Received: by 2002:a05:6512:3d0e:0:0:0:0 with SMTP id d14csp58108lfv; Tue, 12 Apr 2022 17:10:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwA8N/SER89t8PYnyeSX6iLzBKN5VXZSpkcwe1r+omlDMPZPtQUs6QqdJvLQChFnIun9aj4 X-Received: by 2002:a17:902:cf05:b0:156:2aa:6e13 with SMTP id i5-20020a170902cf0500b0015602aa6e13mr39714207plg.137.1649808614710; Tue, 12 Apr 2022 17:10:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649808614; cv=none; d=google.com; s=arc-20160816; b=aaBAZJ1uvJY6lvPLUHLjmCaeUpeuVr7giplUDJS22SuyvdkXb6bUrF7BhBgvuD6Xjt JiyAcQlDBCKs+ah9p20BqbvnPh7DYmkLjBJZSaTOKNWF8/+OaUMU3pdFimG0icgRW7ZQ scWS0Q211xOxMKCqvWedRyWNdj46eARIWog4mnLo/aw6KTVoSu2AesKuX15mnztqOpLW LpehXlYwXaYjwtyO2CSROxdcfrpn35rP8FhM4qIrqqlNKeMA4HK3jnSnMgbx8SOF0LLy KgzC5EP5bmnzpJkbJ62/2q89TxDCWxLTWkRsxamnAjTmYuLKnaXCoFf6G5hpkQjCa/Iv 3WOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=D2RC4bAd0rEJWE1+T1i5AP8ZE6FR3hliXmVOSOJ2LTc=; b=mUBu6JuCECvTsLDUxsYEbHj+PDZGkh+ovyAxRPiyiWmgjRVX8Qi+66HJVK5J6BTTlh AtbWFL55SwkM7QAR5qsAzpbES7EPsJz5kacRTaga5KcxWjCOfIv2RM1fh+dVGIP/n83h bSkViY6i/yIwheGrIz0SL2i0HeH2VnQwNYgHYDBhHLJKrZ3zkafgPwG5qDTs4yVzL/wg ljEz3KaRRnvbFQSz4q4U2EtKmLclP+CnqRBUNThgj4mNsLlNfUlchYb/+dGomlmT6y84 nBsXyPoYzSyfwioH2i57wLvf8fl0YuVKwwftmwS/HnWWSLc15LU6XFI/R1xpZ2ZNe2tQ t4YQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=CD0i7wH+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id 32-20020a631360000000b0039cd10bbaf6si4221170pgt.126.2022.04.12.17.10.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 17:10:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=CD0i7wH+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A1F9F14B876; Tue, 12 Apr 2022 15:26:36 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238850AbiDLLaB (ORCPT + 99 others); Tue, 12 Apr 2022 07:30:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352894AbiDLLZn (ORCPT ); Tue, 12 Apr 2022 07:25:43 -0400 Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0557C2C64C for ; Tue, 12 Apr 2022 03:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=D2RC4bAd0rEJWE1+T1i5AP8ZE6FR3hliXmVOSOJ2LTc=; b=CD0i7wH+RnmCly9CxoPdlqSwSz iSO9n/kio46c9MbyVHMBOOAl1ZCPfgdM30zh5PaBe7JRDGEK05h1wwrBZKfIvfJUkWeTX2dsMzpd3 iEuiSg1pKi/lSWZ/Kp1RAzzPBwqNOwXVRuy1NuuV2FarxrDAXQRdxJjjG7vSSjnW5zWYdCjZsV4In b6qChRPRkvUmNJ+dEL8Uc41ZnIPkJlWAME/+HrqFG9Nos+OU9Rw3awQH9cPXtgbQ9KaAO58IrIhb5 0P/E1rrb23udl7jr2h4QdR6DaP3SzPLrKyZBnVC32NQygiAt05vk+20BeLGikv9jRQzZjyDuu5/CM ae6F/arQ==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1neDRt-004I1z-Nc; Tue, 12 Apr 2022 10:08:38 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 56A67300212; Tue, 12 Apr 2022 12:08:37 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 377C02DB89DEA; Tue, 12 Apr 2022 12:08:37 +0200 (CEST) Date: Tue, 12 Apr 2022 12:08:37 +0200 From: Peter Zijlstra To: Dmitry Monakhov Cc: linux-kernel@vger.kernel.org, x86@kernel.org, mingo@redhat.com, kim.phillips@amd.com, Josh Poimboeuf Subject: Re: [PATCH 1/2] x86/unwind/orc: recheck address range after stack info was updated Message-ID: References: <1649749204-186363-1-git-send-email-dmtrmonakhov@yandex-team.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1649749204-186363-1-git-send-email-dmtrmonakhov@yandex-team.ru> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 12, 2022 at 10:40:03AM +0300, Dmitry Monakhov wrote: > get_stack_info() detects stack type only by begin address, so we must > check that address range in question is fully covered by detected stack > > Otherwise following crash is possible: > -> unwind_next_frame > case ORC_TYPE_REGS: > if (!deref_stack_regs(state, sp, &state->ip, &state->sp)) > -> deref_stack_regs > -> stack_access_ok <- here addr is inside stack range, but addr+len-1 is not, but we still exit with success > *ip = READ_ONCE_NOCHECK(regs->ip); <- Here we hit stack guard fault > OOPS LOG: > <0>[ 1941.845743] BUG: stack guard page was hit at 000000000dd984a2 (stack is 00000000d1caafca..00000000613712f0) > <4>[ 1941.845751] get_perf_callchain+0x10d/0x280 > <4>[ 1941.845751] perf_callchain+0x6e/0x80 > <4>[ 1941.845752] perf_prepare_sample+0x87/0x540 > <4>[ 1941.845752] perf_event_output_forward+0x31/0x90 > <4>[ 1941.845753] __perf_event_overflow+0x5a/0xf0 > <4>[ 1941.845754] perf_ibs_handle_irq+0x340/0x5b0 > <4>[ 1941.845757] perf_ibs_nmi_handler+0x34/0x60 > <4>[ 1941.845757] nmi_handle+0x79/0x190 Urgh, this is another instance of trying to unwind an IP that no longer matches the stack. Fixing the unwinder bug is good, but arguable we should also fix this IBS stuff, see 6cbc304f2f36 ("perf/x86/intel: Fix unwind errors from PEBS entries (mk-II)")