From patchwork Tue Mar 30 19:09:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Madhavan T. Venkataraman" X-Patchwork-Id: 12173595 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40345C433DB for ; Tue, 30 Mar 2021 19:12:57 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AD07E619CC for ; Tue, 30 Mar 2021 19:12:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AD07E619CC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=eNe0ZDA8bDFaLWYNRN8sgS/vrIdFRYx3Bz/QF9n3L/o=; b=pnlfODViWw2Mhi8Sp/QivS3Jo kEl7dWZHws3iGaERynJnEyY2IFnWSWzuvho9nq6mX9h+0rJ+537bGkYBk1GtHmwfogc+f7cpceGqq NbUO+Xt0//ETwlS88xtg+3m46lE3kXM8we0QFINKihqo8o0drZwwPr3RGk2uH6CgRu5mr9Dn7NRUP jKpKxIZPSRNVPoHz2Hnrfy+7ud9q+RLeH3wmbD6aFhVy9ed+P9lyc4sgwifujBb8Kogy9p5iX6dtp R3qjs8ylGHplqOBKHTGfqdyUSXAGh3rtwYy4TlvNfvKmeWTcG7n33vjZiFt1RwudRyX1Sx0pbMbSn m+/dKw+mg==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lRJll-004gfO-2Y; Tue, 30 Mar 2021 19:11:17 +0000 Received: from linux.microsoft.com ([13.77.154.182]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lRJkk-004gZz-A7 for linux-arm-kernel@lists.infradead.org; Tue, 30 Mar 2021 19:10:16 +0000 Received: from x64host.home (unknown [47.187.194.202]) by linux.microsoft.com (Postfix) with ESMTPSA id 0607C20B5683; Tue, 30 Mar 2021 12:10:05 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0607C20B5683 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1617131406; bh=tG53wNZpf8HBZJKuIfmKDNwBoTuKOAvtDqAtxH3M2v0=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Rb2oJC71omuekDN5ZjPznt6w7CJFxUAwPMV1nc5iwpLcnYy02Kn3eLR/PnzsROHS6 CHvro9WlnChrnD4/L3Jf8hzFGWVMQcQr5OcD0aDZjhfw4SBAbYChL3Ti0h/kE/wVNj QruGMqLmy7dE7nEtXQWwfCZJIc9sMUxX7ijnSInc= From: madvenka@linux.microsoft.com To: mark.rutland@arm.com, broonie@kernel.org, jpoimboe@redhat.com, jthierry@redhat.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, madvenka@linux.microsoft.com Subject: [RFC PATCH v1 4/4] arm64: Mark stack trace as unreliable if kretprobed functions are present Date: Tue, 30 Mar 2021 14:09:55 -0500 Message-Id: <20210330190955.13707-5-madvenka@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210330190955.13707-1-madvenka@linux.microsoft.com> References: <77bd5edeea72d44533c769b1e8c0fea7a9d7eb3a> <20210330190955.13707-1-madvenka@linux.microsoft.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210330_201015_123819_F864A539 X-CRM114-Status: GOOD ( 20.46 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: "Madhavan T. Venkataraman" When a kretprobe is active for a function, the function's return address in its stack frame is modified to point to the kretprobe trampoline. When the function returns, the frame is popped and control is transferred to the trampoline. The trampoline eventually returns to the original return address. If a stack walk is done within the function (or any functions that get called from there), the stack trace will only show the trampoline and the not the original caller. Also, if the trampoline itself and the functions it calls do a stack trace, that stack trace will also have the same problem. Detect this as well. If the trampoline is detected in the stack trace, mark the stack trace as unreliable. Signed-off-by: Madhavan T. Venkataraman Reviewed-by: Mark Brown --- arch/arm64/kernel/stacktrace.c | 37 ++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index 8b493a90c9f3..bf5abb0dd876 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -97,6 +97,36 @@ struct function_range { * if return_to_handler is detected on the stack. * * NOTE: The unwinder must do (1) before (2). + * + * KPROBES + * ======= + * + * There are two types of kprobes: + * + * (1) Regular kprobes that are placed anywhere in a probed function. + * This is implemented by replacing the probed instruction with a + * breakpoint. When the breakpoint is hit, the kprobe code emulates + * the original instruction in-situ and returns to the next + * instruction. + * + * Breakpoints are EL1 exceptions. When the unwinder detects them, + * the stack trace is marked as unreliable as it does not know where + * exactly the exception happened. Detection of EL1 exceptions in + * a stack trace will be done separately. + * + * (2) Return kprobes that are placed on the return of a probed function. + * In this case, Kprobes sets up an initial breakpoint at the + * beginning of the probed function. When the breakpoint is hit, + * Kprobes replaces the return address in the stack frame with the + * kretprobe_trampoline and records the original return address. + * When the probed function returns, control goes to the trampoline + * which eventually returns to the original return address. + * + * Stack traces taken while in the probed function or while in the + * trampoline will show kretprobe_trampoline instead of the original + * return address. Detect this and mark the stack trace unreliable. + * The detection is done by checking if the return PC falls anywhere + * in kretprobe_trampoline. */ static struct function_range special_functions[] = { /* @@ -121,6 +151,13 @@ static struct function_range special_functions[] = { #endif #endif + /* + * Kprobe trampolines. + */ +#ifdef CONFIG_KRETPROBES + { (unsigned long) kretprobe_trampoline, 0 }, + #endif + { 0, 0 } };