Re: [PATCH] x86_64: Fix "bt" command on kernels with random_kstack_offset=on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2023/02/22 19:19, lijiang wrote:
> On Mon, Feb 20, 2023 at 9:29 AM HAGIO KAZUHITO(萩尾 一仁) <k-hagio-ab@xxxxxxx>
> wrote:
> 
>> On kernels configured with CONFIG_RANDOMIZE_KSTACK_OFFSET=y and
>> random_kstack_offset=on, a random offset is added to the stack with
>> __kstack_alloca() at the beginning of do_syscall_64() and other syscall
>> entry functions.  This function has the following instruction.
>>
>>    <do_syscall_64+32>:  sub    %rax,%rsp
> 
> On the other hand, crash uses only a part of data for ORC unwinder to
>> unwind stacks and if an ip value doesn't have a usable ORC data, it
>> caluculates the frame size with parsing the assembly of the function.
>>
>> However, crash cannot calculate the frame size correctly with the
>> instruction above, and prints stale return addresses like this:
>>
>>    crash> bt 1
>>    PID: 1        TASK: ffff9c250023b880  CPU: 0    COMMAND: "systemd"
>>      #0 [ffffb7e5c001fc80] __schedule at ffffffff91ae2b16
>>      #1 [ffffb7e5c001fd00] schedule at ffffffff91ae2ed3
>>      #2 [ffffb7e5c001fd18] schedule_hrtimeout_range_clock at
>> ffffffff91ae7ed8
>>      #3 [ffffb7e5c001fda8] ep_poll at ffffffff913ef828
>>      #4 [ffffb7e5c001fe48] do_epoll_wait at ffffffff913ef943
>>      #5 [ffffb7e5c001fe80] __x64_sys_epoll_wait at ffffffff913f0130
>>      #6 [ffffb7e5c001fed0] do_syscall_64 at ffffffff91ad7169
>>      #7 [ffffb7e5c001fef0] do_syscall_64 at ffffffff91ad7179             <<
>>      #8 [ffffb7e5c001ff10] syscall_exit_to_user_mode at ffffffff91adaab2 <<
>> stale entries
>>      #9 [ffffb7e5c001ff20] do_syscall_64 at ffffffff91ad7179             <<
>>     #10 [ffffb7e5c001ff50] entry_SYSCALL_64_after_hwframe at
>> ffffffff91c0009b
>>         RIP: 00007f258d9427ae  RSP: 00007fffda631d60  RFLAGS: 00000293
>>         ...
>>
>> To fix this, enhance the usage of ORC data.  The ORC unwinder often uses
>> %rbp value, so keep it from exception frames and inactive task stacks.
>>
> 
> Good understanding, Kazu.
> 
> The patch looks good to me. So: Ack.

Thank you for the review, applied.

https://github.com/crash-utility/crash/commit/daa43fa5324f2dd232ad72df2c6554646868f3b2

Thanks,
Kazu
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/crash-utility
Contribution Guidelines: https://github.com/crash-utility/crash/wiki
[Index of Archives]     [Fedora Development]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]

 

Powered by Linux