Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   He Zhe <zhe.he@windriver.com>
To:     catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com,
        tglx@linutronix.de, bp@alien8.de, dave.hansen@linux.intel.com,
        keescook@chromium.org, alexander.shishkin@linux.intel.com,
        jolsa@kernel.org, namhyung@kernel.org, benh@kernel.crashing.org,
        paulus@samba.org, borntraeger@linux.ibm.com, svens@linux.ibm.com,
        hpa@zytor.com
Cc:     x86@kernel.org, linux-arm-kernel@lists.infradead.org,
        linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org,
        linux-s390@vger.kernel.org, linux-perf-users@vger.kernel.org,
        linux-kernel@vger.kernel.org, zhe.he@windriver.com
Subject: [PATCH RFC 2/8] arm64: stacktrace: Add arch_within_stack_frames
Date:   Mon, 18 Apr 2022 21:22:11 +0800
Message-Id: <20220418132217.1573072-3-zhe.he@windriver.com>
In-Reply-To: <20220418132217.1573072-1-zhe.he@windriver.com>
References: <20220418132217.1573072-1-zhe.he@windriver.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?cI5QHA39fhqVvKLCszKi+qlJwj8q3cmRp3l8DIX/186Zgu0pPeAZaFzJM6jm?=
 =?us-ascii?Q?ipk3bxZXuErq02ZNi4rYDh/ZhC1vLg6iUSK+MG+Lbi2lmQYQxOrai5+J2uGD?=
 =?us-ascii?Q?qzACC0dRDnFwlfdeJHbg7yFuF5MJf7gYgT3WEf28TlIcyKdwGsv64gt+lKYf?=
 =?us-ascii?Q?GidUf+GzgJDuPFIkFIOoolu2ordERw+BUJSfB+94PI2fZ6Gssm12ESpCa74t?=
 =?us-ascii?Q?zAPiX6lC/JfgNwzZzHL+T1JvHAYYPzq4+oEWwYYUA/SCu7c+f20GsuXK96MZ?=
 =?us-ascii?Q?RV80b3cAaz0oByduV341hf0OR/19Td6nxBnpqaOravvJZ4kgKTdlbvEbMU2i?=
 =?us-ascii?Q?BGLB1AXNH5FVzbmm8AygkCt3lPpaP7V1fcU6JyxJp61xiLVDPdZuo3u7+zbp?=
 =?us-ascii?Q?d2L9bkfIMPfSxcNNVU3irH4LJIsRC2eC55LSJbAP7SNOqcDWUzLTngogCRRO?=
 =?us-ascii?Q?vVtLWG/cg/i021WRfC465fRoNAF0+p1zd/zB1zCtnqNbHVE1HeV5pzrpugqv?=
 =?us-ascii?Q?vkpewDRy2FbrX71PUkhJ9Ci/Rlc2Lge7H2p0UhA0iQYgG4I++igrdDSPhwKK?=
 =?us-ascii?Q?qC+pT8H05z7y1iX7c0LOfxzaDNBhRalWLGZquTRLe7/mYh6eGUceJLvNI9zI?=
 =?us-ascii?Q?WGpwVr62xZ9KnvwWqa1z6B3WfPlbnNPwt8AfWO841LQwjGpOMAayZ1yCLCvO?=
 =?us-ascii?Q?RF7dbg3RsBboe7MQEaNGI1zI4vtKj/CsHpBHrNXT1WNe65McZXahT09VR+/R?=
 =?us-ascii?Q?uBjz8yTBCPoriZWR6w8d+OFbLfc2qYoyuNf1G6DtqIY+VOXONA57ky/TMwET?=
 =?us-ascii?Q?Pn17/QZXzgKBJ6giSGYjP/s5SQbojMVmrNyUqj0tamxWKgmLmnW2ziy135nP?=
 =?us-ascii?Q?rQ8lL8JR5YQ4rAigKbJBCA4MFKtksfKuKKXIhHz+WTMYhyXIVgQ6SfHy5GWm?=
 =?us-ascii?Q?t0zI5qQ+JqFliECZiok9rlq2QMmK5rfKc7IqMc8xcZUYk381EREANdooaDNL?=
 =?us-ascii?Q?R4LWs8PSJGt3mLHKTopc5nhYb5HgGgM8pa29gEalTSphgsXEn29ucqe74aTE?=
 =?us-ascii?Q?esGnQC4EXq7WcnPaXuTyuZJRs8IZNi8l7hIZW43uNGHogyoNAakRKZtSDYQf?=
 =?us-ascii?Q?oP4VwgxeD1rrkRGQuP3i4JIrzoa6g8TJ08XzArKoBVRsg9nrpKz/HPBCMMrv?=
 =?us-ascii?Q?uGkAEeCV09kEpzc2rH4TwIlA69QMPwWTA5IpCohszGfE04EABxaTReLe4jq2?=
 =?us-ascii?Q?AFUgxjXPW6UyYrp5cirvUEjGcE9icnYiclmHg9XkDwvQ6LGgYzKHSc5b/iV8?=
 =?us-ascii?Q?DVjgffwhpecdm8f52aUiJVySPUoRzQwa55TM0dzD+d+2x/RH4OEtdqwSkZ2F?=
 =?us-ascii?Q?nRh3ZZ3LsTKgnlO5RsPQTtf5P0ijRyhds3rdB8tM2m5yXijGxGfiAmFASrTN?=
 =?us-ascii?Q?h58b2hzkpTGiJMN5StgLsoAlso8Z53tEajIRQiv4Ny9SOgQWAwWurOkKE3aK?=
 =?us-ascii?Q?Tz6bjKUEKRpvI19bF/gYSr6V9mxj4rBuW3T5ybxR7VlkrLjBL1caHQwhLfvk?=
 =?us-ascii?Q?xgzNJuFh5KpqB1qijqtvE4iGaVR5HG4wyJFfcv13DliJxv8ZQXxURiCLD0xa?=
 =?us-ascii?Q?Ei7XKBX8KXYhv+sJ2XthfTBAoZemrxVI/rjYAafO1A4RpjF+C7GrTeX5OfsV?=
 =?us-ascii?Q?0jYtqdrafmAnlLQUS9jcMnDUxIosx9w0GYyOvE1XKEzjQsWfdvOxWETgZ6zo?=
 =?us-ascii?Q?zrX+U274qA=3D=3D?=
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b7b7c11b-d83b-4079-650d-08da213e86ea
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1358.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2022 13:22:46.2949
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: mqZakgqwmB0vyn3TSYwVBu/RdMvbUtJEdh5LqaXDM8AXaG51Awzks5M2DUdPScwZqkUHQcROsRkgkZE2w8xchw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2857
X-Proofpoint-ORIG-GUID: 0mf7eftsbD7ZzuPT20UYBMvG8hI8wZ4M
X-Proofpoint-GUID: 0mf7eftsbD7ZzuPT20UYBMvG8hI8wZ4M
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514
 definitions=2022-04-18_02,2022-04-15_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0
 priorityscore=1501 lowpriorityscore=0 mlxlogscore=999 mlxscore=0
 adultscore=0 clxscore=1015 spamscore=0 bulkscore=0 malwarescore=0
 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2202240000 definitions=main-2204180078
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This function checks if the given address range crosses frame boundary.
It is based on the existing x86 algorithm, but implemented via stacktrace.
This can be tested by USERCOPY_STACK_FRAME_FROM and
USERCOPY_STACK_FRAME_TO in lkdtm.

