b6407a85f0
Update to the latest upstream commit 47216437e79a ("Fix "net" command on kernel configured with CONFIG_IPV6=m") Resolves: rhbz#2166880 Resolves: rhbz#2161133 Resolves: rhbz#2158721 Resolves: rhbz#2156904 Resolves: rhbz#2156898 Resolves: rhbz#2156892 Resolves: rhbz#2156889 Resolves: rhbz#2156885 Resolves: rhbz#2152619 Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
151 lines
6.6 KiB
Diff
151 lines
6.6 KiB
Diff
From 6122f0d067ed5c522ad11fb91b6db3ea1d34f355 Mon Sep 17 00:00:00 2001
|
|
From: Ding Hui <dinghui@sangfor.com.cn>
|
|
Date: Thu, 1 Dec 2022 15:01:45 +0800
|
|
Subject: [PATCH 46/89] arm64: fix backtraces of KASAN kernel dumpfile
|
|
truncated
|
|
|
|
We met "bt" command on KASAN kernel vmcore display truncated backtraces
|
|
like this:
|
|
|
|
crash> bt
|
|
PID: 4131 TASK: ffff8001521df000 CPU: 3 COMMAND: "bash"
|
|
#0 [ffff2000224b0cb0] machine_kexec_prepare at ffff2000200bff4c
|
|
|
|
After digging the root cause, it turns out that arm64_in_kdump_text()
|
|
found wrong bt->bptr at "machine_kexec" branch.
|
|
|
|
Disassemble machine_kexec() of KASAN vmlinux (gcc 7.3.0):
|
|
|
|
crash> dis -x machine_kexec
|
|
0xffff2000200bff50 <machine_kexec>: stp x29, x30, [sp,#-208]!
|
|
0xffff2000200bff54 <machine_kexec+0x4>: mov x29, sp
|
|
0xffff2000200bff58 <machine_kexec+0x8>: stp x19, x20, [sp,#16]
|
|
0xffff2000200bff5c <machine_kexec+0xc>: str x24, [sp,#56]
|
|
0xffff2000200bff60 <machine_kexec+0x10>: str x26, [sp,#72]
|
|
0xffff2000200bff64 <machine_kexec+0x14>: mov x2, #0x8ab3
|
|
0xffff2000200bff68 <machine_kexec+0x18>: add x1, x29, #0x70
|
|
0xffff2000200bff6c <machine_kexec+0x1c>: lsr x1, x1, #3
|
|
0xffff2000200bff70 <machine_kexec+0x20>: movk x2, #0x41b5, lsl #16
|
|
0xffff2000200bff74 <machine_kexec+0x24>: mov x19, #0x200000000000
|
|
0xffff2000200bff78 <machine_kexec+0x28>: adrp x3, 0xffff2000224b0000
|
|
0xffff2000200bff7c <machine_kexec+0x2c>: movk x19, #0xdfff, lsl #48
|
|
0xffff2000200bff80 <machine_kexec+0x30>: add x3, x3, #0xcb0
|
|
0xffff2000200bff84 <machine_kexec+0x34>: add x4, x1, x19
|
|
0xffff2000200bff88 <machine_kexec+0x38>: stp x2, x3, [x29,#112]
|
|
0xffff2000200bff8c <machine_kexec+0x3c>: adrp x2, 0xffff2000200bf000 <swsusp_arch_resume+0x1e8>
|
|
0xffff2000200bff90 <machine_kexec+0x40>: add x2, x2, #0xf50
|
|
0xffff2000200bff94 <machine_kexec+0x44>: str x2, [x29,#128]
|
|
0xffff2000200bff98 <machine_kexec+0x48>: mov w2, #0xf1f1f1f1
|
|
0xffff2000200bff9c <machine_kexec+0x4c>: str w2, [x1,x19]
|
|
0xffff2000200bffa0 <machine_kexec+0x50>: mov w2, #0xf200
|
|
0xffff2000200bffa4 <machine_kexec+0x54>: mov w1, #0xf3f3f3f3
|
|
0xffff2000200bffa8 <machine_kexec+0x58>: movk w2, #0xf2f2, lsl #16
|
|
0xffff2000200bffac <machine_kexec+0x5c>: stp w2, w1, [x4,#4]
|
|
|
|
We notice that:
|
|
1. machine_kexec() start address is 0xffff2000200bff50
|
|
2. the instruction at machine_kexec+0x44 stores the same value
|
|
0xffff2000200bff50 (comes from 0xffff2000200bf000 + 0xf50)
|
|
into stack postion [x29,#128].
|
|
|
|
When arm64_in_kdump_text() searches for LR from stack, it met
|
|
0xffff2000200bff50 firstly, so got wrong bt->bptr.
