From patchwork Mon Apr 5 20:43:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Madhavan T. Venkataraman" X-Patchwork-Id: 12183591 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F048C433ED for ; Mon, 5 Apr 2021 20:45:19 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1A53B613C6 for ; Mon, 5 Apr 2021 20:45:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1A53B613C6 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Bb9o9SWkuekQBfXjPJIUqS3XRWR+DhgDnD6m/4HxBoM=; b=murbw5guJ3MKXy+mVAecT/u3K dOJgrfbe3dtIAB6dYfcEbRfRhSHhDQpEC4IsuQowZTwLR3GxXpiGARt1gkQH8VD6QIcWBLHuymIcl ICmvRp7opWGruOfxff2BIgSpXvja2LEp/P8SjdhYLUvgPQ/zNJmxPjsj8QAlWe8jKTTzl4gcnpQ1P 8wA6BAkVmL6USF51BLqLOLg3/DGFDBIeYN/UiATOuTrC7ZlVckRLfeVldSpA21124OevidQBHKtXn i4YXppHhL/h/TmTTBj4hGATWH7Jwy1i4QIzMwRnA9r5MttjdkJWVOpzM2me1rSxCU8msw9OhPT5PW zIo9f7ZMQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lTW4a-000dam-0q; Mon, 05 Apr 2021 20:43:48 +0000 Received: from linux.microsoft.com ([13.77.154.182]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lTW4E-000dYB-B8 for linux-arm-kernel@lists.infradead.org; Mon, 05 Apr 2021 20:43:29 +0000 Received: from x64host.home (unknown [47.187.194.202]) by linux.microsoft.com (Postfix) with ESMTPSA id C4E4520B5681; Mon, 5 Apr 2021 13:43:24 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C4E4520B5681 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1617655405; bh=FXJKTTAJEFg3bLgFKMRC+t8B2UTIYo8NHYupcKiM3Rw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=MWcmvYhNmA3PSzFB6RSUtxu3mMOaUhE+umk9IWFD54y1pFcddpg5sfAbyy1/ve1++ x9uRas75ssraEYzaEk598CaW6miKKHWVfWYXXuPn1I8bqaMPHCCy/T4pf6XTpzgoT4 xLiG5bykpfyx+7LflqID6iEcd6RwZ3gx7t4ncNFc= From: madvenka@linux.microsoft.com To: mark.rutland@arm.com, broonie@kernel.org, jpoimboe@redhat.com, jthierry@redhat.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, madvenka@linux.microsoft.com Subject: [RFC PATCH v2 2/4] arm64: Mark a stack trace unreliable if an EL1 exception frame is detected Date: Mon, 5 Apr 2021 15:43:11 -0500 Message-Id: <20210405204313.21346-3-madvenka@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210405204313.21346-1-madvenka@linux.microsoft.com> References: <705993ccb34a611c75cdae0a8cb1b40f9b218ebd> <20210405204313.21346-1-madvenka@linux.microsoft.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210405_214327_036265_E6165B11 X-CRM114-Status: GOOD ( 17.71 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: "Madhavan T. Venkataraman" EL1 exceptions can happen on any instruction including instructions in the frame pointer prolog or epilog. Depending on where exactly they happen, they could render the stack trace unreliable. If an EL1 exception frame is found on the stack, mark the stack trace as unreliable. Now, the EL1 exception frame is not at any well-known offset on the stack. It can be anywhere on the stack. In order to properly detect an EL1 exception frame, the return address must be checked against all of the possible EL1 exception handlers. Preemption ========== Interrupts encountered in kernel code are also EL1 exceptions. At the end of an interrupt, the interrupt handler checks if the current task must be preempted for any reason. If so, it calls the preemption code which takes the task off the CPU. A stack trace taken on the task after the preemption will show the EL1 frame and will be considered unreliable. This is correct behavior as preemption can happen practically at any point in code. Probing ======= Breakpoints encountered in kernel code are also EL1 exceptions. The probing infrastructure uses breakpoints for executing probe code. While in the probe code, the stack trace will show an EL1 frame and will be considered unreliable. This is also correct behavior. Reviewed-by: Mark Brown Signed-off-by: Madhavan T. Venkataraman --- arch/arm64/include/asm/exception.h | 8 +++++++ arch/arm64/kernel/entry.S | 14 +++++------ arch/arm64/kernel/stacktrace.c | 37 ++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 7 deletions(-) diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index 