mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-03 23:58:05 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/arm64/kernel
History
Mark Rutland db66629d43 arm64: entry: avoid kprobe recursion 
commit 024f4b2e1f upstream.

The cortex_a76_erratum_1463225_debug_handler() function is called when
handling debug exceptions (and synchronous exceptions from BRK
instructions), and so is called when a probed function executes. If the
compiler does not inline cortex_a76_erratum_1463225_debug_handler(), it
can be probed.

If cortex_a76_erratum_1463225_debug_handler() is probed, any debug
exception or software breakpoint exception will result in recursive
exceptions leading to a stack overflow. This can be triggered with the
ftrace multiple_probes selftest, and as per the example splat below.

This is a regression caused by commit:

  6459b84697 ("arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround")

... which removed the NOKPROBE_SYMBOL() annotation associated with the
function.

My intent was that cortex_a76_erratum_1463225_debug_handler() would be
inlined into its caller, el1_dbg(), which is marked noinstr and cannot
be probed. Mark cortex_a76_erratum_1463225_debug_handler() as
__always_inline to ensure this.

Example splat prior to this patch (with recursive entries elided):

| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events
| # echo p do_el0_svc >> /sys/kernel/debug/tracing/kprobe_events
| # echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable
| Insufficient stack space to handle exception!
| ESR: 0x0000000096000047 -- DABT (current EL)
| FAR: 0xffff800009cefff0
| Task stack:     [0xffff800009cf0000..0xffff800009cf4000]
| IRQ stack:      [0xffff800008000000..0xffff800008004000]
| Overflow stack: [0xffff00007fbc00f0..0xffff00007fbc10f0]
| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2
| Hardware name: linux,dummy-virt (DT)
| pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : arm64_enter_el1_dbg+0x4/0x20
| lr : el1_dbg+0x24/0x5c
| sp : ffff800009cf0000
| x29: ffff800009cf0000 x28: ffff000002c74740 x27: 0000000000000000
| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
| x23: 00000000604003c5 x22: ffff80000801745c x21: 0000aaaac95ac068
| x20: 00000000f2000004 x19: ffff800009cf0040 x18: 0000000000000000
| x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
| x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
| x11: 0000000000000010 x10: ffff800008c87190 x9 : ffff800008ca00d0
| x8 : 000000000000003c x7 : 0000000000000000 x6 : 0000000000000000
| x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000000043a4
| x2 : 00000000f2000004 x1 : 00000000f2000004 x0 : ffff800009cf0040
| Kernel panic - not syncing: kernel stack overflow
| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2
| Hardware name: linux,dummy-virt (DT)
| Call trace:
|  dump_backtrace+0xe4/0x104
|  show_stack+0x18/0x4c
|  dump_stack_lvl+0x64/0x7c
|  dump_stack+0x18/0x38
|  panic+0x14c/0x338
|  test_taint+0x0/0x2c
|  panic_bad_stack+0x104/0x118
|  handle_bad_stack+0x34/0x48
|  __bad_stack+0x78/0x7c
|  arm64_enter_el1_dbg+0x4/0x20
|  el1h_64_sync_handler+0x40/0x98
|  el1h_64_sync+0x64/0x68
|  cortex_a76_erratum_1463225_debug_handler+0x0/0x34
...
|  el1h_64_sync_handler+0x40/0x98
|  el1h_64_sync+0x64/0x68
|  cortex_a76_erratum_1463225_debug_handler+0x0/0x34
...
|  el1h_64_sync_handler+0x40/0x98
|  el1h_64_sync+0x64/0x68
|  cortex_a76_erratum_1463225_debug_handler+0x0/0x34
|  el1h_64_sync_handler+0x40/0x98
|  el1h_64_sync+0x64/0x68
|  do_el0_svc+0x0/0x28
|  el0t_64_sync_handler+0x84/0xf0
|  el0t_64_sync+0x18c/0x190
| Kernel Offset: disabled
| CPU features: 0x0080,00005021,19001080
| Memory Limit: none
| ---[ end Kernel panic - not syncing: kernel stack overflow ]---

With this patch, cortex_a76_erratum_1463225_debug_handler() is inlined
into el1_dbg(), and el1_dbg() cannot be probed:

| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events
| sh: write error: No such file or directory
| # grep -w cortex_a76_erratum_1463225_debug_handler /proc/kallsyms | wc -l
| 0
| # echo p el1_dbg > /sys/kernel/debug/tracing/kprobe_events
| sh: write error: Invalid argument
| # grep -w el1_dbg /proc/kallsyms | wc -l
| 1

