Le 13/12/2021 à 19:54, Steven Rostedt a écrit :
> On Mon, 13 Dec 2021 17:50:52 +0000
> Christophe Leroy <christophe.leroy@xxxxxxxxxx> wrote:
>
>> @@ -958,6 +942,12 @@ unsigned long prepare_ftrace_return(unsigned long
>> parent, unsigned long ip,
>> out:
>> return parent;
>> }
>> +
>> +void ftrace_graph_func(unsigned long ip, unsigned long parent_ip,
>> + struct ftrace_ops *op, struct ftrace_regs *fregs)
>> +{
>> + prepare_ftrace_return(ip, kernel_stack_pointer(&fregs->regs), 0);
>> +}
>
> I have for powerpc prepare_ftrace_return as:
>
>
> unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip,
> unsigned long sp)
> {
> unsigned long return_hooker;
>
> if (unlikely(ftrace_graph_is_dead()))
> goto out;
>
> if (unlikely(atomic_read(¤t->tracing_graph_pause)))
> goto out;
>
> return_hooker = ppc_function_entry(return_to_handler);
>
> if (!function_graph_enter(parent, ip, 0, (unsigned long *)sp))
> parent = return_hooker;
> out:
> return parent;
> }
>
> Which means you'll need different parameters to it than what x86 has, which
> has the prototype of:
>
> void prepare_ftrace_return(unsigned long ip, unsigned long *parent,
> unsigned long frame_pointer)
>
> and it does not use the frame_pointer for this case, which is why it is
> zero.
>
> For powerpc though, it uses the stack pointer, so you parameters are
> incorrect. Looks like it should be:
>
> prepare_ftrace_return(parent_ip, ip, kernel_stack_pointer(&fregs->regs));
>
> And that will likely not be enough. I'll need to update the ctr register,
> as that is where the return address is saved. So you'll probably need it to be:
>
> void ftrace_graph_func(unsigned long ip, unsigned long parent_ip,
> struct ftrace_ops *op, struct ftrace_regs *fregs)
> {
> unsigned long parent;
>
> parent = prepare_ftrace_return(parent_ip, ip, kernel_stack_pointer(&fregs->regs));
> fregs->regs.ctr = parent;
> }
>
STill the same Oops, below
I will look more closely tomorrow.
[ 8.018219] Testing tracer function_graph:
[ 8.043884] Kernel attempted to read user page (4) - exploit attempt?
(uid: 0)
[ 8.055074] Kernel attempted to read user page (4) - exploit attempt?
(uid: 0)
[ 8.062204] BUG: Kernel NULL pointer dereference on read at 0x00000004
[ 8.068643] Faulting instruction address: 0xc0014694
[ 8.073556] Oops: Kernel access of bad area, sig: 11 [#1]
[ 8.078884] BE PAGE_SIZE=16K PREEMPT CMPC885
[ 8.083109] Modules linked in:
[ 8.086120] CPU: 0 PID: 1 Comm: swapper Not tainted
5.16.0-rc3-s3k-dev-02295-g0bd6d618bcd8-dirty #733
[ 8.095240] NIP: c0014694 LR: c00c8434 CTR: c0014674
[ 8.100227] REGS: c902b9e0 TRAP: 0300 Not tainted
(5.16.0-rc3-s3k-dev-02295-g0bd6d618bcd8-dirty)
[ 8.109178] MSR: 00001032 <ME,IR,DR,RI> CR: 88022242 XER: 20000000
[ 8.115632] DAR: 00000004 DSISR: c0000000
[ 8.115632] GPR00: c00c8434 c902baa0 c2140000 c0015278 c0003ac4
c122db78 00000000 00000300
[ 8.115632] GPR08: c2140000 c0014674 c0015278 00000000 2802b242
