380 lines
13 KiB
Diff
380 lines
13 KiB
Diff
From 995db8ab88916b6397676b67be98c0a4f82cca49 Mon Sep 17 00:00:00 2001
|
|
From: Hong YANG <hong.yang3@nio.com>
|
|
Date: Mon, 15 Nov 2021 15:41:01 +0800
|
|
Subject: [PATCH 1/3] arm64: Support overflow stack panic
|
|
|
|
Kernel commit <872d8327ce89> ("arm64: add VMAP_STACK overflow detection")
|
|
has supported the overflow stack exception handling. Without the patch, the
|
|
"bt" command will make crash generate a core dump because of segmentation
|
|
fault. With the patch, the "bt" command can display the overflow stack.
|
|
|
|
Before:
|
|
crash> bt
|
|
PID: 3607 TASK: ffffffcbf9a4da00 CPU: 2 COMMAND: "sh"
|
|
Segmentation fault (core dumped)
|
|
|
|
After:
|
|
crash> bt
|
|
PID: 3607 TASK: ffffffcbf9a4da00 CPU: 2 COMMAND: "sh"
|
|
#0 [ffffffccbfd85f50] __delay at ffffff8008ceded8
|
|
...
|
|
#5 [ffffffccbfd85fd0] emergency_restart at ffffff80080d49fc
|
|
#6 [ffffffccbfd86140] panic at ffffff80080af4c0
|
|
#7 [ffffffccbfd86150] nmi_panic at ffffff80080af150
|
|
#8 [ffffffccbfd86190] handle_bad_stack at ffffff800808b0b8
|
|
#9 [ffffffccbfd862d0] __bad_stack at ffffff800808285c
|
|
PC: ffffff8008082e80 [el1_sync]
|
|
LR: ffffff8000d6c214 [stack_overflow_demo+84]
|
|
SP: ffffff1a79930070 PSTATE: 204003c5
|
|
X29: ffffff8011b03d00 X28: ffffffcbf9a4da00 X27: ffffff8008e02000
|
|
X26: 0000000000000040 X25: 0000000000000124 X24: ffffffcbf9a4da00
|
|
X23: 0000007daec2e288 X22: ffffffcbfe03b800 X21: 0000007daec2e288
|
|
X20: 0000000000000002 X19: 0000000000000002 X18: 0000000000000002
|
|
X17: 00000000000003e7 X16: 0000000000000000 X15: 0000000000000000
|
|
X14: ffffffcc17facb00 X13: ffffffccb4c25c00 X12: 0000000000000000
|
|
X11: ffffffcc17fad660 X10: 0000000000000af0 X9: 0000000000000000
|
|
X8: ffffff1a799334f0 X7: 0000000000000000 X6: 000000000000003f
|
|
X5: 0000000000000040 X4: 0000000000000010 X3: 00000065981d07f0
|
|
X2: 00000065981d07f0 X1: 0000000000000000 X0: ffffff1a799334f0
|
|
|
|
Signed-off-by: Hong YANG <hong.yang3@nio.com>
|
|
---
|
|
arm64.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++------
|
|
defs.h | 6 ++
|
|
2 files changed, 159 insertions(+), 16 deletions(-)
|
|
|
|
diff --git a/arm64.c b/arm64.c
|
|
index 94681d1a37db..23c3d75d85aa 100644
|
|
--- a/arm64.c
|
|
+++ b/arm64.c
|
|
@@ -45,6 +45,7 @@ static int arm64_vtop_3level_4k(ulong, ulong, physaddr_t *, int);
|
|
static int arm64_vtop_4level_4k(ulong, ulong, physaddr_t *, int);
|
|
static ulong arm64_get_task_pgd(ulong);
|
|
static void arm64_irq_stack_init(void);
|
|
+static void arm64_overflow_stack_init(void);
|
|
static void arm64_stackframe_init(void);
|
|
static int arm64_eframe_search(struct bt_info *);
|
|
static int arm64_is_kernel_exception_frame(struct bt_info *, ulong);
|
|
@@ -63,6 +64,7 @@ static int arm64_get_dumpfile_stackframe(struct bt_info *, struct arm64_stackfra
|
|
static int arm64_in_kdump_text(struct bt_info *, struct arm64_stackframe *);
