Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2670248pxb;
        Tue, 9 Mar 2021 08:08:08 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwReyjVAySemiSj5FCZ4bF6EDwF44VZEXCOzxcc0nNidk3kh2xw6pf1jgdpfF/8lAoHXd1s
X-Received: by 2002:a5d:4884:: with SMTP id g4mr17380138wrq.191.1615306088360;
        Tue, 09 Mar 2021 08:08:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1615306088; cv=none;
        d=google.com; s=arc-20160816;
        b=UK1Q9acnYHj3Dt4KZZWyNm85RAVvN9YmuOtUTqi3BvHbXEE3EANvIwq9B1i231CYSe
         0+M+k9OwrsqLjNPdLmFLaf/OvdkqHHhtdP9v8Sf7zisgZ7/Ij6EiJugNkB1VsaEs8sGz
         JAxIa37A1WG4CBobGznhzFTmVZrrkfNJZECL74Vagdv7b4Qfvd6yZ75Bx8hryYKpdfcK
         aKgGxtMWn7g3FUFJBB/ZQ8/EZ1IbAW9IEXdN8g4Z4557myy7YEI2mf6RnZMCk81Vri47
         WFkH5qbco+pwoIZrTlDS0sbsHk2YsfiBYoqq1c8zUn5oz8apYM7eWlvVIHGVX32FOSXe
         23ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=yFAwMPF/mYBjd+sQQiiLnso3D1Cs6lFBNtWuDonXEEw=;
        b=FeMHPyf8W2JxfqKogdPmfW5HzS7mSsIgGSmrxcfzPPCVJ2K15sOwxnP6y6JcOGcgxt
         Dn54GFiGX+0IZ4u0yjFg+8EK7p+pYFXP8Q3slC+Vko+7R0HPYoghJaeVkCdl8W6ckaww
         Xe6sK+dmwK7WRTU1bxLkPoeidqgPN7mMH0ZLR3A3SB3wNtHrpr7O5EODyXHPmSgx5NNr
         19Lv8w+Wy2CBzu/3BL7/SIS27y4rdhx+Hv9UCTS7/ciJjyg9K5Z0DAOtc5O6EKHRr4rL
         aPi6HTtn/cU9tkOmtXUlw0QrB6ht/EYcZJ+qceE+i8vZt9KgWwNaXa6ZnVnNMZ84i6FD
         mJmQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l24si9582992eds.501.2021.03.09.08.07.19;
        Tue, 09 Mar 2021 08:08:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231842AbhCIQF7 (ORCPT <rfc822;lyj496332184@gmail.com>
        + 99 others); Tue, 9 Mar 2021 11:05:59 -0500
Received: from foss.arm.com ([217.140.110.172]:55774 "EHLO foss.arm.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231326AbhCIQFf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Mar 2021 11:05:35 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2DFF21042;
        Tue,  9 Mar 2021 08:05:35 -0800 (PST)
Received: from C02TD0UTHF1T.local (unknown [10.57.49.159])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 032A13F71B;
        Tue,  9 Mar 2021 08:05:32 -0800 (PST)
Date:   Tue, 9 Mar 2021 16:05:23 +0000
From:   Mark Rutland <mark.rutland@arm.com>
To:     Segher Boessenkool <segher@kernel.crashing.org>
Cc:     Marco Elver <elver@google.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>, broonie@kernel.org,
        Paul Mackerras <paulus@samba.org>,
        kasan-dev <kasan-dev@googlegroups.com>,
        linuxppc-dev@lists.ozlabs.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v1] powerpc: Include running function as first entry in
 save_stack_trace() and friends
Message-ID: <20210309160505.GA4979@C02TD0UTHF1T.local>
References: <e2e8728c4c4553bbac75a64b148e402183699c0c.1614780567.git.christophe.leroy@csgroup.eu>
 <CANpmjNOvgbUCf0QBs1J-mO0yEPuzcTMm7aS1JpPB-17_LabNHw@mail.gmail.com>
 <1802be3e-dc1a-52e0-1754-a40f0ea39658@csgroup.eu>
 <YD+o5QkCZN97mH8/@elver.google.com>
 <20210304145730.GC54534@C02TD0UTHF1T.local>
 <20210304215448.GU29191@gate.crashing.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210304215448.GU29191@gate.crashing.org>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Mar 04, 2021 at 03:54:48PM -0600, Segher Boessenkool wrote:
> Hi!

Hi Segher,

> On Thu, Mar 04, 2021 at 02:57:30PM +0000, Mark Rutland wrote:
> > It looks like GCC is happy to give us the function-entry-time FP if we use
> > __builtin_frame_address(1),
> 
> From the GCC manual:
>      Calling this function with a nonzero argument can have
>      unpredictable effects, including crashing the calling program.  As
>      a result, calls that are considered unsafe are diagnosed when the
>      '-Wframe-address' option is in effect.  Such calls should only be
>      made in debugging situations.
> 
> It *does* warn (the warning is in -Wall btw), on both powerpc and
> aarch64.  Furthermore, using this builtin causes lousy code (it forces
> the use of a frame pointer, which we normally try very hard to optimise
> away, for good reason).
> 
> And, that warning is not an idle warning.  Non-zero arguments to
> __builtin_frame_address can crash the program.  It won't on simpler
> functions, but there is no real definition of what a simpler function
> *is*.  It is meant for debugging, not for production use (this is also
> why no one has bothered to make it faster).
>
> On Power it should work, but on pretty much any other arch it won't.

I understand this is true generally, and cannot be relied upon in
portable code. However as you hint here for Power, I believe that on
arm64 __builtin_frame_address(1) shouldn't crash the program due to the
way frame records work on arm64, but I'll go check with some local
compiler folk. I agree that __builtin_frame_address(2) and beyond
certainly can, e.g.  by NULL dereference and similar.

For context, why do you think this would work on power specifically? I
wonder if our rationale is similar.

Are you aware of anything in particular that breaks using
__builtin_frame_address(1) in non-portable code, or is this just a
general sentiment of this not being a supported use-case?

> > Unless we can get some strong guarantees from compiler folk such that we
> > can guarantee a specific function acts boundary for unwinding (and
> > doesn't itself get split, etc), the only reliable way I can think to
> > solve this requires an assembly trampoline. Whatever we do is liable to
> > need some invasive rework.
> 
> You cannot get such a guarantee, other than not letting the compiler
> see into the routine at all, like with assembler code (not inline asm,
> real assembler code).

If we cannot reliably ensure this then I'm happy to go write an assembly
trampoline to snapshot the state at a function call boundary (where our
procedure call standard mandates the state of the LR, FP, and frame
records pointed to by the FP). This'll require reworking a reasonable
amount of code cross-architecture, so I'll need to get some more
concrete justification (e.g. examples of things that can go wrong in
practice).

> The real way forward is to bite the bullet and to no longer pretend you
> can do a full backtrace from just the stack contents.  You cannot.

I think what you mean here is that there's no reliable way to handle the
current/leaf function, right? If so I do agree.

Beyond that I believe that arm64's frame records should be sufficient.

Thanks,
Mark.