Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp540481pxb; Wed, 3 Feb 2021 11:09:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJwY/TD+JAbkzGVxFkHpRLJ/2/jAivuyw92vEG1UPtkQMyprak4i5+JHLG2/FbQGmZVUBBui X-Received: by 2002:a17:906:e092:: with SMTP id gh18mr4795445ejb.389.1612379348108; Wed, 03 Feb 2021 11:09:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612379348; cv=none; d=google.com; s=arc-20160816; b=UVYvXpZHa1wAeh3ixsy6SnNxdODSgv99iMI2KkrKzGhU3r7siSxg7yjyNvHqJRTssH gd2Oe/fCzTzFkIEAnEq/FCZm++eO/MK3MHeY2GyU4377asfWAyqUMHIn2cdp1IKosuLN xDLxlcpNsHjQ5ZqdR9Xizv8cfjpLF0SLLVKk4xI/aLAP0wH+5NRi4GuOE+8BvxbOkiey gOXkdfUWFRT8y2dUL0iW7TLXkchB/NWaowCAGh4yxy7nEIPIyOXtx5xQHYr7Ktia9K7e tz9I5SREM19ioxgAM7Taio91rbqGOwfIOoJDx+nG4YqLqdc7A/ART5myLtxjgnSflcsm uvyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=lFt/2RFOzQN6thk0J4a0+YNcEpiz/J/7UyVDz3HjZfM=; b=Oa4pC8ZUGA9lWloPviWLCM0cL4JFVhm7xvg9OIjCnchCl6eEhIW6gjusQm3piehHkJ nqBnWofvAXc7jYE9I6tR72q5i5NNFVF2Jyz3qGm73dN2XnigHVVt3D5Wsth2/q05HxsU d9juCsfIh5L6iW94JmdZxXeNXxPZi5DCDmcp4anMs2LzFHNT1U+VHi/1PMxmy4iIP0wI hTQ0gMONbfYuqIBs7ECV3LyF0unWW9n7y19vGdOB+5F3yoVbytwdBZkUPM663BSHO0Aa XkY62AFItGfBurOvo5PQizxZLd9lhROX2LEr4HC+XQ+ljtMjIfwcRa2SeubVFas/Mp4Y NiAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ix0LqXjj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m9si2202869ejj.472.2021.02.03.11.08.37; Wed, 03 Feb 2021 11:09:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ix0LqXjj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232973AbhBCTHO (ORCPT + 99 others); Wed, 3 Feb 2021 14:07:14 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:35298 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232924AbhBCTHM (ORCPT ); Wed, 3 Feb 2021 14:07:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612379145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=lFt/2RFOzQN6thk0J4a0+YNcEpiz/J/7UyVDz3HjZfM=; b=ix0LqXjjcngVEfBkiUQI9v7QV2yxd2gofbdg/nA7t925ZlGHLUETXjldmHLKtw5X7a+Ct1 C5pQY90MVqeUROSdKn/27R638zwbFsfljZ0Tsg9pA3rbfNhWdont9Y/c/0LI+3m/H/xcjb HPAfafrYuDKyC+akdROboKe3ZtPYa9k= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-66-sTIcB_hWN7CUN9FEBbW0aA-1; Wed, 03 Feb 2021 14:05:41 -0500 X-MC-Unique: sTIcB_hWN7CUN9FEBbW0aA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 127AA1083E90; Wed, 3 Feb 2021 19:05:36 +0000 (UTC) Received: from treble (ovpn-120-118.rdu2.redhat.com [10.10.120.118]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 61D86709A9; Wed, 3 Feb 2021 19:05:21 +0000 (UTC) Date: Wed, 3 Feb 2021 13:05:18 -0600 From: Josh Poimboeuf To: Ivan Babrou Cc: Peter Zijlstra , kernel-team , Ignat Korchagin , Hailong liu , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Andrew Morton , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" , Miroslav Benes , Julien Thierry , Jiri Slaby , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, "Steven Rostedt (VMware)" , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , Robert Richter , "Joel Fernandes (Google)" , Mathieu Desnoyers , Linux Kernel Network Developers , bpf@vger.kernel.org, Alexey Kardashevskiy Subject: Re: BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1df5/0x2650 Message-ID: <20210203190518.nlwghesq75enas6n@treble> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 03, 2021 at 09:46:55AM -0800, Ivan Babrou wrote: > > Can you pretty please not line-wrap console output? It's unreadable. > > GMail doesn't make it easy, I'll