mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
604b72b32522d548f855ed82842d2e49bf384edb
linux/kernel
History
Petr Pavlu 604b72b325 function_graph: Fix the ret_stack used by ftrace_graph_ret_addr() 
When ftrace_graph_ret_addr() is invoked to convert a found stack return
address to its original value, the function can end up producing the
following crash:

[   95.442712] BUG: kernel NULL pointer dereference, address: 0000000000000028
[   95.442720] #PF: supervisor read access in kernel mode
[   95.442724] #PF: error_code(0x0000) - not-present page
[   95.442727] PGD 0 P4D 0-
[   95.442731] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[   95.442736] CPU: 1 UID: 0 PID: 2214 Comm: insmod Kdump: loaded Tainted: G           OE K    6.11.0-rc1-default #1 67c62a3b3720562f7e7db5f11c1fdb40b7a2857c
[   95.442747] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE, [K]=LIVEPATCH
[   95.442750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
[   95.442754] RIP: 0010:ftrace_graph_ret_addr+0x42/0xc0
[   95.442766] Code: [...]
[   95.442773] RSP: 0018:ffff979b80ff7718 EFLAGS: 00010006
[   95.442776] RAX: ffffffff8ca99b10 RBX: ffff979b80ff7760 RCX: ffff979b80167dc0
[   95.442780] RDX: ffffffff8ca99b10 RSI: ffff979b80ff7790 RDI: 0000000000000005
[   95.442783] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[   95.442786] R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff8e9491e0
[   95.442790] R13: ffffffff8d6f70f0 R14: ffff979b80167da8 R15: ffff979b80167dc8
[   95.442793] FS:  00007fbf83895740(0000) GS:ffff8a0afdd00000(0000) knlGS:0000000000000000
[   95.442797] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   95.442800] CR2: 0000000000000028 CR3: 0000000005070002 CR4: 0000000000370ef0
[   95.442806] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   95.442809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   95.442816] Call Trace:
[   95.442823]  <TASK>
[   95.442896]  unwind_next_frame+0x20d/0x830
[   95.442905]  arch_stack_walk_reliable+0x94/0xe0
[   95.442917]  stack_trace_save_tsk_reliable+0x7d/0xe0
[   95.442922]  klp_check_and_switch_task+0x55/0x1a0
[   95.442931]  task_call_func+0xd3/0xe0
[   95.442938]  klp_try_switch_task.part.5+0x37/0x150
[   95.442942]  klp_try_complete_transition+0x79/0x2d0
[   95.442947]  klp_enable_patch+0x4db/0x890
[   95.442960]  do_one_initcall+0x41/0x2e0
[   95.442968]  do_init_module+0x60/0x220
[   95.442975]  load_module+0x1ebf/0x1fb0
[   95.443004]  init_module_from_file+0x88/0xc0
[   95.443010]  idempotent_init_module+0x190/0x240
[   95.443015]  __x64_sys_finit_module+0x5b/0xc0
[   95.443019]  do_syscall_64+0x74/0x160
[   95.443232]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   95.443236] RIP: 0033:0x7fbf82f2c709
[   95.443241] Code: [...]
[   95.443247] RSP: 002b:00007fffd5ea3b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   95.443253] RAX: ffffffffffffffda RBX: 000056359c48e750 RCX: 00007fbf82f2c709
[   95.443257] RDX: 0000000000000000 RSI: 000056356ed4efc5 RDI: 0000000000000003
[   95.443260] RBP: 000056356ed4efc5 R08: 0000000000000000 R09: 00007fffd5ea3c10
[   95.443263] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[   95.443267] R13: 000056359c48e6f0 R14: 0000000000000000 R15: 0000000000000000
[   95.443272]  </TASK>
[   95.443274] Modules linked in: [...]
[   95.443385] Unloaded tainted modules: intel_uncore_frequency(E):1 isst_if_common(E):1 skx_edac(E):1
[   95.443414] CR2: 0000000000000028

The bug can be reproduced with kselftests:

 cd linux/tools/testing/selftests
 make TARGETS='ftrace livepatch'
 (cd ftrace; ./ftracetest test.d/ftrace/fgraph-filter.tc)
 (cd livepatch; ./test-livepatch.sh)

The problem is that ftrace_graph_ret_addr() is supposed to operate on the
ret_stack of a selected task but wrongly accesses the ret_stack of the
current task. Specifically, the above NULL dereference occurs when
task->curr_ret_stack is non-zero, but current->ret_stack is NULL.

