diff mbox series

[bpf-next,v3,2/7] ftrace: Fix deadloop caused by direct call in ftrace selftest

Message ID 20220424154028.1698685-3-xukuohai@huawei.com (mailing list archive)
State Changes Requested
Delegated to: BPF
Headers show
Series bpf trampoline for arm64 | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Kernel LATEST on z15 + selftests
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next-VM_Test-1 success Logs for Kernel LATEST on ubuntu-latest + selftests
netdev/tree_selection success Clearly marked for bpf-next, async
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Series has a cover letter
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 11 this patch: 11
netdev/cc_maintainers success CCed 12 of 12 maintainers
netdev/build_clang success Errors and warnings before: 10 this patch: 10
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 11 this patch: 11
netdev/checkpatch warning CHECK: Lines should not end with a '(' WARNING: quoted string split across lines
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Xu Kuohai April 24, 2022, 3:40 p.m. UTC
After direct call is enabled for arm64, ftrace selftest enters a
dead loop:

<trace_selftest_dynamic_test_func>:
00  bti     c
01  mov     x9, x30                            <trace_direct_tramp>:
02  bl      <trace_direct_tramp>    ---------->     ret
                                                     |
                                         lr/x30 is 03, return to 03
                                                     |
03  mov     w0, #0x0   <-----------------------------|
     |                                               |
     |                   dead loop!                  |
     |                                               |
04  ret   ---- lr/x30 is still 03, go back to 03 ----|

The reason is that when the direct caller trace_direct_tramp() returns
to the patched function trace_selftest_dynamic_test_func(), lr is still
the address after the instrumented instruction in the patched function,
so when the patched function exits, it returns to itself!

To fix this issue, we need to restore lr before trace_direct_tramp()
exits, so rewrite a dedicated trace_direct_tramp() for arm64.

Reported-by: Li Huafei <lihuafei1@huawei.com>
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
---
 kernel/trace/trace_selftest.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

Comments

Steven Rostedt April 25, 2022, 3:05 p.m. UTC | #1
On Sun, 24 Apr 2022 11:40:23 -0400
Xu Kuohai <xukuohai@huawei.com> wrote:

> diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
> index abcadbe933bb..d2eff2b1d743 100644
> --- a/kernel/trace/trace_selftest.c
> +++ b/kernel/trace/trace_selftest.c
> @@ -785,8 +785,24 @@ static struct fgraph_ops fgraph_ops __initdata  = {
>  };
>  
>  #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
> +#ifdef CONFIG_ARM64

Please find a way to add this in arm specific code. Do not add architecture
defines in generic code.

You could add:

#ifndef ARCH_HAVE_FTRACE_DIRECT_TEST_FUNC
noinline __noclone static void trace_direct_tramp(void) { }
#endif

here, and in arch/arm64/include/ftrace.h

#define ARCH_HAVE_FTRACE_DIRECT_TEST_FUNC

and define your test function in the arm64 specific code.

-- Steve




> +extern void trace_direct_tramp(void);
> +
> +asm (
> +"	.pushsection	.text, \"ax\", @progbits\n"
> +"	.type		trace_direct_tramp, %function\n"
> +"	.global		trace_direct_tramp\n"
> +"trace_direct_tramp:"
> +"	mov	x10, x30\n"
> +"	mov	x30, x9\n"
> +"	ret	x10\n"
> +"	.size		trace_direct_tramp, .-trace_direct_tramp\n"
> +"	.popsection\n"
> +);
> +#else
>  noinline __noclone static void trace_direct_tramp(void) { }
>  #endif
> +#endif
>  
>  /*
>   * Pretty much the same than for the function tracer from which the selftest
Xu Kuohai April 26, 2022, 7:36 a.m. UTC | #2
On 4/25/2022 11:05 PM, Steven Rostedt wrote:
> On Sun, 24 Apr 2022 11:40:23 -0400
> Xu Kuohai <xukuohai@huawei.com> wrote:
> 
>> diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
>> index abcadbe933bb..d2eff2b1d743 100644
>> --- a/kernel/trace/trace_selftest.c
>> +++ b/kernel/trace/trace_selftest.c
>> @@ -785,8 +785,24 @@ static struct fgraph_ops fgraph_ops __initdata  = {
>>  };
>>  
>>  #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
>> +#ifdef CONFIG_ARM64
> 
> Please find a way to add this in arm specific code. Do not add architecture
> defines in generic code.
> 
> You could add:
> 
> #ifndef ARCH_HAVE_FTRACE_DIRECT_TEST_FUNC
> noinline __noclone static void trace_direct_tramp(void) { }
> #endif
> 
> here, and in arch/arm64/include/ftrace.h
> 
> #define ARCH_HAVE_FTRACE_DIRECT_TEST_FUNC
> 
> and define your test function in the arm64 specific code.
> 
> -- Steve
> 
> 

will move this to arch/arm64/ in v4, thanks.

> 
> 
>> +extern void trace_direct_tramp(void);
>> +
>> +asm (
>> +"	.pushsection	.text, \"ax\", @progbits\n"
>> +"	.type		trace_direct_tramp, %function\n"
>> +"	.global		trace_direct_tramp\n"
>> +"trace_direct_tramp:"
>> +"	mov	x10, x30\n"
>> +"	mov	x30, x9\n"
>> +"	ret	x10\n"
>> +"	.size		trace_direct_tramp, .-trace_direct_tramp\n"
>> +"	.popsection\n"
>> +);
>> +#else
>>  noinline __noclone static void trace_direct_tramp(void) { }
>>  #endif
>> +#endif
>>  
>>  /*
>>   * Pretty much the same than for the function tracer from which the selftest
> 
> .
diff mbox series

Patch

diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
index abcadbe933bb..d2eff2b1d743 100644
--- a/kernel/trace/trace_selftest.c
+++ b/kernel/trace/trace_selftest.c
@@ -785,8 +785,24 @@  static struct fgraph_ops fgraph_ops __initdata  = {
 };
 
 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
+#ifdef CONFIG_ARM64
+extern void trace_direct_tramp(void);
+
+asm (
+"	.pushsection	.text, \"ax\", @progbits\n"
+"	.type		trace_direct_tramp, %function\n"
+"	.global		trace_direct_tramp\n"
+"trace_direct_tramp:"
+"	mov	x10, x30\n"
+"	mov	x30, x9\n"
+"	ret	x10\n"
+"	.size		trace_direct_tramp, .-trace_direct_tramp\n"
+"	.popsection\n"
+);
+#else
 noinline __noclone static void trace_direct_tramp(void) { }
 #endif
+#endif
 
 /*
  * Pretty much the same than for the function tracer from which the selftest