• Ard Biesheuvel's avatar
    arm64: unwind: reference pt_regs via embedded stack frame · 73267498
    Ard Biesheuvel authored
    As it turns out, the unwind code is slightly broken, and probably has
    been for a while. The problem is in the dumping of the exception stack,
    which is intended to dump the contents of the pt_regs struct at each
    level in the call stack where an exception was taken and routed to a
    routine marked as __exception (which means its stack frame is right
    below the pt_regs struct on the stack).
    
    'Right below the pt_regs struct' is ill defined, though: the unwind
    code assigns 'frame pointer + 0x10' to the .sp member of the stackframe
    struct at each level, and dump_backtrace() happily dereferences that as
    the pt_regs pointer when encountering an __exception routine. However,
    the actual size of the stack frame created by this routine (which could
    be one of many __exception routines we have in the kernel) is not known,
    and so frame.sp is pretty useless to figure out where struct pt_regs
    really is.
    
    So it seems the only way to ensure that we can find our struct pt_regs
    when walking the stack frames is to put it at a known fixed offset of
    the stack frame pointer that is passed to such __exception routines.
    The simplest way to do that is to put it inside pt_regs itself, which is
    the main change implemented by this patch. As a bonus, doing this allows
    us to get rid of a fair amount of cruft related to walking from one stack
    to the other, which is especially nice since we intend to introduce yet
    another stack for overflow handling once we add support for vmapped
    stacks. It also fixes an inconsistency where we only add a stack frame
    pointing to ELR_EL1 if we are executing from the IRQ stack but not when
    we are executing from the task stack.
    
    To consistly identify exceptions regs even in the presence of exceptions
    taken from entry code, we must check whether the next frame was created
    by entry text, rather than whether the current frame was crated by
    exception text.
    
    To avoid backtracing using PCs that fall in the idmap, or are controlled
    by userspace, we must explcitly zero the FP and LR in startup paths, and
    must ensure that the frame embedded in pt_regs is zeroed upon entry from
    EL0. To avoid these NULL entries showin in the backtrace, unwind_frame()
    is updated to avoid them.
    Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    [Mark: compare current frame against .entry.text, avoid bogus PCs]
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    Cc: Catalin Marinas <catalin.marinas@arm.com>
    Cc: James Morse <james.morse@arm.com>
    Cc: Will Deacon <will.deacon@arm.com>
    73267498
ptrace.h 6.91 KB