Signed-off-by: He Zhe <zhe.he@windriver.com>
---
 arch/arm64/Kconfig                   |  1 +
 arch/arm64/include/asm/thread_info.h | 12 +++++
 arch/arm64/kernel/stacktrace.c       | 76 ++++++++++++++++++++++++++--
 3 files changed, 85 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 57c4c995965f..0f52a83d7771 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -165,6 +165,7 @@ config ARM64
 	select HAVE_ARCH_TRACEHOOK
 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
 	select HAVE_ARCH_VMAP_STACK
+	select HAVE_ARCH_WITHIN_STACK_FRAMES
 	select HAVE_ARM_SMCCC
 	select HAVE_ASM_MODVERSIONS
 	select HAVE_EBPF_JIT
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index e1317b7c4525..b839ad9f2248 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -58,6 +58,18 @@ void arch_setup_new_exec(void);
 void arch_release_task_struct(struct task_struct *tsk);
 int arch_dup_task_struct(struct task_struct *dst,
 				struct task_struct *src);
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ *	GOOD_FRAME	if within a frame
+ *	BAD_STACK	if placed across a frame boundary (or outside stack)
+ *	NOT_STACK	unable to determine (no frame pointers, etc)
+ */
+int arch_within_stack_frames(const void * const stack,
+		const void * const stackend,
+		const void *obj, unsigned long len);
 