Fixes: 6459b84697 ("arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround")
Cc: <stable@vger.kernel.org> # 5.12.x
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221017090157.2881408-1-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-11-10 18:17:34 +01:00
..
pi arm64: adjust KASLR relocation after ARCH_RANDOM removal 2022-08-17 14:52:50 +01:00
probes arm64: Treat ESR_ELx as a 64-bit register 2022-04-29 19:26:27 +01:00
vdso arm64: vdso*: place got/plt sections in .rodata 2022-06-28 17:41:44 +01:00
vdso32 arm64: vdso32: Add DWARF_DEBUG 2022-07-01 12:07:43 +01:00
.gitignore
acpi.c arm64: mm: Convert to GENERIC_IOREMAP 2022-06-27 12:22:31 +01:00
acpi_numa.c arm64: numa: Don't check node against MAX_NUMNODES 2022-07-19 19:10:28 +01:00
acpi_parking_protocol.c
alternative.c arm64/sysreg: Standardise naming for CTR_EL0 fields 2022-07-05 11:45:45 +01:00
armv8_deprecated.c arm64: fix oops in concurrently setting insn_emulation sysctls 2022-07-04 12:18:47 +01:00
asm-offsets.c KVM: arm64: Drop unused workaround_flags vcpu field 2021-12-08 14:54:07 +00:00
cacheinfo.c arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level 2022-08-23 11:10:24 +01:00
cpu-reset.S arm64: kexec: remove cpu-reset.h 2021-10-01 13:31:00 +01:00
cpu_errata.c arm64: errata: Add Cortex-A55 to the repeat tlbi list 2022-10-21 12:37:42 +02:00
cpu_ops.c
cpufeature.c arm64: mte: move register initialization to C 2022-10-21 12:37:42 +02:00
cpuidle.c arm64: cpuidle: remove generic cpuidle support 2022-06-23 14:19:33 +01:00
cpuinfo.c arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr} 2022-07-25 11:02:11 +01:00
crash_core.c arm64: crash_core: Export MODULES, VMALLOC, and VMEMMAP ranges 2022-03-07 21:25:47 +00:00
crash_dump.c vmcore: convert copy_oldmem_page() to take an iov_iter 2022-04-29 14:37:59 -07:00
debug-monitors.c arm64: Treat ESR_ELx as a 64-bit register 2022-04-29 19:26:27 +01:00
efi-entry.S arm64: Rename arm64-internal cache maintenance functions 2021-05-25 19:27:49 +01:00
efi-header.S
efi-rt-wrapper.S
efi.c arm64: efi: Export screen_info 2021-08-04 16:54:36 +00:00
elfcore.c elf: Fix the arm64 MTE ELF segment name and value 2022-04-28 11:37:06 +01:00
entry-common.c arm64: entry: avoid kprobe recursion 2022-11-10 18:17:34 +01:00
entry-fpsimd.S arm64/sme: Implement ZA context switching 2022-04-22 18:51:02 +01:00
entry-ftrace.S arm64: ftrace: remove redundant label 2022-06-15 16:14:47 +01:00
entry.S arm64: Fix comment typo 2022-08-23 10:53:34 +01:00
fpsimd.c arm64/sme: Don't flush SVE register state when handling SME traps 2022-08-23 11:29:12 +01:00
ftrace.c arm64: ftrace: fix module PLTs with mcount 2022-10-21 12:38:35 +02:00
head.S arm64: head: Ignore bogus KASLR displacement on non-relocatable kernels 2022-09-01 11:50:44 +01:00
hibernate-asm.S arm64: kexec: install a copy of the linear-map 2021-10-01 13:31:00 +01:00
hibernate.c arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" 2022-07-07 10:48:37 +01:00
hw_breakpoint.c arm64: Treat ESR_ELx as a 64-bit register 2022-04-29 19:26:27 +01:00
hyp-stub.S Merge branch 'for-next/boot' into for-next/core 2022-07-25 10:59:15 +01:00
idle.c Merge branch 'for-next/entry' into for-next/core 2021-06-24 14:01:55 +01:00
idreg-override.c Merge branch 'for-next/boot' into for-next/core 2022-07-25 10:59:15 +01:00
image-vars.h arm64: lds: use PROVIDE instead of conditional definitions 2022-06-29 10:21:23 +01:00
image.h
io.c
irq.c
jump_label.c jump_label: make initial NOP patching the special case 2022-06-24 09:48:55 +02:00
