Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks

(off-list ancestor, not in this archive)
[RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · <hidden> · 2021-04-05
[RFC PATCH v2 1/4] arm64: Implement infrastructure for stack trace reliability checks · <hidden> · 2021-04-05
Re: [RFC PATCH v2 1/4] arm64: Implement infrastructure for stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-08
Re: [RFC PATCH v2 1/4] arm64: Implement infrastructure for stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-08
Re: [RFC PATCH v2 1/4] arm64: Implement infrastructure for stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-08
Re: [RFC PATCH v2 1/4] arm64: Implement infrastructure for stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-08
Re: [RFC PATCH v2 1/4] arm64: Implement infrastructure for stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-09
[RFC PATCH v2 2/4] arm64: Mark a stack trace unreliable if an EL1 exception frame is detected · <hidden> · 2021-04-05
[RFC PATCH v2 3/4] arm64: Detect FTRACE cases that make the stack trace unreliable · <hidden> · 2021-04-05
Re: [RFC PATCH v2 3/4] arm64: Detect FTRACE cases that make the stack trace unreliable · Mark Brown <broonie@kernel.org> · 2021-04-08
Re: [RFC PATCH v2 3/4] arm64: Detect FTRACE cases that make the stack trace unreliable · Madhavan T. Venkataraman <hidden> · 2021-04-08
Re: [RFC PATCH v2 3/4] arm64: Detect FTRACE cases that make the stack trace unreliable · Mark Brown <broonie@kernel.org> · 2021-04-09
Re: [RFC PATCH v2 3/4] arm64: Detect FTRACE cases that make the stack trace unreliable · Madhavan T. Venkataraman <hidden> · 2021-04-09
Re: [RFC PATCH v2 3/4] arm64: Detect FTRACE cases that make the stack trace unreliable · Mark Rutland <mark.rutland@arm.com> · 2021-04-09
Re: [RFC PATCH v2 3/4] arm64: Detect FTRACE cases that make the stack trace unreliable · Madhavan T. Venkataraman <hidden> · 2021-04-09
[RFC PATCH v2 4/4] arm64: Mark stack trace as unreliable if kretprobed functions are present · <hidden> · 2021-04-05
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Mark Rutland <mark.rutland@arm.com> · 2021-04-09
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-09
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Josh Poimboeuf <hidden> · 2021-04-09
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-09
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Josh Poimboeuf <hidden> · 2021-04-09
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Josh Poimboeuf <hidden> · 2021-04-09
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-11
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-12
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Josh Poimboeuf <hidden> · 2021-04-13
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-14
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-12
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-12
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-13
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-14
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-14
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Madhavan T. Venkataraman <hidden> · 2021-04-16
Re: [RFC PATCH v2 0/4] arm64: Implement stack trace reliability checks · Mark Brown <broonie@kernel.org> · 2021-04-16

From: Josh Poimboeuf <hidden>
Date: 2021-04-09 22:32:41
Also in: linux-arm-kernel, lkml

On Fri, Apr 09, 2021 at 05:05:58PM -0500, Madhavan T. Venkataraman wrote:

quoted

FWIW, over the years we've had zero issues with encoding the frame
pointer on x86.  After you save pt_regs, you encode the frame pointer to
point to it.  Ideally in the same macro so it's hard to overlook.

I had the same opinion. In fact, in my encoding scheme, I have additional
checks to make absolutely sure that it is a true encoding and not stack
corruption. The chances of all of those values accidentally matching are,
well, null.

Right, stack corruption -- which is already exceedingly rare -- would
have to be combined with a miracle or two in order to come out of the
whole thing marked as 'reliable' :-)

And really, we already take a similar risk today by "trusting" the frame
pointer value on the stack to a certain extent.

quoted

I think there's a lot more code that we cannot unwind, e.g. KVM
exception code, or almost anything marked with SYM_CODE_END().

Just a reminder that livepatch only unwinds blocked tasks (plus the
'current' task which calls into livepatch).  So practically speaking, it
doesn't matter whether the 'unreliable' detection has full coverage.
The only exceptions which really matter are those which end up calling
schedule(), e.g. preemption or page faults.

Being able to consistently detect *all* possible unreliable paths would
be nice in theory, but it's unnecessary and may not be worth the extra
complexity.

You do have a point. I tried to think of arch_stack_walk_reliable() as
something that should be implemented independent of livepatching. But
I could not really come up with a single example of where else it would
really be useful.

So, if we assume that the reliable stack trace is solely for the purpose
of livepatching, I agree with your earlier comments as well.

One thought: if folks really view this as a problem, it might help to
just rename things to reduce confusion.

For example, instead of calling it 'reliable', we could call it
something more precise, like 'klp_reliable', to indicate that its
reliable enough for live patching.

Then have a comment above 'klp_reliable' and/or
stack_trace_save_tsk_klp_reliable() which describes what that means.

Hm, for that matter, even without renaming things, a comment above
stack_trace_save_tsk_reliable() describing the meaning of "reliable"
would be a good idea.

-- 
Josh

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help