Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit af085d90 authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Jiri Kosina
Browse files

stacktrace/x86: add function for detecting reliable stack traces 



For live patching and possibly other use cases, a stack trace is only
useful if it can be assured that it's completely reliable.  Add a new
save_stack_trace_tsk_reliable() function to achieve that.

Note that if the target task isn't the current task, and the target task
is allowed to run, then it could be writing the stack while the unwinder
is reading it, resulting in possible corruption.  So the caller of
save_stack_trace_tsk_reliable() must ensure that the task is either
'current' or inactive.

save_stack_trace_tsk_reliable() relies on the x86 unwinder's detection
of pt_regs on the stack.  If the pt_regs are not user-mode registers
from a syscall, then they indicate an in-kernel interrupt or exception
(e.g. preemption or a page fault), in which case the stack is considered
unreliable due to the nature of frame pointers.

It also relies on the x86 unwinder's detection of other issues, such as:

- corrupted stack data
- stack grows the wrong way
- stack walk doesn't reach the bottom
- user didn't provide a large enough entries array

Such issues are reported by checking unwind_error() and !unwind_done().

Also add CONFIG_HAVE_RELIABLE_STACKTRACE so arch-independent code can
determine at build time whether the function is implemented.

Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Reviewed-by: default avatarMiroslav Benes <mbenes@suse.cz>
Acked-by: Ingo Molnar <mingo@kernel.org>	# for the x86 changes
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
parent c1ae3cfa

arch/Kconfig

+6 −0
Original line number Original line Diff line number Diff line
@@ -713,6 +713,12 @@ config HAVE_STACK_VALIDATION 
	  Architecture supports the 'objtool check' host tool command, which

	  Architecture supports the 'objtool check' host tool command, which

	  performs compile-time stack metadata validation.

	  performs compile-time stack metadata validation.





config HAVE_RELIABLE_STACKTRACE

	bool

	help

	  Architecture has a save_stack_trace_tsk_reliable() function which

	  only returns a stack trace if it can guarantee the trace is reliable.



config HAVE_ARCH_HASH

config HAVE_ARCH_HASH

	bool

	bool

	default n

	default n

arch/x86/Kconfig

+1 −0
Original line number Original line Diff line number Diff line
@@ -160,6 +160,7 @@ config X86 
	select HAVE_PERF_REGS

	select HAVE_PERF_REGS

	select HAVE_PERF_USER_STACK_DUMP

	select HAVE_PERF_USER_STACK_DUMP

	select HAVE_REGS_AND_STACK_ACCESS_API

	select HAVE_REGS_AND_STACK_ACCESS_API

	select HAVE_RELIABLE_STACKTRACE		if X86_64 && FRAME_POINTER && STACK_VALIDATION

	select HAVE_STACK_VALIDATION		if X86_64

	select HAVE_STACK_VALIDATION		if X86_64

	select HAVE_SYSCALL_TRACEPOINTS

	select HAVE_SYSCALL_TRACEPOINTS

	select HAVE_UNSTABLE_SCHED_CLOCK

	select HAVE_UNSTABLE_SCHED_CLOCK

arch/x86/include/asm/unwind.h

+6 −0
Original line number Original line Diff line number Diff line
@@ -11,6 +11,7 @@ struct unwind_state { 
	unsigned long stack_mask;

	unsigned long stack_mask;

	struct task_struct *task;

	struct task_struct *task;

	int graph_idx;

	int graph_idx;

	bool error;

#ifdef CONFIG_FRAME_POINTER

#ifdef CONFIG_FRAME_POINTER

	unsigned long *bp, *orig_sp;

	unsigned long *bp, *orig_sp;

	struct pt_regs *regs;

	struct pt_regs *regs;
@@ -40,6 +41,11 @@ void unwind_start(struct unwind_state *state, struct task_struct *task, 
	__unwind_start(state, task, regs, first_frame);

	__unwind_start(state, task, regs, first_frame);

}

}





static inline bool unwind_error(struct unwind_state *state)

{

	return state->error;