|
|
static int arm64_in_kdump_text_on_irq_stack(struct bt_info *);
|
|
static int arm64_switch_stack(struct bt_info *, struct arm64_stackframe *, FILE *);
|
|
+static int arm64_switch_stack_from_overflow(struct bt_info *, struct arm64_stackframe *, FILE *);
|
|
static int arm64_get_stackframe(struct bt_info *, struct arm64_stackframe *);
|
|
static void arm64_get_stack_frame(struct bt_info *, ulong *, ulong *);
|
|
static void arm64_gen_hidden_frame(struct bt_info *bt, ulong, struct arm64_stackframe *);
|
|
@@ -78,8 +80,11 @@ static int arm64_get_smp_cpus(void);
|
|
static void arm64_clear_machdep_cache(void);
|
|
static int arm64_on_process_stack(struct bt_info *, ulong);
|
|
static int arm64_in_alternate_stack(int, ulong);
|
|
+static int arm64_in_alternate_stackv(int cpu, ulong stkptr, ulong *stacks, ulong stack_size);
|
|
static int arm64_on_irq_stack(int, ulong);
|
|
+static int arm64_on_overflow_stack(int, ulong);
|
|
static void arm64_set_irq_stack(struct bt_info *);
|
|
+static void arm64_set_overflow_stack(struct bt_info *);
|
|
static void arm64_set_process_stack(struct bt_info *);
|
|
static int arm64_get_kvaddr_ranges(struct vaddr_range *);
|
|
static void arm64_get_crash_notes(void);
|
|
@@ -463,6 +468,7 @@ arm64_init(int when)
|
|
machdep->hz = 100;
|
|
|
|
arm64_irq_stack_init();
|
|
+ arm64_overflow_stack_init();
|
|
arm64_stackframe_init();
|
|
break;
|
|
|
|
@@ -1715,6 +1721,49 @@ arm64_irq_stack_init(void)
|
|
}
|
|
}
|
|
|
|
+/*
|
|
+ * Gather Overflow stack values.
|
|
+ *
|
|
+ * Overflow stack supported since 4.14, in commit 872d8327c
|
|
+ */
|
|
+static void
|
|
+arm64_overflow_stack_init(void)
|
|
+{
|
|
+ int i;
|
|
+ struct syment *sp;
|
|
+ struct gnu_request request, *req;
|
|
+ struct machine_specific *ms = machdep->machspec;
|
|
+ req = &request;
|
|
+
|
|
+ if (symbol_exists("overflow_stack") &&
|
|
+ (sp = per_cpu_symbol_search("overflow_stack")) &&
|
|
+ get_symbol_type("overflow_stack", NULL, req)) {
|
|
+ if (CRASHDEBUG(1)) {
|
|
+ fprintf(fp, "overflow_stack: \n");
|
|
+ fprintf(fp, " type: %x, %s\n",
|
|
+ (int)req->typecode,
|
|
+ (req->typecode == TYPE_CODE_ARRAY) ?
|
|
+ "TYPE_CODE_ARRAY" : "other");
|
|
+ fprintf(fp, " target_typecode: %x, %s\n",
|
|
+ (int)req->target_typecode,
|
|
+ req->target_typecode == TYPE_CODE_INT ?
|
|
+ "TYPE_CODE_INT" : "other");
|
|
+ fprintf(fp, " target_length: %ld\n",
|
|
+ req->target_length);
|
|
+ fprintf(fp, " length: %ld\n", req->length);
|
|
+ }
|
|
+
|
|
+ if (!(ms->overflow_stacks = (ulong *)malloc((size_t)(kt->cpus * sizeof(ulong)))))
|
|
+ error(FATAL, "cannot malloc overflow_stack addresses\n");
|
|
+
|
|
+ ms->overflow_stack_size = ARM64_OVERFLOW_STACK_SIZE;
|
|
+ machdep->flags |= OVERFLOW_STACKS;
|
|
+
|
|
+ for (i = 0; i < kt->cpus; i++)
|
|
+ ms->overflow_stacks[i] = kt->__per_cpu_offset[i] + sp->value;
|
|
+ }
|
|
+}
|
|
+
|
|
/*
|
|
* Gather and verify all of the backtrace requirements.
