arm64: ftrace: fix function_graph tracer panic

When function graph tracer is enabled, the following operation will trigger panic: mount -t debugfs nodev /sys/kernel echo next_tgid > /sys/kernel/tracing/set_ftrace_filter echo function_graph > /sys/kernel/tracing/current_tracer ls /proc/ ------------[ cut here ]------------ [ 198.501417] Unable to handle kernel paging request at virtual address cb88537fdc8ba316 [ 198.506126] pgd = ffffffc008f79000 [ 198.509363] [cb88537fdc8ba316] *pgd=00000000488c6003, *pud=00000000488c6003, *pmd=0000000000000000 [ 198.517726] Internal error: Oops: 94000005 [#1] SMP [ 198.518798] Modules linked in: [ 198.520582] CPU: 1 PID: 1388 Comm: ls Tainted: G [ 198.521800] Hardware name: linux,dummy-virt (DT) [ 198.522852] task: ffffffc0fa9e8000 ti: ffffffc0f9ab0000 task.ti: ffffffc0f9ab0000 [ 198.524306] PC is at next_tgid+0x30/0x100 [ 198.525205] LR is at return_to_handler+0x0/0x20 [ 198.526090] pc : [<ffffffc0002a1070>] lr : [<ffffffc0000907c0>] pstate: 60000145 [ 198.527392] sp : ffffffc0f9ab3d40 [ 198.528084] x29: ffffffc0f9ab3d40 x28: ffffffc0f9ab0000 [ 198.529406] x27: ffffffc000d6a000 x26: ffffffc000b786e8 [ 198.530659] x25: ffffffc0002a1900 x24: ffffffc0faf16c00 [ 198.531942] x23: ffffffc0f9ab3ea0 x22: 0000000000000002 [ 198.533202] x21: ffffffc000d85050 x20: 0000000000000002 [ 198.534446] x19: 0000000000000002 x18: 0000000000000000 [ 198.535719] x17: 000000000049fa08 x16: ffffffc000242efc [ 198.537030] x15: 0000007fa472b54c x14: ffffffffff000000 [ 198.538347] x13: ffffffc0fada84a0 x12: 0000000000000001 [ 198.539634] x11: ffffffc0f9ab3d70 x10: ffffffc0f9ab3d70 [ 198.540915] x9 : ffffffc0000907c0 x8 : ffffffc0f9ab3d40 [ 198.542215] x7 : 0000002e330f08f0 x6 : 0000000000000015 [ 198.543508] x5 : 0000000000000f08 x4 : ffffffc0f9835ec0 [ 198.544792] x3 : cb88537fdc8ba316 x2 : cb88537fdc8ba306 [ 198.546108] x1 : 0000000000000002 x0 : ffffffc000d85050 [ 198.547432] [ 198.547920] Process ls (pid: 1388, stack limit = 0xffffffc0f9ab0020) [ 198.549170] Stack: (0xffffffc0f9ab3d40 to 0xffffffc0f9ab4000) [ 198.582568] Call trace: [ 198.583313] [<ffffffc0002a1070>] next_tgid+0x30/0x100 [ 198.584359] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70 [ 198.585503] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70 [ 198.586574] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70 [ 198.587660] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70 [ 198.588896] Code: aa0003f5 2a0103f4 b4000102 91004043 (885f7c60) [ 198.591092] ---[ end trace 6a346f8f20949ac8 ]--- This is because when using function graph tracer, if the traced function return value is in multi regs ([x0-x7]), return_to_handler may corrupt them. So in return_to_handler, the parameter regs should be protected properly. Cc: <stable@vger.kernel.org> # 3.18+ Signed-off-by: Li Bin <huawei.libin@huawei.com> Acked-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
author: Li Bin <huawei.libin@huawei.com> 2015-09-29 22:49:55 -0400
committer: Catalin Marinas <catalin.marinas@arm.com> 2015-10-02 06:12:56 -0400
commit: ee556d00cf20012e889344a0adbbf809ab5015a3 (patch)
tree: 21880eb6317793473dea4af2612e292479918f02 /arch
parent: 1a541b4e3cd6f5795022514114854b3e1345f24e (diff)
1 files changed, 20 insertions, 2 deletions
diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S
index 08cafc518b9a..0f03a8fe2314 100644
--- a/arch/arm64/kernel/entry-ftrace.S
+++ b/arch/arm64/kernel/entry-ftrace.S
@@ -178,6 +178,24 @@ ENTRY(ftrace_stub)
 ENDPROC(ftrace_stub)
 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
+        /* save return value regs*/
+        .macro save_return_regs
+        sub sp, sp, #64
+        stp x0, x1, [sp]
+        stp x2, x3, [sp, #16]
+        stp x4, x5, [sp, #32]
+        stp x6, x7, [sp, #48]
+        .endm
+        /* restore return value regs*/
+        .macro restore_return_regs
+        ldp x0, x1, [sp]
+        ldp x2, x3, [sp, #16]
+        ldp x4, x5, [sp, #32]
+        ldp x6, x7, [sp, #48]
+        add sp, sp, #64
+        .endm
 /*
 * void ftrace_graph_caller(void)
 *
@@ -204,11 +222,11 @@ ENDPROC(ftrace_graph_caller)
 * only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled.
