After direct call is enabled for arm64, ftrace selftest enters a
dead loop:
<trace_selftest_dynamic_test_func>:
00 bti c
01 mov x9, x30 <trace_direct_tramp>:
02 bl <trace_direct_tramp> ----------> ret
|
lr/x30 is 03, return to 03
|
03 mov w0, #0x0 <-----------------------------|
| |
| dead loop! |
| |
04 ret ---- lr/x30 is still 03, go back to 03 ----|
The reason is that when the direct caller trace_direct_tramp() returns
to the patched function trace_selftest_dynamic_test_func(), lr is still
the address after the instrumented instruction in the patched function,
so when the patched function exits, it returns to itself!
To fix this issue, we need to restore lr before trace_direct_tramp()
exits, so rewrite a dedicated trace_direct_tramp() for arm64.
Reported-by: Li Huafei <lihuafei1@xxxxxxxxxx>
Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx>
---
kernel/trace/trace_selftest.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
index abcadbe933bb..d2eff2b1d743 100644
--- a/kernel/trace/trace_selftest.c
+++ b/kernel/trace/trace_selftest.c
@@ -785,8 +785,24 @@ static struct fgraph_ops fgraph_ops __initdata = {
};
#ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
+#ifdef CONFIG_ARM64
+extern void trace_direct_tramp(void);
+
+asm (
+" .pushsection .text, \"ax\", @progbits\n"
+" .type trace_direct_tramp, %function\n"
+" .global trace_direct_tramp\n"
+"trace_direct_tramp:"
+" mov x10, x30\n"
+" mov x30, x9\n"
+" ret x10\n"
+" .size trace_direct_tramp, .-trace_direct_tramp\n"
+" .popsection\n"
+);
+#else
noinline __noclone static void trace_direct_tramp(void) { }
#endif
+#endif
/*
* Pretty much the same than for the function tracer from which the selftest
--
2.30.2