|
|
|
|
We know that the real LR is always greater than the start address
|
|
of a function, so let's fix it by changing the search conditon to
|
|
(*ptr > xxx_start) && (*ptr < xxx_end).
|
|
|
|
Signed-off-by: Ding Hui <dinghui@sangfor.com.cn>
|
|
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
|
|
---
|
|
arm64.c | 18 +++++++++---------
|
|
1 file changed, 9 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/arm64.c b/arm64.c
|
|
index c3e26a371a61..7e8a7db1fcc4 100644
|
|
--- a/arm64.c
|
|
+++ b/arm64.c
|
|
@@ -3479,7 +3479,7 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
|
|
ms = machdep->machspec;
|
|
for (ptr = start - 8; ptr >= base; ptr--) {
|
|
if (bt->flags & BT_OPT_BACK_TRACE) {
|
|
- if ((*ptr >= ms->crash_kexec_start) &&
|
|
+ if ((*ptr > ms->crash_kexec_start) &&
|
|
(*ptr < ms->crash_kexec_end) &&
|
|
INSTACK(*(ptr - 1), bt)) {
|
|
bt->bptr = ((ulong)(ptr - 1) - (ulong)base)
|
|
@@ -3488,7 +3488,7 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
|
|
fprintf(fp, "%lx: %lx (crash_kexec)\n", bt->bptr, *ptr);
|
|
return TRUE;
|
|
}
|
|
- if ((*ptr >= ms->crash_save_cpu_start) &&
|
|
+ if ((*ptr > ms->crash_save_cpu_start) &&
|
|
(*ptr < ms->crash_save_cpu_end) &&
|
|
INSTACK(*(ptr - 1), bt)) {
|
|
bt->bptr = ((ulong)(ptr - 1) - (ulong)base)
|
|
@@ -3498,14 +3498,14 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
|
|
return TRUE;
|
|
}
|
|
} else {
|
|
- if ((*ptr >= ms->machine_kexec_start) && (*ptr < ms->machine_kexec_end)) {
|
|
+ if ((*ptr > ms->machine_kexec_start) && (*ptr < ms->machine_kexec_end)) {
|
|
bt->bptr = ((ulong)ptr - (ulong)base)
|
|
+ task_to_stackbase(bt->tc->task);
|
|
if (CRASHDEBUG(1))
|
|
fprintf(fp, "%lx: %lx (machine_kexec)\n", bt->bptr, *ptr);
|
|
return TRUE;
|
|
}
|
|
- if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
|
|
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
|
|
/*
|
|
* Stash the first crash_kexec frame in case the machine_kexec
|
|
* frame is not found.
|
|
@@ -3519,7 +3519,7 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
|
|
}
|
|
continue;
|
|
}
|
|
- if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
|
|
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
|
|
bt->bptr = ((ulong)ptr - (ulong)base)
|
|
+ task_to_stackbase(bt->tc->task);
|
|
if (CRASHDEBUG(1))
|
|
@@ -3566,7 +3566,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
|
|
|
|
for (ptr = start - 8; ptr >= base; ptr--) {
|
|
if (bt->flags & BT_OPT_BACK_TRACE) {
|
|
- if ((*ptr >= ms->crash_kexec_start) &&
|
|
+ if ((*ptr > ms->crash_kexec_start) &&
|
|
(*ptr < ms->crash_kexec_end) &&
|
|
INSTACK(*(ptr - 1), bt)) {
|
|
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
|
|
@@ -3576,7 +3576,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
|
|
FREEBUF(stackbuf);
|
|
return TRUE;
|
|
}
|
|
- if ((*ptr >= ms->crash_save_cpu_start) &&
|
|
+ if ((*ptr > ms->crash_save_cpu_start) &&
|
|
(*ptr < ms->crash_save_cpu_end) &&
|
|
INSTACK(*(ptr - 1), bt)) {
|
|
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
|
|
@@ -3587,7 +3587,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
|
|
return TRUE;
|
|
}
|
|
} else {
|
|
- if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
|
|
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
|
|
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
|
|
if (CRASHDEBUG(1))
|
|
fprintf(fp, "%lx: %lx (crash_kexec on IRQ stack)\n",
|
|
@@ -3595,7 +3595,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
|
|
FREEBUF(stackbuf);
|
|
return TRUE;
|
|
}
|
|
- if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
|
|
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
|
|
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
|
|
if (CRASHDEBUG(1))
|
|
fprintf(fp, "%lx: %lx (crash_save_cpu on IRQ stack)\n",
|
|
--
|
|
2.37.1
|
|
|