send a link to a pastebin next time. > Let me know if you'd like me to regenerate the decoded stack. > > > > edfd9b7838ba5e47f19ad8466d0565aba5c59bf0 is the first bad commit > > > commit edfd9b7838ba5e47f19ad8466d0565aba5c59bf0 > > > > Not sure what tree you're on, but that's not the upstream commit. > > I mentioned that it's a rebased core-static_call-2020-10-12 tag and > added a link to the upstream hash right below. > > > > Author: Steven Rostedt (VMware) > > > Date: Tue Aug 18 15:57:52 2020 +0200 > > > > > > tracepoint: Optimize using static_call() > > > > > > > There's a known issue with that patch, can you try: > > > > http://lkml.kernel.org/r/20210202220121.435051654@goodmis.org > > I've tried it on top of core-static_call-2020-10-12 tag rebased on top > of v5.9 (to make it reproducible), and the patch did not help. Do I > need to apply the whole series or something else? Can you recreate with this patch, and add "unwind_debug" to the cmdline? It will spit out a bunch of stack data. From: Josh Poimboeuf Subject: [PATCH] Subject: [PATCH] x86/unwind: Add 'unwind_debug' cmdline option Sometimes the one-line ORC unwinder warnings aren't very helpful. Take the existing frame pointer unwind_dump() and make it useful for all unwinders. I don't want to be too aggressive about enabling the dumps, so for now they're only enabled with the use of a new 'unwind_debug' cmdline option. When enabled, it will dump the full contents of the stack when an error condition is encountered, or when dump_stack() is called. Signed-off-by: Josh Poimboeuf --- .../admin-guide/kernel-parameters.txt | 6 +++ arch/x86/include/asm/unwind.h | 3 ++ arch/x86/kernel/dumpstack.c | 39 ++++++++++++++ arch/x86/kernel/unwind_frame.c | 51 +++---------------- arch/x86/kernel/unwind_orc.c | 5 +- 5 files changed, 58 insertions(+), 46 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 3d6604a949f8..d29689aa62a2 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -5521,6 +5521,12 @@ unknown_nmi_panic [X86] Cause panic on unknown NMI. + unwind_debug [X86-64] + Enable unwinder debug output. This can be + useful for debugging certain unwinder error + conditions, including corrupt stacks and + bad/missing unwinder metadata. + usbcore.authorized_default= [USB] Default USB device authorization: (default -1 = authorized except for wireless USB, diff --git a/arch/x86/include/asm/unwind.h b/arch/x86/include/asm/unwind.h index 70fc159ebe69..5101d7ef7912 100644 --- a/arch/x86/include/asm/unwind.h +++ b/arch/x86/include/asm/unwind.h @@ -123,4 +123,7 @@ static inline bool task_on_another_cpu(struct task_struct *task) #endif } +extern bool unwind_debug __ro_after_init; +void unwind_dump(struct unwind_state *state); + #endif /* _ASM_X86_UNWIND_H */ diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index 299c20f0a38b..febfd5b7f62a 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -29,6 +29,42 @@ static int die_counter; static struct pt_regs exec_summary_regs; +bool unwind_debug __ro_after_init; +static int __init unwind_debug_cmdline(char *str) +{ + unwind_debug = true; + return 0; +} +early_param("unwind_debug", unwind_debug_cmdline); + +void unwind_dump(struct unwind_state *state) +{ + unsigned long word, *sp; + struct stack_info stack_info = {0}; + unsigned long visit_mask = 0; + + printk_deferred("unwinder dump: stack type:%d next_sp:%p mask:0x%lx