Correct ftrace_graph_ret_addr() to work with the right ret_stack.

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reported-by: Miroslav Benes <mbenes@suse.cz>
Link: https://lore.kernel.org/20240803131211.17255-1-petr.pavlu@suse.com
Fixes: 7aa1eaef9f ("function_graph: Allow multiple users to attach to function graph")
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2024-08-07 20:20:30 -04:00
..
bpf
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
cgroup
Merge branch 'for-6.10-fixes' into for-6.11
2024-07-14 18:04:03 -10:00
configs
mm/slab: Plumb kmem_buckets into __do_kmalloc_node()
2024-07-03 12:24:19 +02:00
debug
kdb: Get rid of redundant kdb_curr_task()
2024-06-21 15:49:29 +01:00
dma
dma: fix call order in dmam_free_coherent
2024-07-19 07:27:28 +02:00
entry
entry: Respect changes to system call number by trace_sys_enter()
2024-03-12 13:23:32 +01:00
events
Merge tag 'net-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-07-25 13:32:25 -07:00
futex
printk: Change type of CONFIG_BASE_SMALL to bool
2024-05-06 17:39:09 +02:00
gcov
gcov: add support for GCC 14
2024-06-15 10:43:06 -07:00
irq
Merge tag 'irq-msi-2024-07-22' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2024-07-22 14:02:19 -07:00
kcsan
kcsan: Add missing MODULE_DESCRIPTION() macro
2024-06-06 11:21:14 -07:00
livepatch
livepatch: Replace snprintf() with sysfs_emit()
2024-07-02 16:56:18 +02:00
locking
locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node()
2024-07-29 12:16:21 +02:00
module
Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2024-07-09 17:01:46 +02:00
power
mm: remove the implementation of swap_free() and always use swap_free_nr()
2024-07-03 19:30:01 -07:00
printk
Merge tag 'printk-for-6.11-trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux
2024-07-25 13:18:41 -07:00
rcu
Merge branches 'doc.2024.06.06a', 'fixes.2024.07.04a', 'mb.2024.06.28a', 'nocb.2024.06.03a', 'rcu-tasks.2024.06.06a', 'rcutorture.2024.06.06a' and 'srcu.2024.06.18a' into HEAD
2024-07-04 13:54:17 -07:00
sched
profiling: remove profile=sleep support
2024-08-04 13:36:28 -07:00
time
clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()
2024-08-02 18:29:28 +02:00
trace
function_graph: Fix the ret_stack used by ftrace_graph_ret_addr()
2024-08-07 20:20:30 -04:00
.gitignore
acct.c
kernel misc: Remove the now superfluous sentinel elements from ctl_table array
2024-04-24 09:43:53 +02:00
async.c
async: Use a dedicated unbound workqueue with raised min_active
2024-02-09 11:13:59 -10:00
audit_fsnotify.c
audit_tree.c
fsnotify: create a wrapper fsnotify_find_inode_mark()
2024-04-04 16:24:16 +02:00
audit_watch.c
fsnotify: create a wrapper fsnotify_find_inode_mark()
2024-04-04 16:24:16 +02:00
audit.c
audit: use KMEM_CACHE() instead of kmem_cache_create()
2024-01-25 10:12:22 -05:00
audit.h
auditfilter.c
ima: Avoid blocking in RCU read-side critical section
2024-06-13 14:26:50 -04:00
auditsc.c
audit,io_uring: io_uring openat triggers audit reference count underflow
2023-10-13 18:34:46 +02:00
backtracetest.c
backtracetest: add MODULE_DESCRIPTION()
2024-06-24 22:24:55 -07:00
bounds.c
bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
2024-04-29 08:29:29 -07:00
capability.c
cfi.c
compat.c
configs.c
context_tracking.c
context_tracking: Make context_tracking_key __ro_after_init
2024-03-22 11:18:18 +01:00
cpu_pm.c
cpu.c
Merge tag 'x86_cc_for_v6.11_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2024-07-15 19:36:01 -07:00
crash_core.c
Merge tag 'mm-nonmm-stable-2024-05-19-11-56' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2024-05-19 14:02:03 -07:00