|
|
*/
|
|
@@ -1960,6 +2009,7 @@ static char *arm64_exception_functions[] = {
|
|
"do_mem_abort",
|
|
"do_el0_irq_bp_hardening",
|
|
"do_sp_pc_abort",
|
|
+ "handle_bad_stack",
|
|
NULL
|
|
};
|
|
|
|
@@ -1978,7 +2028,10 @@ arm64_in_exception_text(ulong ptr)
|
|
if ((ptr >= ms->__exception_text_start) &&
|
|
(ptr < ms->__exception_text_end))
|
|
return TRUE;
|
|
- } else if ((name = closest_symbol(ptr))) { /* Linux 5.5 and later */
|
|
+ }
|
|
+
|
|
+ name = closest_symbol(ptr);
|
|
+ if (name != NULL) { /* Linux 5.5 and later */
|
|
for (func = &arm64_exception_functions[0]; *func; func++) {
|
|
if (STREQ(name, *func))
|
|
return TRUE;
|
|
@@ -2252,15 +2305,14 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
|
|
if ((frame->fp == 0) && (frame->pc == 0))
|
|
return FALSE;
|
|
|
|
- if (!(machdep->flags & IRQ_STACKS))
|
|
- return TRUE;
|
|
-
|
|
- if (!(machdep->flags & IRQ_STACKS))
|
|
+ if (!(machdep->flags & (IRQ_STACKS | OVERFLOW_STACKS)))
|
|
return TRUE;
|
|
|
|
if (machdep->flags & UNW_4_14) {
|
|
- if ((bt->flags & BT_IRQSTACK) &&
|
|
- !arm64_on_irq_stack(bt->tc->processor, frame->fp)) {
|
|
+ if (((bt->flags & BT_IRQSTACK) &&
|
|
+ !arm64_on_irq_stack(bt->tc->processor, frame->fp)) ||
|
|
+ ((bt->flags & BT_OVERFLOW_STACK) &&
|
|
+ !arm64_on_overflow_stack(bt->tc->processor, frame->fp))) {
|
|
if (arm64_on_process_stack(bt, frame->fp)) {
|
|
arm64_set_process_stack(bt);
|
|
|
|
@@ -2677,6 +2729,9 @@ arm64_back_trace_cmd(struct bt_info *bt)
|
|
if (arm64_on_irq_stack(bt->tc->processor, bt->frameptr)) {
|
|
arm64_set_irq_stack(bt);
|
|
bt->flags |= BT_IRQSTACK;
|
|
+ } else if (arm64_on_overflow_stack(bt->tc->processor, bt->frameptr)) {
|
|
+ arm64_set_overflow_stack(bt);
|
|
+ bt->flags |= BT_OVERFLOW_STACK;
|
|
}
|
|
stackframe.sp = bt->stkptr;
|
|
stackframe.pc = bt->instptr;
|
|
@@ -2731,7 +2786,9 @@ arm64_back_trace_cmd(struct bt_info *bt)
|
|
break;
|
|
|
|
if (arm64_in_exception_text(bt->instptr) && INSTACK(stackframe.fp, bt)) {
|
|
- if (!(bt->flags & BT_IRQSTACK) ||
|
|
+ if (bt->flags & BT_OVERFLOW_STACK) {
|
|
+ exception_frame = stackframe.fp - KERN_EFRAME_OFFSET;
|
|
+ } else if (!(bt->flags & BT_IRQSTACK) ||
|
|
((stackframe.sp + SIZE(pt_regs)) < bt->stacktop)) {
|
|
if (arm64_is_kernel_exception_frame(bt, stackframe.fp - KERN_EFRAME_OFFSET))
|
|
exception_frame = stackframe.fp - KERN_EFRAME_OFFSET;
|
|
@@ -2745,6 +2802,12 @@ arm64_back_trace_cmd(struct bt_info *bt)
|
|
break;
|
|
}
|
|
|
|
+ if ((bt->flags & BT_OVERFLOW_STACK) &&
|
|
+ !arm64_on_overflow_stack(bt->tc->processor, stackframe.fp)) {
|
|
+ bt->flags &= ~BT_OVERFLOW_STACK;
|
|
