On Fri, Mar 01, 2019 at 04:12:00AM +0100, Jann Horn wrote: > When the frame unwinder is invoked for an oops caused by a call to NULL, > it currently skips the parent function because BP still points to the > parent's stack frame; the (nonexistent) current function only has the first > half of a stack frame, and BP doesn't point to it yet. > > Add a special case for IP==0 that calculates a fake BP from SP, then uses > the real BP for the next frame. > > Note that this handles first_frame specially: We return information about > the parent function as long as the saved IP is >=first_frame, even if the > fake BP points below it. > > With an artificially-added NULL call in prctl_set_seccomp(), before this > patch, the trace is: > > Call Trace: > ? prctl_set_seccomp+0x3a/0x50 > __x64_sys_prctl+0x457/0x6f0 > ? __ia32_sys_prctl+0x750/0x750 > do_syscall_64+0x72/0x160 > entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > After this patch, the trace is: > > Call Trace: > prctl_set_seccomp+0x3a/0x50 > __x64_sys_prctl+0x457/0x6f0 > ? __ia32_sys_prctl+0x750/0x750 > do_syscall_64+0x72/0x160 > entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > Signed-off-by: Jann Horn <jannh@xxxxxxxxxx> The general approach looks good. I'll try to give it a proper review tomorrow or so. -- Josh