Re: [RFC PATCH v1 0/4] arm64: Implement stack trace reliability checks

From: Masami Hiramatsu
Date: Mon Apr 05 2021 - 09:24:47 EST

Next message: Thomas Weißschuh: "[PATCH] platform/x86: add Gigabyte WMI temperature driver"
Previous message: alexs: "[RFC PATCH] lib/genalloc: add parameter description to fix doc compile warning"
In reply to: Madhavan T. Venkataraman: "Re: [RFC PATCH v1 0/4] arm64: Implement stack trace reliability checks"
Next in thread: Madhavan T. Venkataraman: "Re: [RFC PATCH v1 0/4] arm64: Implement stack trace reliability checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Madhaven,

On Sat, 3 Apr 2021 22:29:12 -0500
"Madhavan T. Venkataraman" <madvenka@xxxxxxxxxxxxxxxxxxx> wrote:

> >> Check for kretprobe
> >> ===================
> >>
> >> For functions with a kretprobe set up, probe code executes on entry
> >> to the function and replaces the return address in the stack frame with a
> >> kretprobe trampoline. Whenever the function returns, control is
> >> transferred to the trampoline. The trampoline eventually returns to the
> >> original return address.
> >>
> >> A stack trace taken while executing in the function (or in functions that
> >> get called from the function) will not show the original return address.
> >> Similarly, a stack trace taken while executing in the trampoline itself
> >> (and functions that get called from the trampoline) will not show the
> >> original return address. This means that the caller of the probed function
> >> will not show. This makes the stack trace unreliable.
> >>
> >> Add the kretprobe trampoline to special_functions[].
> >>
> >> FYI, each task contains a task->kretprobe_instances list that can
> >> theoretically be consulted to find the orginal return address. But I am
> >> not entirely sure how to safely traverse that list for stack traces
> >> not on the current process. So, I have taken the easy way out.
> >
> > For kretprobes, unwinding from the trampoline or kretprobe handler
> > shouldn't be a reliability concern for live patching, for similar
> > reasons as above.
> >
>
> Please see previous answer.
>
> > Otherwise, when unwinding from a blocked task which has
> > 'kretprobe_trampoline' on the stack, the unwinder needs a way to get the
> > original return address. Masami has been working on an interface to
> > make that possible for x86. I assume something similar could be done
> > for arm64.
> >
>
> OK. Until that is available, this case needs to be addressed.

Actually, I've done that on arm64 :) See below patch.
(and I also have a similar code for arm32, what I'm considering is how
to unify x86/arm/arm64 kretprobe_find_ret_addr(), since those are very
similar.)

This is applicable on my x86 series v5

https://lore.kernel.org/bpf/161676170650.330141.6214727134265514123.stgit@devnote2/

Thank you,

Next message: Thomas Weißschuh: "[PATCH] platform/x86: add Gigabyte WMI temperature driver"
Previous message: alexs: "[RFC PATCH] lib/genalloc: add parameter description to fix doc compile warning"
In reply to: Madhavan T. Venkataraman: "Re: [RFC PATCH v1 0/4] arm64: Implement stack trace reliability checks"
Next in thread: Madhavan T. Venkataraman: "Re: [RFC PATCH v1 0/4] arm64: Implement stack trace reliability checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]