graph_idx:%d\n", + state->stack_info.type, state->stack_info.next_sp, + state->stack_mask, state->graph_idx); + + sp = state->task == current ? __builtin_frame_address(0) + : (void *)state->task->thread.sp; + + for (; sp; sp = PTR_ALIGN(stack_info.next_sp, sizeof(long))) { + if (get_stack_info(sp, state->task, &stack_info, &visit_mask)) + break; + + for (; sp < stack_info.end; sp++) { + + word = READ_ONCE_NOCHECK(*sp); + + printk_deferred("%0*lx: %0*lx (%pB)\n", BITS_PER_LONG/4, + (unsigned long)sp, BITS_PER_LONG/4, + word, (void *)word); + } + } +} + bool noinstr in_task_stack(unsigned long *stack, struct task_struct *task, struct stack_info *info) { @@ -301,6 +337,9 @@ static void show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs, if (stack_name) printk("%s \n", log_lvl, stack_name); } + + if (unwind_debug) + unwind_dump(&state); } void show_stack(struct task_struct *task, unsigned long *sp, diff --git a/arch/x86/kernel/unwind_frame.c b/arch/x86/kernel/unwind_frame.c index d7c44b257f7f..6bcdf6ecad65 100644 --- a/arch/x86/kernel/unwind_frame.c +++ b/arch/x86/kernel/unwind_frame.c @@ -28,48 +28,6 @@ unsigned long *unwind_get_return_address_ptr(struct unwind_state *state) return state->regs ? &state->regs->ip : state->bp + 1; } -static void unwind_dump(struct unwind_state *state) -{ - static bool dumped_before = false; - bool prev_zero, zero = false; - unsigned long word, *sp; - struct stack_info stack_info = {0}; - unsigned long visit_mask = 0; - - if (dumped_before) - return; - - dumped_before = true; - - printk_deferred("unwind stack type:%d next_sp:%p mask:0x%lx graph_idx:%d\n", - state->stack_info.type, state->stack_info.next_sp, - state->stack_mask, state->graph_idx); - - for (sp = PTR_ALIGN(state->orig_sp, sizeof(long)); sp; - sp = PTR_ALIGN(stack_info.next_sp, sizeof(long))) { - if (get_stack_info(sp, state->task, &stack_info, &visit_mask)) - break; - - for (; sp < stack_info.end; sp++) { - - word = READ_ONCE_NOCHECK(*sp); - - prev_zero = zero; - zero = word == 0; - - if (zero) { - if (!prev_zero) - printk_deferred("%p: %0*x ...\n", - sp, BITS_PER_LONG/4, 0); - continue; - } - - printk_deferred("%p: %0*lx (%pB)\n", - sp, BITS_PER_LONG/4, word, (void *)word); - } - } -} - static bool in_entry_code(unsigned long ip) { char *addr = (char *)ip; @@ -244,7 +202,6 @@ static bool update_stack_state(struct unwind_state *state, addr, addr_p); } - /* Save the original stack pointer for unwind_dump(): */ if (!state->orig_sp) state->orig_sp = frame; @@ -346,13 +303,17 @@ bool unwind_next_frame(struct unwind_state *state) "WARNING: kernel stack regs at %p in %s:%d has bad 'bp' value %p\n", state->regs, state->task->comm, state->task->pid, next_bp); - unwind_dump(state); + + if (unwind_debug) + unwind_dump(state); } else { printk_deferred_once(KERN_WARNING "WARNING: kernel stack frame pointer at %p in %s:%d has bad value %p\n", state->bp, state->task->comm, state->task->pid, next_bp); - unwind_dump(state); + + if (unwind_debug) + unwind_dump(state); } the_end: state->stack_info.type = STACK_TYPE_UNKNOWN; diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c index 73f800100066..38265eac41dd 100644 --- a/arch/x86/kernel/unwind_orc.c +++ b/arch/x86/kernel/unwind_orc.c @@ -13,8 +13,11 @@ #define orc_warn_current(args...) \ ({ \ - if (state->task == current) \ + if (state->task == current) { \ orc_warn(args); \ + if (unwind_debug) \ + unwind_dump(state); \ + } \ }) extern int __start_orc_unwind_ip[]; -- 2.29.2