From patchwork Mon Aug 28 12:53:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pratyush Anand X-Patchwork-Id: 9925461 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5787260375 for ; Mon, 28 Aug 2017 12:54:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4770F28694 for ; Mon, 28 Aug 2017 12:54:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3A1AE286B6; Mon, 28 Aug 2017 12:54:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E9FA1286CA for ; Mon, 28 Aug 2017 12:54:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=N4B4M3LS5Ug0EWyW8cCZ6oFCxpO4F9fJXE+0Klcxm6I=; b=hYi YnHzcsslA0SPZEP7z8JbDMoHm7EkELgoiU29hfbS05fUy/m+pWt9MXpmOWAYWcnAck/AWK3wl243X EDtvlaU/pDc8mUnsJxsqrHI8tNKe1lQXLjz+Ii8Y8qHs4EFet9L+Z3fMag0yJyu3SW1U8Cs4tXXDm YEhbU2EK+RxHDfYMhvc/8wcPTxGAuHvxXTK7avCubH1Ra1QUdmZ87FBv7P/DHGx3OoPn1qnncRn6F 2APH3fPHWDEjuN3weVwJBiyiTIEROL1SWlLGE48jX/6NdTy65tpiRZXg9WMgLoxIkTIskhRL+JPz/ mhyAE/BWAgOHV1yaWkb9M1xbw1rarDQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dmJYl-0001oX-Gp; Mon, 28 Aug 2017 12:54:31 +0000 Received: from mail-pg0-f47.google.com ([74.125.83.47]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dmJYh-0001fL-CG for linux-arm-kernel@lists.infradead.org; Mon, 28 Aug 2017 12:54:29 +0000 Received: by mail-pg0-f47.google.com with SMTP id 63so1230636pgc.2 for ; Mon, 28 Aug 2017 05:54:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=kre+8+NfeNsclMvWyHwB/2Ha0yznSApSBTY/oqSr9GE=; b=CLFxRWqu2LrhiAZIc6e/hbrdU9N09OjLv1g3kiNDJF9U38hbjoawSm4mQ/g/KzvFnP 0fbim2gAfsUm5CNkAJ67l1BcrN4z7Z0EZ3T7VWU4Yq1Z+NivHw+pxaBR4csoNBpZDTKY C8SwnI2rDwlW0ANvOFjgbv4zPRZB2vWf7uBGOinImJ4zN4WKDrOZ0Hnwn5IzcQ0eMyVg 8dzcR9nJOX2zwunJGnlO0KMz5assT5KYxl/UGLvgZJv9ZQpIOj4/rqlWOQQzZbM7Jmsb X0JmXkBT0OaqYomU3KNtFcgQJIyiknstTepxtUFZiCnfA13gUwVRedeIGaqCJZtU8MRi /O5Q== X-Gm-Message-State: AHYfb5hUOGqIPC5HYKrFWe6oSOS3Z0kifXAt+Zf3s6nJIfUYePwi4gKU +DCHFTmsYMGJ8jVF7prcvQ== X-Google-Smtp-Source: ADKCNb7PhxdwCiQJhULcy7/xL+/4C9T1M3pOo/SY9ZrZ63c8VR85y882Gfe61MU7ya1Pjhjgn/q6oA== X-Received: by 10.98.8.133 with SMTP id 5mr516430pfi.62.1503924845729; Mon, 28 Aug 2017 05:54:05 -0700 (PDT) Received: from localhost ([122.162.13.88]) by smtp.gmail.com with ESMTPSA id h70sm1146551pfc.92.2017.08.28.05.54.04 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 28 Aug 2017 05:54:05 -0700 (PDT) From: Pratyush Anand To: linux-arm-kernel@lists.infradead.org Subject: [PATCH] arm64: fix unwind_frame() for filtered out fn via set_graph_notrace Date: Mon, 28 Aug 2017 18:23:54 +0530 Message-Id: <4a92b0bf5ee602de6463057e5d98d20b4d4f2bcd.1503924827.git.panand@redhat.com> X-Mailer: git-send-email 2.9.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170828_055427_462571_9092DA62 X-CRM114-Status: GOOD ( 14.45 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Pratyush Anand , linux-kernel@vger.kernel.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Testcase: cd /sys/kernel/debug/tracing/ echo schedule > set_graph_notrace echo 1 > options/display-graph echo wakeup > current_tracer ps -ef | grep -i agent Above commands result in PANIC: "Unable to handle kernel paging request at virtual address ffff801bcbde7000" vmcore analysis: 1) crash> bt PID: 1561 TASK: ffff8003cb7e4000 CPU: 0 COMMAND: "ps" #0 [ffff8003c4ff77b0] crash_kexec at ffff00000816b9b8 #1 [ffff8003c4ff77e0] die at ffff000008088b34 #2 [ffff8003c4ff7820] __do_kernel_fault at ffff00000809b830 #3 [ffff8003c4ff7850] do_bad_area at ffff000008098b90 #4 [ffff8003c4ff7880] do_translation_fault at ffff0000087c6cdc #5 [ffff8003c4ff78b0] do_mem_abort at ffff000008081334 #6 [ffff8003c4ff7ab0] el1_ia at ffff000008082cc0 PC: ffff00000808811c [unwind_frame+300] LR: ffff0000080858a8 [get_wchan+212] SP: ffff8003c4ff7ab0 PSTATE: 60000145 X29: ffff8003c4ff7ab0 X28: 0000000000000001 X27: 0000000000000000 X26: 0000000000000000 X25: 0000000000000000 X24: 0000000000000000 X23: ffff8003c1c20000 X22: ffff000008c73000 X21: ffff8003c1c1c000 X20: 000000000000000f X19: ffff8003c1bc7000 X18: 0000000000000010 X17: 0000000000000000 X16: 0000000000000001 X15: ffffffffffffffed X14: 0000000000000010 X13: ffffffffffffffff X12: 0000000000000004 X11: 0000000000000000 X10: 0000000002dd14c0 X9: 1999999999999999 X8: 000000000000003f X7: 00008003f71b0000 X6: 0000000000000018 X5: 0000000000000000 X4: ffff8003c1c1fd20 X3: ffff8003c1c1fd10 X2: 00000017ffe80000 X1: ffff8003c4ff7af8 X0: ffff8003cbf67000 #7 [ffff8003c4ff7b20] do_task_stat at ffff000008304f0c #8 [ffff8003c4ff7c60] proc_tgid_stat at ffff000008305b48 #9 [ffff8003c4ff7ca0] proc_single_show at ffff0000082fdd10 #10 [ffff8003c4ff7ce0] seq_read at ffff0000082b27bc #11 [ffff8003c4ff7d70] __vfs_read at ffff000008289e54 #12 [ffff8003c4ff7e30] vfs_read at ffff00000828b14c #13 [ffff8003c4ff7e70] sys_read at ffff00000828c2d0 #14 [ffff8003c4ff7ed0] __sys_trace at ffff00000808349c PC: 00000006 LR: 00000000 SP: ffffffffffffffed PSTATE: 0000003f X12: 00000010 X11: ffffffffffffffff X10: 00000004 X9: ffff7febe8d0 X8: 00000000 X7: 1999999999999999 X6: 0000003f X5: 0000000c X4: ffff7fce9c78 X3: 0000000c X2: 00000000 X1: 00000000 X0: 00000400 (2) Instruction at ffff00000808811c caused IA/DA. crash> dis -l ffff000008088108 6 /usr/src/debug/xxxxxxxxxxxx/xxxxxxxxxx/arch/arm64/kernel/stacktrace.c: 84 0xffff000008088108 : ldr w2, [x1,#24] 0xffff00000808810c : sub w6, w2, #0x1 0xffff000008088110 : str w6, [x1,#24] 0xffff000008088114 : mov w6, #0x18 // #24 0xffff000008088118 : umull x2, w2, w6 0xffff00000808811c : ldr x0, [x0,x2] Corresponding c statement is frame->pc = tsk->ret_stack[frame->graph--].ret; (3) So, it caused data abort while executing 0xffff00000808811c : ldr x0, [x0,x2] x0 + x2 = ffff8003cbf67000 + 00000017ffe80000 = ffff801bcbde7000 Access of ffff801bcbde7000 resulted in "Unable to handle kernel paging request" from above data: frame->graph = task->curr_ret_stack which should be, x2 / 0x18 = FFFF0000, which is -FTRACE_NOTRACE_DEPTH. OK, so problem is here: do_task_stat() calls get_wchan(). Here p->curr_ret_stack is -FTRACE_NOTRACE_DEPTH in the failed case. It means, when do_task_stat() has been called for task A (ps in this case) on CPUm,task A was in mid of execution on CPUn, and was in the mid of mcount() execution where curr_ret_stack had been decremented in ftrace_push_return_trace() for hitting schedule() function, but it was yet to be incremented in ftrace_return_to_handler(). Similar problem we can have with calling of walk_stackframe() from save_stack_trace_tsk() or dump_backtrace(). This patch fixes unwind_frame() to not to manipulate frame->pc for function graph tracer if the function has been marked in set_graph_notrace. This patch fixes: 20380bb390a4 (arm64: ftrace: fix a stack tracer's output under function graph tracer) Signed-off-by: Pratyush Anand --- arch/arm64/kernel/stacktrace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index 09d37d66b630..e79035d673b3 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -74,7 +74,8 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame) #ifdef CONFIG_FUNCTION_GRAPH_TRACER if (tsk->ret_stack && - (frame->pc == (unsigned long)return_to_handler)) { + (frame->pc == (unsigned long)return_to_handler) && + (frame->graph > -1)) { /* * This is a case where function graph tracer has * modified a return address (LR) in a stack frame