 */
 ENTRY(return_to_handler)
-        str     x0, [sp, #-16]!
+        save_return_regs
        mov     x0, x29                 //     parent's fp
        bl      ftrace_return_to_handler// addr = ftrace_return_to_hander(fp);
        mov     x30, x0                 // restore the original return address
-        ldr     x0, [sp], #16
+        restore_return_regs
        ret
 END(return_to_handler)
 #endif /* CONFIG_FUNCTION_GRAPH_TRACER */
author	Li Bin <huawei.libin@huawei.com>	2015-09-29 22:49:55 -0400
committer	Catalin Marinas <catalin.marinas@arm.com>	2015-10-02 06:12:56 -0400
commit	ee556d00cf20012e889344a0adbbf809ab5015a3 (patch)
tree	21880eb6317793473dea4af2612e292479918f02 /arch
parent	1a541b4e3cd6f5795022514114854b3e1345f24e (diff)

diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S index 08cafc518b9a..0f03a8fe2314 100644 --- a/arch/arm64/kernel/entry-ftrace.S +++ b/arch/arm64/kernel/entry-ftrace.S
@@ -178,6 +178,24 @@ ENTRY(ftrace_stub)
178	ENDPROC(ftrace_stub)	178	ENDPROC(ftrace_stub)
179		179
180	#ifdef CONFIG_FUNCTION_GRAPH_TRACER	180	#ifdef CONFIG_FUNCTION_GRAPH_TRACER
		181	/* save return value regs*/
		182	.macro save_return_regs
		183	sub sp, sp, #64
		184	stp x0, x1, [sp]
		185	stp x2, x3, [sp, #16]
		186	stp x4, x5, [sp, #32]
		187	stp x6, x7, [sp, #48]
		188	.endm
		189
		190	/* restore return value regs*/
		191	.macro restore_return_regs
		192	ldp x0, x1, [sp]
		193	ldp x2, x3, [sp, #16]
		194	ldp x4, x5, [sp, #32]
		195	ldp x6, x7, [sp, #48]
		196	add sp, sp, #64
		197	.endm
		198
181	/*	199	/*
182	* void ftrace_graph_caller(void)	200	* void ftrace_graph_caller(void)
183	*	201	*
@@ -204,11 +222,11 @@ ENDPROC(ftrace_graph_caller)
204	* only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled.	222	* only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled.
205	*/	223	*/
206	ENTRY(return_to_handler)	224	ENTRY(return_to_handler)
207	str x0, [sp, #-16]!	225	save_return_regs
208	mov x0, x29 // parent's fp	226	mov x0, x29 // parent's fp
209	bl ftrace_return_to_handler// addr = ftrace_return_to_hander(fp);	227	bl ftrace_return_to_handler// addr = ftrace_return_to_hander(fp);
210	mov x30, x0 // restore the original return address	228	mov x30, x0 // restore the original return address
211	ldr x0, [sp], #16	229	restore_return_regs
212	ret	230	ret
213	END(return_to_handler)	231	END(return_to_handler)
214	#endif /* CONFIG_FUNCTION_GRAPH_TRACER */	232	#endif /* CONFIG_FUNCTION_GRAPH_TRACER */