 #endif
 
diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
index e4103e085681..219b90c1de12 100644
--- a/arch/arm64/kernel/stacktrace.c
+++ b/arch/arm64/kernel/stacktrace.c
@@ -145,12 +145,17 @@ NOKPROBE_SYMBOL(unwind_frame);
 
 static void notrace walk_stackframe(struct task_struct *tsk,
 				    struct stackframe *frame,
-				    bool (*fn)(void *, unsigned long), void *data)
+				    stack_trace_consume_fn fn, void *data)
 {
+	struct frame_info fi;
+
 	while (1) {
 		int ret;
 
-		if (!fn(data, frame->pc))
+		fi.pc = frame->pc;
+		fi.fp = frame->fp;
+		fi.prev_fp = frame->prev_fp;
+		if (!fn(data, &fi))
 			break;
 		ret = unwind_frame(tsk, frame);
 		if (ret < 0)
@@ -159,10 +164,10 @@ static void notrace walk_stackframe(struct task_struct *tsk,
 }
 NOKPROBE_SYMBOL(walk_stackframe);
 
-static bool dump_backtrace_entry(void *arg, unsigned long where)
+static bool dump_backtrace_entry(void *arg, struct frame_info *fi)
 {
 	char *loglvl = arg;
-	printk("%s %pSb\n", loglvl, (void *)where);
+	printk("%s %pSb\n", loglvl, (void *)fi->pc);
 	return true;
 }
 
@@ -210,3 +215,66 @@ noinline notrace void arch_stack_walk(stack_trace_consume_fn consume_entry,
 
 	walk_stackframe(task, &frame, consume_entry, cookie);
 }
+
+struct arch_stack_object {
+	unsigned long start;
+	unsigned long len;
+	int flag;
+};
+
+static bool arch_stack_object_check(void *data, struct frame_info *fi)
+{
+	struct arch_stack_object *obj = (struct arch_stack_object *)data;
+
+	/* Skip the frame of arch_within_stack_frames itself */
+	if (fi->prev_fp == 0)
+		return true;
+
+	/*
+	 * low ----------------------------------------------> high
+	 * [saved bp][saved ip][args][local vars][saved bp][saved ip]
+	 *                     ^----------------^
+	 *               allow copies only within here
+	 */
+	if (obj->start + obj->len <= fi->fp) {
+		obj->flag = obj->start >=
+			fi->prev_fp + 2 * sizeof(void *) ?
+			GOOD_FRAME : BAD_STACK;
+		return false;
+	} else
+		return true;
+}
+
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ *	GOOD_FRAME	if within a frame
+ *	BAD_STACK	if placed across a frame boundary (or outside stack)
+ *	NOT_STACK	unable to determine (no frame pointers, etc)
+ */
+int arch_within_stack_frames(const void * const stack,
+		const void * const stackend,
+		const void *obj, unsigned long len)
+{
+#if defined(CONFIG_FRAME_POINTER)
+	struct arch_stack_object object;
+	struct pt_regs regs;
+
+	if (__builtin_frame_address(1) == 0)
+		return NOT_STACK;
+
+	object.start = (unsigned long)obj;
+	object.len = len;
+	object.flag = NOT_STACK;
+
+	regs.regs[29] = (u64)__builtin_frame_address(1);
+
+	arch_stack_walk(arch_stack_object_check, (void *)&object, NULL, &regs);
+
+	return object.flag;
+#else
+	return NOT_STACK;
+#endif
+}
-- 
2.25.1