Commit c2c6b27b authored Oct 17, 2024 by Mark Rutland Committed by Catalin Marinas Oct 17, 2024

arm64: stacktrace: unwind exception boundaries



When arm64's stack unwinder encounters an exception boundary, it uses
the pt_regs::stackframe created by the entry code, which has a copy of
the PC and FP at the time the exception was taken. The unwinder doesn't
know anything about pt_regs, and reports the PC from the stackframe, but
does not report the LR.

The LR is only guaranteed to contain the return address at function call
boundaries, and can be used as a scratch register at other times, so the
LR at an exception boundary may or may not be a legitimate return
address. It would be useful to report the LR value regardless, as it can
be helpful when debugging, and in future it will be helpful for reliable
stacktrace support.

This patch changes the way we unwind across exception boundaries,
allowing both the PC and LR to be reported. The entry code creates a
frame_record_meta structure embedded within pt_regs, which the unwinder
uses to find the pt_regs. The unwinder can then extract pt_regs::pc and
pt_regs::lr as two separate unwind steps before continuing with a
regular walk of frame records.

When a PC is unwound from pt_regs::lr, dump_backtrace() will log this
with an "L" marker so that it can be identified easily. For example,
an unwind across an exception boundary will appear as follows:

|  el1h_64_irq+0x6c/0x70
|  _raw_spin_unlock_irqrestore+0x10/0x60 (P)
|  __aarch64_insn_write+0x6c/0x90 (L)
|  aarch64_insn_patch_text_nosync+0x28/0x80

... with a (P) entry for pt_regs::pc, and an (L) entry for pt_regs:lr.

Note that the LR may be stale at the point of the exception, for example,
shortly after a return:

|  el1h_64_irq+0x6c/0x70
|  default_idle_call+0x34/0x180 (P)
|  default_idle_call+0x28/0x180 (L)
|  do_idle+0x204/0x268

... where the LR points a few instructions before the current PC.

This plays nicely with all the other unwind metadata tracking. With the
ftrace_graph profiler enabled globally, and kretprobes installed on
generic_handle_domain_irq() and do_interrupt_handler(), a backtrace triggered
by magic-sysrq + L reports:

| Call trace:
|  show_stack+0x20/0x40 (CF)
|  dump_stack_lvl+0x60/0x80 (F)
|  dump_stack+0x18/0x28
|  nmi_cpu_backtrace+0xfc/0x140
|  nmi_trigger_cpumask_backtrace+0x1c8/0x200
|  arch_trigger_cpumask_backtrace+0x20/0x40
|  sysrq_handle_showallcpus+0x24/0x38 (F)
|  __handle_sysrq+0xa8/0x1b0 (F)
|  handle_sysrq+0x38/0x50 (F)
|  pl011_int+0x460/0x5a8 (F)
|  __handle_irq_event_percpu+0x60/0x220 (F)
|  handle_irq_event+0x54/0xc0 (F)
|  handle_fasteoi_irq+0xa8/0x1d0 (F)
|  generic_handle_domain_irq+0x34/0x58 (F)
|  gic_handle_irq+0x54/0x140 (FK)
|  call_on_irq_stack+0x24/0x58 (F)
|  do_interrupt_handler+0x88/0xa0
|  el1_interrupt+0x34/0x68 (FK)
|  el1h_64_irq_handler+0x18/0x28
|  el1h_64_irq+0x6c/0x70
|  default_idle_call+0x34/0x180 (P)
|  default_idle_call+0x28/0x180 (L)
|  do_idle+0x204/0x268
|  cpu_startup_entry+0x3c/0x50 (F)
|  rest_init+0xe4/0xf0
|  start_kernel+0x744/0x750
|  __primary_switched+0x88/0x98

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Reviewed-by: Puranjay Mohan <puranjay12@gmail.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: Kalesh Singh <kaleshsingh@google.com>
Cc: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20241017092538.1859841-11-mark.rutland@arm.com


Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

parent f05a4a42

arch/arm64/include/asm/ptrace.h

+1 −3

Original line number	Diff line number	Diff line
		@@ -168,9 +168,7 @@ struct pt_regs {
		u32 pmr;

		u64 sdei_ttbr1;
		u64 unused;

		struct frame_record stackframe;
		struct frame_record_meta stackframe;

