On Thu, Oct 05, 2017 at 08:02:33PM +0900, Tetsuo Handa wrote:
> Josh Poimboeuf wrote:
> > On Wed, Oct 04, 2017 at 06:44:50AM +0900, Tetsuo Handa wrote:
> > > Josh Poimboeuf wrote:
> > > > On Tue, Oct 03, 2017 at 11:28:15AM -0500, Josh Poimboeuf wrote:
> > > > > There are two bugs:
> > > > >
> > > > > 1) Somebody -- presumably lockdep -- is corrupting the stack. Need
> > > > > the
> > > > > lockdep people to look at that.
> > > > >
> > > > > 2) The 32-bit FP unwinder isn't handling the corrupt stack very well,
> > > > > It's blindly dereferencing untrusted data:
> > > > >
> > > > > /* Is the next frame pointer an encoded pointer to pt_regs? */
> > > > > regs = decode_frame_pointer(next_bp);
> > > > > if (regs) {
> > > > > frame = (unsigned long *)regs;
> > > > > len = regs_size(regs);
> > > > > state->got_irq = true;
> > > > >
> > > > > On 32-bit, regs_size() dereferences the regs pointer before we know
> > > > > it
> > > > > points to a valid stack. I'll fix that, along with the other
> > > > > unwinder
> > > > > improvements I discussed with Linus.
> > > >
> > > > Tetsuo and/or Fengguang,
> > > >
> > > > Would you mind testing with this patch? It should at least prevent the
> > > > unwinder panic and should hopefully print a useful unwinder dump
> > > > instead.
> > > >
> > > Here are two outputs.
> >
> > Tetsuo, would you mind trying the following patch?
> >
> Here are two outputs. Same kernel with different host hardware.
Thanks, these dumps are more "normal":
- The first shows a missing frame pointer setup in
atomic64_add_unless_cx8().
- The second shows some frame pointer related issue in the kthread
creation path.
I don't plan on fixing those, because we don't yet have objtool support
for 32-bit and we don't have anything which needs reliable stack traces
there. I'll probably just disable those unwinder dumps on 32-bit.
--
Josh