}



#ifdef CONFIG_FRAME_POINTER

#ifdef CONFIG_FRAME_POINTER





static inline

static inline

arch/x86/kernel/stacktrace.c

+95 −1
Original line number Original line Diff line number Diff line
@@ -76,6 +76,101 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace) 
}

}

EXPORT_SYMBOL_GPL(save_stack_trace_tsk);

EXPORT_SYMBOL_GPL(save_stack_trace_tsk);





#ifdef CONFIG_HAVE_RELIABLE_STACKTRACE



#define STACKTRACE_DUMP_ONCE(task) ({				\

	static bool __section(.data.unlikely) __dumped;		\

								\

	if (!__dumped) {					\

		__dumped = true;				\

		WARN_ON(1);					\

		show_stack(task, NULL);				\

	}							\

})



static int __save_stack_trace_reliable(struct stack_trace *trace,

				       struct task_struct *task)

{

	struct unwind_state state;

	struct pt_regs *regs;

	unsigned long addr;



	for (unwind_start(&state, task, NULL, NULL); !unwind_done(&state);

	     unwind_next_frame(&state)) {



		regs = unwind_get_entry_regs(&state);

		if (regs) {

			/*

			 * Kernel mode registers on the stack indicate an

			 * in-kernel interrupt or exception (e.g., preemption

			 * or a page fault), which can make frame pointers

			 * unreliable.

			 */

			if (!user_mode(regs))

				return -EINVAL;



			/*

			 * The last frame contains the user mode syscall

			 * pt_regs.  Skip it and finish the unwind.

			 */

			unwind_next_frame(&state);

			if (!unwind_done(&state)) {

				STACKTRACE_DUMP_ONCE(task);

				return -EINVAL;

			}

			break;

		}



		addr = unwind_get_return_address(&state);



		/*

		 * A NULL or invalid return address probably means there's some

		 * generated code which __kernel_text_address() doesn't know

		 * about.

		 */

		if (!addr) {

			STACKTRACE_DUMP_ONCE(task);

			return -EINVAL;

		}



		if (save_stack_address(trace, addr, false))

			return -EINVAL;

	}



	/* Check for stack corruption */

	if (unwind_error(&state)) {

		STACKTRACE_DUMP_ONCE(task);

		return -EINVAL;

	}



	if (trace->nr_entries < trace->max_entries)

		trace->entries[trace->nr_entries++] = ULONG_MAX;



	return 0;

}



/*

 * This function returns an error if it detects any unreliable features of the

 * stack.  Otherwise it guarantees that the stack trace is reliable.

 *

 * If the task is not 'current', the caller *must* ensure the task is inactive.

 */

int save_stack_trace_tsk_reliable(struct task_struct *tsk,

				  struct stack_trace *trace)

{

	int ret;



	if (!try_get_task_stack(tsk))

		return -EINVAL;



	ret = __save_stack_trace_reliable(trace, tsk);



	put_task_stack(tsk);



	return ret;

}

#endif /* CONFIG_HAVE_RELIABLE_STACKTRACE */



/* Userspace stacktrace - based on kernel/trace/trace_sysprof.c */

/* Userspace stacktrace - based on kernel/trace/trace_sysprof.c */





struct stack_frame_user {

struct stack_frame_user {
@@ -138,4 +233,3 @@ void save_stack_trace_user(struct stack_trace *trace) 
	if (trace->nr_entries < trace->max_entries)

	if (trace->nr_entries < trace->max_entries)

		trace->entries[trace->nr_entries++] = ULONG_MAX;

		trace->entries[trace->nr_entries++] = ULONG_MAX;

}
 
}

arch/x86/kernel/unwind_frame.c

+2 −0
Original line number Original line Diff line number Diff line
@@ -225,6 +225,8 @@ bool unwind_next_frame(struct unwind_state *state) 
	return true;

	return true;





bad_address:

bad_address:

	state->error = true;



	/*

	/*

	 * When unwinding a non-current task, the task might actually be

	 * When unwinding a non-current task, the task might actually be

	 * running on another CPU, in which case it could be modifying its

	 * running on another CPU, in which case it could be modifying its