		/* Only valid for some EL1 exceptions. */
		u64 lockdep_hardirqs;

arch/arm64/include/asm/stacktrace/frame.h

+35 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,30 @@
		#ifndef __ASM_STACKTRACE_FRAME_H
		#define __ASM_STACKTRACE_FRAME_H

		/*
		* - FRAME_META_TYPE_NONE
		*
		* This value is reserved.
		*
		* - FRAME_META_TYPE_FINAL
		*
		* The record is the last entry on the stack.
		* Unwinding should terminate successfully.
		*
		* - FRAME_META_TYPE_PT_REGS
		*
		* The record is embedded within a struct pt_regs, recording the registers at
		* an arbitrary point in time.
		* Unwinding should consume pt_regs::pc, followed by pt_regs::lr.
		*
		* Note: all other values are reserved and should result in unwinding
		* terminating with an error.
		*/
		#define FRAME_META_TYPE_NONE 0
		#define FRAME_META_TYPE_FINAL 1
		#define FRAME_META_TYPE_PT_REGS 2

		#ifndef __ASSEMBLY__
		/*
		* A standard AAPCS64 frame record.
		*/
		@@ -10,4 +34,15 @@ struct frame_record {
		u64 lr;
		};

		/*
		* A metadata frame record indicating a special unwind.
		* The record::{fp,lr} fields must be zero to indicate the presence of
		* metadata.
		*/
		struct frame_record_meta {
		struct frame_record record;
		u64 type;
		};
		#endif /* __ASSEMBLY */

		#endif /* __ASM_STACKTRACE_FRAME_H */

arch/arm64/kernel/asm-offsets.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -81,6 +81,7 @@ int main(void)
		DEFINE(S_SDEI_TTBR1, offsetof(struct pt_regs, sdei_ttbr1));
		DEFINE(S_PMR, offsetof(struct pt_regs, pmr));
		DEFINE(S_STACKFRAME, offsetof(struct pt_regs, stackframe));
		DEFINE(S_STACKFRAME_TYPE, offsetof(struct pt_regs, stackframe.type));
		DEFINE(PT_REGS_SIZE, sizeof(struct pt_regs));
		BLANK();
		#ifdef CONFIG_DYNAMIC_FTRACE_WITH_ARGS

arch/arm64/kernel/entry.S

+7 −5

Original line number	Diff line number	Diff line
		@@ -25,6 +25,7 @@
		#include <asm/processor.h>
		#include <asm/ptrace.h>
		#include <asm/scs.h>
		#include <asm/stacktrace/frame.h>
		#include <asm/thread_info.h>
		#include <asm/asm-uaccess.h>
		#include <asm/unistd.h>
		@@ -284,15 +285,16 @@ alternative_else_nop_endif
		stp lr, x21, [sp, #S_LR]

		/*
		* For exceptions from EL0, create a final frame record.
		* For exceptions from EL1, create a synthetic frame record so the
		* interrupted code shows up in the backtrace.
		* Create a metadata frame record. The unwinder will use this to
		* identify and unwind exception boundaries.
		*/
		.if \el == 0
		stp xzr, xzr, [sp, #S_STACKFRAME]
		.if \el == 0
		mov x0, #FRAME_META_TYPE_FINAL
		.else
		stp x29, x22, [sp, #S_STACKFRAME]
		mov x0, #FRAME_META_TYPE_PT_REGS
		.endif
		str x0, [sp, #S_STACKFRAME_TYPE]
		add x29, sp, #S_STACKFRAME

		#ifdef CONFIG_ARM64_SW_TTBR0_PAN

arch/arm64/kernel/head.S

+3 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,7 @@
		#include <asm/scs.h>
		#include <asm/smp.h>
		#include <asm/sysreg.h>
		#include <asm/stacktrace/frame.h>
		#include <asm/thread_info.h>
		#include <asm/virt.h>

		@@ -199,6 +200,8 @@ SYM_CODE_END(preserve_boot_args)
		sub sp, sp, #PT_REGS_SIZE

		stp xzr, xzr, [sp, #S_STACKFRAME]
		mov \tmp1, #FRAME_META_TYPE_FINAL
		str \tmp1, [sp, #S_STACKFRAME_TYPE]
		add x29, sp, #S_STACKFRAME

		scs_load_current