >> (but not exception frames) like ORC on x86 does. >> >> Refer to the unwind_next_frame function in the unwind_orc.c >> >> Suggested-by: Josh Poimboeuf >> Link: https://lkml.kernel.org/lkml/20240305175846.qnyiru7uaa7itqba@treble/ >> Signed-off-by: Jiangfeng Xiao >> --- >> arch/arm/include/asm/stacktrace.h | 4 ---- >> arch/arm/kernel/stacktrace.c | 2 -- >> arch/arm/kernel/traps.c | 4 ++-- >> arch/arm/kernel/unwind.c | 18 +++++++++++++++--- >> 4 files changed, 17 insertions(+), 11 deletions(-) >> >> diff --git a/arch/arm/include/asm/stacktrace.h b/arch/arm/include/asm/stacktrace.h >> index 360f0d2..07e4c16 100644 >> --- a/arch/arm/include/asm/stacktrace.h >> +++ b/arch/arm/include/asm/stacktrace.h >> @@ -21,9 +21,7 @@ struct stackframe { >> struct llist_node *kr_cur; >> struct task_struct *tsk; >> #endif >> -#ifdef CONFIG_UNWINDER_FRAME_POINTER >> bool ex_frame; >> -#endif >> }; >> >> static __always_inline >> @@ -37,9 +35,7 @@ void arm_get_current_stackframe(struct pt_regs *regs, struct stackframe *frame) >> frame->kr_cur = NULL; >> frame->tsk = current; >> #endif >> -#ifdef CONFIG_UNWINDER_FRAME_POINTER >> frame->ex_frame = in_entry_text(frame->pc); >> -#endif >> } >> >> extern int unwind_frame(struct stackframe *frame); >> diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c >> index 620aa82..1abd4f9 100644 >> --- a/arch/arm/kernel/stacktrace.c >> +++ b/arch/arm/kernel/stacktrace.c >> @@ -154,9 +154,7 @@ static void start_stack_trace(struct stackframe *frame, struct task_struct *task >> frame->kr_cur = NULL; >> frame->tsk = task; >> #endif >> -#ifdef CONFIG_UNWINDER_FRAME_POINTER >> frame->ex_frame = in_entry_text(frame->pc); >> -#endif >> } >> >> void arch_stack_walk(stack_trace_consume_fn consume_entry, void *cookie, >> diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c >> index 3bad79d..b64e442 100644 >> --- a/arch/arm/kernel/traps.c >> +++ b/arch/arm/kernel/traps.c >> @@ -84,10 +84,10 @@ void dump_backtrace_entry(unsigned long where, unsigned long from, >> printk("%sFunction entered at [<%08lx>] from [<%08lx>]\n", >> loglvl, where, from); >> #elif defined CONFIG_BACKTRACE_VERBOSE >> - printk("%s[<%08lx>] (%ps) from [<%08lx>] (%pS)\n", >> + pr_warn("%s[<%08lx>] (%ps) from [<%08lx>] (%pB)\n", >> loglvl, where, (void *)where, from, (void *)from); > > This should stay printk("%s...", loglvl, ...) or loglvl should be > dropped when converting to pr_warn(): > > pr_warn([<%08lx>] (%ps) from [<%08lx>] (%pB)\n", > where, (void *)where, from, (void *)from); > > Why did you want to force the "warn" log level? > Thank you for your review. I think I'm wrong. The checkpatch.pl script reports the "WARNING: printk() should include KERN_ facility level" warning. That's why I changed printk to pr_warn. I should change printk to printk(KERN_DEFAULT). >> #else >> - printk("%s %ps from %pS\n", loglvl, (void *)where, (void *)from); >> + pr_warn("%s %ps from %pB\n", loglvl, (void *)where, (void *)from); > > Ditto. > > -Kees >