kaslr.c random: handle archrandom with multiple longs 2022-07-25 13:26:14 +02:00
kexec_image.c arm64: kexec_file: use more system keyrings to verify kernel image signature 2022-07-15 12:21:16 -04:00
kgdb.c arm64: Treat ESR_ELx as a 64-bit register 2022-04-29 19:26:27 +01:00
kuser32.S arm64: compat: Move kuser32.S to .rodata section 2022-06-23 16:01:42 +01:00
machine_kexec.c arm64: kdump: Reimplement crashkernel=X 2022-05-07 19:54:33 +01:00
machine_kexec_file.c arm64/kexec: Fix missing extra range for crashkres_low. 2022-09-01 11:50:00 +01:00
Makefile Merge branch 'for-next/boot' into for-next/core 2022-07-25 10:59:15 +01:00
module-plts.c arm64: fix typos in comments 2022-04-04 10:32:50 +01:00
module.c kasan, arm64: don't tag executable vmalloc allocations 2022-03-24 19:06:48 -07:00
mte.c arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored 2022-10-21 12:37:42 +02:00
paravirt.c arm64: paravirt: Use RCU read locks to guard stolen_time 2022-05-17 14:23:37 +01:00
patching.c arm64: patch_text: Fixup last cpu should be master 2022-04-08 11:43:46 +01:00
pci.c arm64: PCI: Support root bridge preparation for Hyper-V 2021-08-23 10:59:26 +01:00
perf_callchain.c Peter Zijlstra says: 2022-01-12 16:26:58 -08:00
perf_event.c arm64: perf: Expose some Armv9 common events under sysfs 2022-03-08 11:40:44 +00:00
perf_regs.c
pointer_auth.c arm64: move preemption disablement to prctl handlers 2021-07-28 18:33:49 +01:00
process.c This set of changes updates init and user mode helper tasks to be 2022-06-03 16:03:05 -07:00
proton-pack.c arm64: Add AMPERE1 to the Spectre-BHB affected list 2022-11-04 00:00:35 +09:00
psci.c
ptrace.c arm64/ptrace: Don't clear calling process' TIF_SME on OOM 2022-09-08 14:26:59 +01:00
reloc_test_core.c
reloc_test_syms.S
relocate_kernel.S arm64: kexec: load from kimage prior to clobbering 2022-05-17 14:25:35 +01:00
return_address.c arm64: Make return_address() use arch_stack_walk() 2021-12-10 14:06:04 +00:00
sdei.c arm64: kernel: add helper for booted at EL2 and not VHE 2021-10-01 13:30:59 +01:00
setup.c arm64: fix KASAN_INLINE 2022-07-20 16:08:10 +01:00
signal.c arm64/sme: Don't flush SVE register state when allocating SME storage 2022-08-23 11:29:11 +01:00
signal32.c signal: Deliver SIGTRAP on perf event asynchronously if blocked 2022-04-22 12:14:05 +02:00
sigreturn32.S arm64: compat: Move sigreturn32.S to .rodata section 2022-07-01 12:05:45 +01:00
sleep.S arm64: mm: fix resume for 52-bit enabled builds 2022-09-10 14:46:28 +01:00
smccc-call.S arm64: smccc: Save lr before calling __arm_smccc_sve_check() 2021-07-21 11:23:25 +01:00
smp.c profile: setup_profiling_timer() is moslty not implemented 2022-07-29 18:12:36 -07:00
smp_spin_table.c arm64: Rename arm64-internal cache maintenance functions 2021-05-25 19:27:49 +01:00
stacktrace.c KVM: arm64: Make unwind()/on_accessible_stack() per-unwinder functions 2022-07-27 18:18:03 +01:00
suspend.c arm64: mte: move register initialization to C 2022-10-21 12:37:42 +02:00
sys.c
sys32.c
sys_compat.c arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall 2022-04-29 19:26:27 +01:00
syscall.c arm64/sme: Remove _EL0 from name of SVCR - FIXME sysreg.h 2022-05-16 19:50:20 +01:00
time.c arm64: Make profile_pc() use arch_stack_walk() 2021-12-10 14:06:04 +00:00
topology.c arm64: topology: move store_cpu_topology() to shared code 2022-10-21 12:37:38 +02:00
trace-events-emulation.h
traps.c arm64/sysreg: Standardise naming for CTR_EL0 fields 2022-07-05 11:45:45 +01:00
vdso-wrap.S
vdso.c
vdso32-wrap.S
vmlinux.lds.S Merge branch 'for-next/boot' into for-next/core 2022-07-25 10:59:15 +01:00