[PATCH v8 15/27] mm/ksw: limit canary search to current stack frame

[PATCH v8 00/27] mm/ksw: Introduce KStackWatch debugging tool · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 01/27] x86/hw_breakpoint: Unify breakpoint install/uninstall · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 02/27] x86/hw_breakpoint: Add arch_reinstall_hw_breakpoint · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 03/27] HWBP: Add modify_wide_hw_breakpoint_local() API · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 04/27] mm/ksw: add build system support · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 05/27] mm/ksw: add ksw_config struct and parser · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 06/27] mm/ksw: add singleton debugfs interface · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 07/27] mm/ksw: add HWBP pre-allocation · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 08/27] mm/ksw: Add atomic watchpoint management api · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 09/27] mm/ksw: ignore false positives from exit trampolines · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 10/27] mm/ksw: support CPU hotplug · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 11/27] sched/ksw: add per-task context · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 12/27] mm/ksw: add entry kprobe and exit fprobe management · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 13/27] mm/ksw: add per-task ctx tracking · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 14/27] mm/ksw: resolve stack watch addr and len · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 15/27] mm/ksw: limit canary search to current stack frame · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 16/27] mm/ksw: manage probe and HWBP lifecycle via procfs · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 17/27] mm/ksw: add KSTACKWATCH_PROFILING to measure probe cost · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 18/27] arm64/hw_breakpoint: Add arch_reinstall_hw_breakpoint · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 19/27] arm64/hwbp/ksw: integrate KStackWatch handler support · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 20/27] mm/ksw: add self-debug helpers · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 21/27] mm/ksw: add test module · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 22/27] mm/ksw: add stack overflow test · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 23/27] mm/ksw: add recursive depth test · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 24/27] mm/ksw: add multi-thread corruption test cases · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 25/27] tools/ksw: add arch-specific test script · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 26/27] docs: add KStackWatch document · Jinchao Wang <hidden> · 2025-11-10
[PATCH v8 27/27] MAINTAINERS: add entry for KStackWatch · Jinchao Wang <hidden> · 2025-11-10
Re: [PATCH v8 00/27] mm/ksw: Introduce KStackWatch debugging tool · Matthew Wilcox <willy@infradead.org> · 2025-11-10
Re: [PATCH v8 00/27] mm/ksw: Introduce KStackWatch debugging tool · Jinchao Wang <hidden> · 2025-11-12
Re: [PATCH v8 00/27] mm/ksw: Introduce KStackWatch debugging tool · Matthew Wilcox <willy@infradead.org> · 2025-11-12
Re: [PATCH v8 00/27] mm/ksw: Introduce KStackWatch debugging tool · Jinchao Wang <hidden> · 2025-11-13

STALE222d

From: Jinchao Wang <hidden>
Date: 2025-11-10 16:37:48
Also in: linux-doc, linux-mm, linux-perf-users, lkml, llvm, workflows
Subsystem: memory management, the rest · Maintainers: Andrew Morton, Linus Torvalds

Use the compiler-provided frame pointer when CONFIG_FRAME_POINTER is
enabled to restrict the stack canary search range to the current
function frame. This prevents scanning beyond valid stack bounds and
improves reliability across architectures.

Also add explicit handling for missing CONFIG_STACKPROTECTOR and make
the failure message more visible.

Signed-off-by: Jinchao Wang <redacted>
---
 mm/kstackwatch/stack.c | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/mm/kstackwatch/stack.c b/mm/kstackwatch/stack.c
index 60371b292915..3455d1e70db9 100644
--- a/mm/kstackwatch/stack.c
+++ b/mm/kstackwatch/stack.c

@@ -64,15 +64,32 @@ static unsigned long ksw_find_stack_canary_addr(struct pt_regs *regs)
 	unsigned long *stack_ptr, *stack_end, *stack_base;
 	unsigned long expected_canary;
 	unsigned int i;
+#ifdef CONFIG_FRAME_POINTER
+	unsigned long *fp = NULL;
+#endif
 
 	stack_ptr = (unsigned long *)kernel_stack_pointer(regs);
-
 	stack_base = (unsigned long *)(current->stack);
 
-	// TODO: limit it to the current frame
 	stack_end = (unsigned long *)((char *)current->stack + THREAD_SIZE);
+#ifdef CONFIG_FRAME_POINTER
+	/*
+	 * Use the compiler-provided frame pointer.
+	 * Limit the search to the current frame
+	 * Works on any arch that keeps FP when CONFIG_FRAME_POINTER=y.
+	 */
+	fp = __builtin_frame_address(0);
 
+	if (fp > stack_ptr && fp < stack_end)
+		stack_end = fp;
+#endif
+
+#ifdef CONFIG_STACKPROTECTOR
 	expected_canary = current->stack_canary;
+#else
+	pr_err("no canary without CONFIG_STACKPROTECTOR\n");
+	return 0;
+#endif
 
 	if (stack_ptr < stack_base || stack_ptr >= stack_end) {
 		pr_err("Stack pointer 0x%lx out of bounds [0x%lx, 0x%lx)\n",

@@ -85,15 +102,11 @@ static unsigned long ksw_find_stack_canary_addr(struct pt_regs *regs)
 		if (&stack_ptr[i] >= stack_end)
 			break;
 
-		if (stack_ptr[i] == expected_canary) {
-			pr_debug("canary found i:%d 0x%lx\n", i,
-				 (unsigned long)&stack_ptr[i]);
+		if (stack_ptr[i] == expected_canary)
 			return (unsigned long)&stack_ptr[i];
-		}
 	}
 
-	pr_debug("canary not found in first %d steps\n",
-		 MAX_CANARY_SEARCH_STEPS);
+	pr_err("canary not found in first %d steps\n", MAX_CANARY_SEARCH_STEPS);
 	return 0;
 }

-- 
2.43.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help