6546158d2f2d..4ebd2390ef54 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -35,6 +35,14 @@ asmlinkage void el1_sync_handler(struct pt_regs *regs); asmlinkage void el0_sync_handler(struct pt_regs *regs); asmlinkage void el0_sync_compat_handler(struct pt_regs *regs); +asmlinkage void el1_sync(void); +asmlinkage void el1_irq(void); +asmlinkage void el1_error(void); +asmlinkage void el1_sync_invalid(void); +asmlinkage void el1_irq_invalid(void); +asmlinkage void el1_fiq_invalid(void); +asmlinkage void el1_error_invalid(void); + asmlinkage void noinstr enter_el1_irq_or_nmi(struct pt_regs *regs); asmlinkage void noinstr exit_el1_irq_or_nmi(struct pt_regs *regs); asmlinkage void enter_from_user_mode(void); diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index a31a0a713c85..9fe3aaeff019 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -630,19 +630,19 @@ SYM_CODE_START_LOCAL(el0_fiq_invalid_compat) SYM_CODE_END(el0_fiq_invalid_compat) #endif -SYM_CODE_START_LOCAL(el1_sync_invalid) +SYM_CODE_START(el1_sync_invalid) inv_entry 1, BAD_SYNC SYM_CODE_END(el1_sync_invalid) -SYM_CODE_START_LOCAL(el1_irq_invalid) +SYM_CODE_START(el1_irq_invalid) inv_entry 1, BAD_IRQ SYM_CODE_END(el1_irq_invalid) -SYM_CODE_START_LOCAL(el1_fiq_invalid) +SYM_CODE_START(el1_fiq_invalid) inv_entry 1, BAD_FIQ SYM_CODE_END(el1_fiq_invalid) -SYM_CODE_START_LOCAL(el1_error_invalid) +SYM_CODE_START(el1_error_invalid) inv_entry 1, BAD_ERROR SYM_CODE_END(el1_error_invalid) @@ -650,7 +650,7 @@ SYM_CODE_END(el1_error_invalid) * EL1 mode handlers. */ .align 6 -SYM_CODE_START_LOCAL_NOALIGN(el1_sync) +SYM_CODE_START_NOALIGN(el1_sync) kernel_entry 1 mov x0, sp bl el1_sync_handler @@ -658,7 +658,7 @@ SYM_CODE_START_LOCAL_NOALIGN(el1_sync) SYM_CODE_END(el1_sync) .align 6 -SYM_CODE_START_LOCAL_NOALIGN(el1_irq) +SYM_CODE_START_NOALIGN(el1_irq) kernel_entry 1 gic_prio_irq_setup pmr=x20, tmp=x1 enable_da_f @@ -737,7 +737,7 @@ el0_irq_naked: b ret_to_user SYM_CODE_END(el0_irq) -SYM_CODE_START_LOCAL(el1_error) +SYM_CODE_START(el1_error) kernel_entry 1 mrs x1, esr_el1 gic_prio_kentry_setup tmp=x2 diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index 557657d6e6bd..fb11e4372891 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -25,8 +26,44 @@ struct function_range { /* * Special functions where the stack trace is unreliable. + * + * EL1 exceptions + * ============== + * + * EL1 exceptions can happen on any instruction including instructions in + * the frame pointer prolog or epilog. Depending on where exactly they happen, + * they could render the stack trace unreliable. + * + * If an EL1 exception frame is found on the stack, mark the stack trace as + * unreliable. Now, the EL1 exception frame is not at any well-known offset + * on the stack. It can be anywhere on the stack. In order to properly detect + * an EL1 exception frame, the return address must be checked against all of + * the possible EL1 exception handlers. + * + * Interrupts encountered in kernel code are also EL1 exceptions. At the end + * of an interrupt, the current task can get preempted. A stack trace taken + * on the task after the preemption will show the EL1 frame and will be + * considered unreliable. This is correct behavior as preemption can happen + * practically at any point in code. + * + * Breakpoints encountered in kernel code are also EL1 exceptions. Breakpoints + * can happen practically on any instruction. Mark the stack trace as + * unreliable. Breakpoints are used for executing probe code. Stack traces + * taken while in the probe code will show an EL1 frame and will be considered + * unreliable. This is correct behavior. */ static struct function_range special_functions[] = { + /* + * EL1 exception handlers. + */ + { (unsigned long) el1_sync, 0 }, + { (unsigned long) el1_irq, 0 }, + { (unsigned long) el1_error, 0 }, + { (unsigned long) el1_sync_invalid, 0 }, + { (unsigned long) el1_irq_invalid, 0 }, + { (unsigned long) el1_fiq_invalid, 0 }, + { (unsigned long) el1_error_invalid, 0 }, + { /* sentinel */ } };