00000000 c0004f38 00000000
[ 8.115632] GPR16: 00000000 00000000 00000000 00000000 00000000
00000010 c1037d1c c12d0000
[ 8.115632] GPR24: c121c440 c12b5380 c12b0000 c0003ac4 c0015278
00000000 00000000 c122db78
[ 8.154272] NIP [c0014694] ftrace_graph_func+0x20/0x8c
[ 8.159351] LR [c00c8434] arch_ftrace_ops_list_func+0x118/0x230
[ 8.165208] Call Trace:
[ 8.167616] [c902baa0] [c006c048] vprintk_emit+0x188/0x2a4 (unreliable)
[ 8.174158] [c902bac0] [c00c8434] arch_ftrace_ops_list_func+0x118/0x230
[ 8.180699] [c902bb10] [c0014774] ftrace_call+0x4/0x44
[ 8.185776] [c902bb40] [c0003ac4] DataTLBError_virt+0x114/0x118
[ 8.191627] --- interrupt: 300 at ftrace_graph_func+0x20/0x8c
[ 8.197306] NIP: c0014694 LR: c00c8434 CTR: c0014674
[ 8.202296] REGS: c902bb50 TRAP: 0300 Not tainted
(5.16.0-rc3-s3k-dev-02295-g0bd6d618bcd8-dirty)
[ 8.211245] MSR: 00001032 <ME,IR,DR,RI> CR: 82002842 XER: 20000000
[ 8.217699] DAR: 00000004 DSISR: c0000000
[ 8.217699] GPR00: c00c8434 c902bc10 c2140000 c0015754 c0016264
c122db78 00000000 00000100
[ 8.217699] GPR08: c2140000 c0014674 c0015754 00000000 22004842
00000000 c0004f38 00000000
[ 8.217699] GPR16: 00000000 00000000 00000000 00000000 00000000
00000010 c1037d1c c12d0000
[ 8.217699] GPR24: c121c440 c12b5380 c12b0000 c0016264 c0015754
00000000 00000000 c122db78
[ 8.256340] NIP [c0014694] ftrace_graph_func+0x20/0x8c
[ 8.261418] LR [c00c8434] arch_ftrace_ops_list_func+0x118/0x230
[ 8.267270] --- interrupt: 300
[ 8.270288] [c902bc10] [c00adb98]
clockevents_program_event+0x108/0x254 (unreliable)
[ 8.277947] [c902bc30] [c00c8434] arch_ftrace_ops_list_func+0x118/0x230
[ 8.284488] [c902bc80] [c0014774] ftrace_call+0x4/0x44
[ 8.289565] [c902bcb0] [c0016264] map_kernel_page+0xc8/0x12c
[ 8.295159] [c902bd00] [c0019cc8] patch_instruction+0xbc/0x278
[ 8.300926] [c902bd30] [c0013964] ftrace_modify_code+0x38/0xc4
[ 8.306691] [c902bd70] [c00c2c2c] ftrace_replace_code+0x78/0xec
[ 8.312543] [c902bd90] [c00c2e50] ftrace_modify_all_code+0xd0/0x148
[ 8.318740] [c902bdb0] [c00c2f58] ftrace_run_update_code+0x28/0x88
[ 8.324850] [c902bdc0] [c00c75fc] ftrace_startup+0x118/0x1e0
[ 8.330443] [c902bde0] [c00e8330] register_ftrace_graph+0x334/0x3c0
[ 8.336640] [c902be20] [c100ccf4]
trace_selftest_startup_function_graph+0x64/0x164
[ 8.344127] [c902be50] [c00debe0] run_tracer_selftest+0x120/0x1b4
[ 8.350152] [c902be70] [c100c74c] register_tracer+0x14c/0x218
[ 8.355832] [c902be90] [c0004a30] do_one_initcall+0x44/0x1e8
[ 8.361425] [c902bef0] [c10011f4] kernel_init_freeable+0x1a8/0x250
[ 8.367536] [c902bf20] [c0004f68] kernel_init+0x30/0x150
[ 8.372785] [c902bf30] [c001322c] ret_from_kernel_thread+0x5c/0x64
[ 8.378898] Instruction dump:
[ 8.381821] 386348b4 7c0803a6 38210020 4e800020 9421ffe0 7c0802a6
93a10014 93c10018
[ 8.389737] 93e1001c 90010024 93810010 7cde3378 <83860004> 7c7d1b78
7c9f2378 480d344d
[ 8.397859] ---[ end trace 93333951fba49ac1 ]---
Thanks
Christophe