+ if (arm64_switch_stack_from_overflow(bt, &stackframe, ofp) == USER_MODE)
|
|
+ break;
|
|
+ }
|
|
|
|
level++;
|
|
}
|
|
@@ -3131,6 +3194,43 @@ arm64_switch_stack(struct bt_info *bt, struct arm64_stackframe *frame, FILE *ofp
|
|
return KERNEL_MODE;
|
|
}
|
|
|
|
+static int
|
|
+arm64_switch_stack_from_overflow(struct bt_info *bt, struct arm64_stackframe *frame, FILE *ofp)
|
|
+{
|
|
+ int i;
|
|
+ ulong stacktop, words, addr;
|
|
+ ulong *stackbuf;
|
|
+ char buf[BUFSIZE];
|
|
+ struct machine_specific *ms = machdep->machspec;
|
|
+
|
|
+ if (bt->flags & BT_FULL) {
|
|
+ stacktop = ms->overflow_stacks[bt->tc->processor] + ms->overflow_stack_size;
|
|
+ words = (stacktop - bt->bptr) / sizeof(ulong);
|
|
+ stackbuf = (ulong *)GETBUF(words * sizeof(ulong));
|
|
+ readmem(bt->bptr, KVADDR, stackbuf, words * sizeof(long),
|
|
+ "top of overflow stack", FAULT_ON_ERROR);
|
|
+
|
|
+ addr = bt->bptr;
|
|
+ for (i = 0; i < words; i++) {
|
|
+ if (!(i & 1))
|
|
+ fprintf(ofp, "%s %lx: ", i ? "\n" : "", addr);
|
|
+ fprintf(ofp, "%s ", format_stack_entry(bt, buf, stackbuf[i], 0));
|
|
+ addr += sizeof(ulong);
|
|
+ }
|
|
+ fprintf(ofp, "\n");
|
|
+ FREEBUF(stackbuf);
|
|
+ }
|
|
+ fprintf(ofp, "--- <Overflow stack> ---\n");
|
|
+
|
|
+ if (frame->fp == 0)
|
|
+ return USER_MODE;
|
|
+
|
|
+ if (!(machdep->flags & UNW_4_14))
|
|
+ arm64_print_exception_frame(bt, frame->sp, KERNEL_MODE, ofp);
|
|
+
|
|
+ return KERNEL_MODE;
|
|
+}
|
|
+
|
|
static int
|
|
arm64_get_dumpfile_stackframe(struct bt_info *bt, struct arm64_stackframe *frame)
|
|
{
|
|
@@ -3682,6 +3782,16 @@ arm64_display_machine_stats(void)
|
|
machdep->machspec->irq_stacks[i]);
|
|
}
|
|
}
|
|
+ if (machdep->machspec->overflow_stack_size) {
|
|
+ fprintf(fp, "OVERFLOW STACK SIZE: %ld\n",
|
|
+ machdep->machspec->overflow_stack_size);
|
|
+ fprintf(fp, " OVERFLOW STACKS:\n");
|
|
+ for (i = 0; i < kt->cpus; i++) {
|
|
+ pad = (i < 10) ? 3 : (i < 100) ? 2 : (i < 1000) ? 1 : 0;
|
|
+ fprintf(fp, "%s CPU %d: %lx\n", space(pad), i,
|
|
+ machdep->machspec->overflow_stacks[i]);
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
static int
|
|
@@ -3875,24 +3985,41 @@ arm64_on_process_stack(struct bt_info *bt, ulong stkptr)
|
|
}
|
|
|
|
static int
|
|
-arm64_on_irq_stack(int cpu, ulong stkptr)
|
|
+arm64_in_alternate_stackv(int cpu, ulong stkptr, ulong *stacks, ulong stack_size)
|
|
{
|
|
- return arm64_in_alternate_stack(cpu, stkptr);
|
|
+ if ((cpu >= kt->cpus) || (stacks == NULL) || !stack_size)
|
|
+ return FALSE;
|
|
+
|
|
+ if ((stkptr >= stacks[cpu]) &&
|
|
+ (stkptr < (stacks[cpu] + stack_size)))
|
|
+ return TRUE;
|
|
+
|
|
+ return FALSE;
|
|
}
|
|
|
|
static int
|
|
