Thread (55 messages) 55 messages, 3 authors, 2021-03-23

Re: [RFC PATCH v2 5/8] arm64: Detect an FTRACE frame and mark a stack trace unreliable

From: Mark Rutland <mark.rutland@arm.com>
Date: 2021-03-23 17:03:23
Also in: live-patching, lkml 

On Tue, Mar 23, 2021 at 11:20:44AM -0500, Madhavan T. Venkataraman wrote:
On 3/23/21 10:26 AM, Madhavan T. Venkataraman wrote:
quoted
On 3/23/21 9:57 AM, Mark Rutland wrote:
quoted
On Tue, Mar 23, 2021 at 09:15:36AM -0500, Madhavan T. Venkataraman wrote:
So, my next question is - can we define a practical limit for the
nesting so that any nesting beyond that is fatal? The reason I ask
is - if there is a max, then we can allocate an array of stack
frames out of band for the special frames so they are not part of
the stack and will not likely get corrupted.

Also, we don't have to do any special detection. If the number of
out of band frames used is one or more then we have exceptions and
the stack trace is unreliable.
Alternatively, if we can just increment a counter in the task
structure when an exception is entered and decrement it when an
exception returns, that counter will tell us that the stack trace is
unreliable.
As I noted earlier, we must treat *any* EL1 exception boundary needs to
be treated as unreliable for unwinding, and per my other comments w.r.t.
corrupting the call chain I don't think we need additional protection on
exception boundaries specifically.

Is this feasible?

I think I have enough for v3 at this point. If you think that the
counter idea is OK, I can implement it in v3. Once you confirm, I will
start working on v3.
Currently, I don't see a compelling reason to need this, and would
prefer to avoid it.

More generally, could we please break this work into smaller steps? I
reckon we can break this down into the following chunks:

1. Add the explicit final frame and associated handling. I suspect that
   this is complicated enough on its own to be an independent series,
   and it's something that we can merge without all the bits and pieces
   necessary for truly reliable stacktracing.

2. Figure out how we must handle kprobes and ftrace. That probably means
   rejecting unwinds from specific places, but we might also want to
   adjust the trampolines if that makes this easier.

3. Figure out exception boundary handling. I'm currently working to
   simplify the entry assembly down to a uniform set of stubs, and I'd
   prefer to get that sorted before we teach the unwinder about
   exception boundaries, as it'll be significantly simpler to reason
   about and won't end up clashing with the rework.

Thanks,
Mark.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help