arm64_in_alternate_stack(int cpu, ulong stkptr)
|
|
+{
|
|
+ return (arm64_on_irq_stack(cpu, stkptr) ||
|
|
+ arm64_on_overflow_stack(cpu, stkptr));
|
|
+}
|
|
+
|
|
+static int
|
|
+arm64_on_irq_stack(int cpu, ulong stkptr)
|
|
{
|
|
struct machine_specific *ms = machdep->machspec;
|
|
|
|
- if (!ms->irq_stack_size || (cpu >= kt->cpus))
|
|
- return FALSE;
|
|
+ return arm64_in_alternate_stackv(cpu, stkptr,
|
|
+ ms->irq_stacks, ms->irq_stack_size);
|
|
+}
|
|
|
|
- if ((stkptr >= ms->irq_stacks[cpu]) &&
|
|
- (stkptr < (ms->irq_stacks[cpu] + ms->irq_stack_size)))
|
|
- return TRUE;
|
|
+static int
|
|
+arm64_on_overflow_stack(int cpu, ulong stkptr)
|
|
+{
|
|
+ struct machine_specific *ms = machdep->machspec;
|
|
|
|
- return FALSE;
|
|
+ return arm64_in_alternate_stackv(cpu, stkptr,
|
|
+ ms->overflow_stacks, ms->overflow_stack_size);
|
|
}
|
|
|
|
static void
|
|
@@ -3905,6 +4032,16 @@ arm64_set_irq_stack(struct bt_info *bt)
|
|
alter_stackbuf(bt);
|
|
}
|
|
|
|
+static void
|
|
+arm64_set_overflow_stack(struct bt_info *bt)
|
|
+{
|
|
+ struct machine_specific *ms = machdep->machspec;
|
|
+
|
|
+ bt->stackbase = ms->overflow_stacks[bt->tc->processor];
|
|
+ bt->stacktop = bt->stackbase + ms->overflow_stack_size;
|
|
+ alter_stackbuf(bt);
|
|
+}
|
|
+
|
|
static void
|
|
arm64_set_process_stack(struct bt_info *bt)
|
|
{
|
|
diff --git a/defs.h b/defs.h
|
|
index a2f30853a4b1..7e2a16e34a59 100644
|
|
--- a/defs.h
|
|
+++ b/defs.h
|
|
@@ -3218,6 +3218,7 @@ typedef signed int s32;
|
|
#define UNW_4_14 (0x200)
|
|
#define FLIPPED_VM (0x400)
|
|
#define HAS_PHYSVIRT_OFFSET (0x800)
|
|
+#define OVERFLOW_STACKS (0x1000)
|
|
|
|
/*
|
|
* Get kimage_voffset from /dev/crash
|
|
@@ -3260,6 +3261,7 @@ typedef signed int s32;
|
|
|
|
#define ARM64_STACK_SIZE (16384)
|
|
#define ARM64_IRQ_STACK_SIZE ARM64_STACK_SIZE
|
|
+#define ARM64_OVERFLOW_STACK_SIZE (4096)
|
|
|
|
#define _SECTION_SIZE_BITS 30
|
|
#define _SECTION_SIZE_BITS_5_12 27
|
|
@@ -3332,6 +3334,9 @@ struct machine_specific {
|
|
char *irq_stackbuf;
|
|
ulong __irqentry_text_start;
|
|
ulong __irqentry_text_end;
|
|
+ ulong overflow_stack_size;
|
|
+ ulong *overflow_stacks;
|
|
+ char *overflow_stackbuf;
|
|
/* for exception vector code */
|
|
ulong exp_entry1_start;
|
|
ulong exp_entry1_end;
|
|
@@ -5770,6 +5775,7 @@ ulong cpu_map_addr(const char *type);
|
|
#define BT_CPUMASK (0x1000000000000ULL)
|
|
#define BT_SHOW_ALL_REGS (0x2000000000000ULL)
|
|
#define BT_REGS_NOT_FOUND (0x4000000000000ULL)
|
|
+#define BT_OVERFLOW_STACK (0x8000000000000ULL)
|
|
#define BT_SYMBOL_OFFSET (BT_SYMBOLIC_ARGS)
|
|
|
|
#define BT_REF_HEXVAL (0x1)
|
|
--
|
|
2.30.2
|
|
|