crash_reserve.c
crash: remove header files which are included more than once
2024-06-24 22:25:08 -07:00
cred.c
cred: Use KMEM_CACHE() instead of kmem_cache_create()
2024-02-23 17:33:31 -05:00
delayacct.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
dma.c
elfcorehdr.c
crash: remove dependency of FA_DUMP on CRASH_DUMP
2024-02-23 17:48:22 -08:00
exec_domain.c
exit.c
Merge tag 'mm-stable-2024-07-21-14-50' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2024-07-21 17:15:46 -07:00
exit.h
exit: add internal include file with helpers
2023-09-21 12:03:50 -06:00
extable.c
fail_function.c
fork.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
freezer.c
Merge tag 'v6.7-rc6' into sched/core, to pick up fixes
2023-12-23 15:52:13 +01:00
gen_kheaders.sh
kheaders: use command -v to test for existence of cpio
2024-05-30 01:13:20 +09:00
groups.c
groups: Convert group_info.usage to refcount_t
2023-09-29 11:28:39 -07:00
hung_task.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
iomem.c
irq_work.c
jump_label.c
jump_label: Fix the fix, brown paper bags galore
2024-07-31 12:57:39 +02:00
kallsyms_internal.h
kallsyms: get rid of code for absolute kallsyms
2024-07-20 16:33:21 +09:00
kallsyms_selftest.c
mm: vmalloc: enable memory allocation profiling
2024-04-25 20:55:57 -07:00
kallsyms_selftest.h
kallsyms.c
kallsyms: get rid of code for absolute kallsyms
2024-07-20 16:33:21 +09:00
kcmp.c
file: convert to SLAB_TYPESAFE_BY_RCU
2023-10-19 11:02:48 +02:00
Kconfig.freezer
Kconfig.hz
Kconfig.kexec
crash: clean up kdump related config items
2024-02-23 17:48:22 -08:00
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: don't lose track of remote references during softirqs
2024-06-15 10:43:08 -07:00
kexec_core.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
kexec_elf.c
kexec_file.c
crash: add a new kexec flag for hotplug support
2024-04-23 14:59:01 +10:00
kexec_internal.h
crash: remove dependency of FA_DUMP on CRASH_DUMP
2024-02-23 17:48:22 -08:00
kexec.c
crash: add a new kexec flag for hotplug support
2024-04-23 14:59:01 +10:00
kheaders.c
kprobes.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
ksyms_common.c
ksysfs.c
profiling: remove prof_cpu_mask
2024-07-29 10:45:54 -07:00
kthread.c
kunit: Handle test faults
2024-05-06 14:22:02 -06:00
latencytop.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
Makefile
crash: split crash dumping code out from kexec_core.c
2024-02-23 17:48:22 -08:00
module_signature.c
notifier.c
nsproxy.c
pidfd: add pidfs
2024-03-01 12:23:37 +01:00
numa.c
kernel/numa.c: Move logging out of numa.h
2023-12-20 19:26:30 -05:00
padata.c
padata: Disable BH when taking works lock on MT path
2024-04-12 15:07:51 +08:00
panic.c
kernel/panic: add verbose logging of kernel taints in backtraces
2024-06-24 22:25:05 -07:00
params.c
params: Fix multi-line comment style
2023-12-01 09:51:44 -08:00
pid_namespace.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
pid_sysctl.h
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
pid.c
pidfs: remove config option
2024-03-13 12:53:53 -07:00
profile.c
profiling: remove profile=sleep support
2024-08-04 13:36:28 -07:00
ptrace.c
ptrace_attach: shift send(SIGSTOP) into ptrace_set_stopped()
2024-02-22 15:38:52 -08:00
range.c
reboot.c
kernel misc: Remove the now superfluous sentinel elements from ctl_table array
2024-04-24 09:43:53 +02:00
regset.c
regset: use kvzalloc() for regset_get_alloc()
2024-04-25 21:07:03 -07:00
relay.c
kernel: relay: remove relay_file_splice_read dead code, doesn't work
2023-12-29 12:22:27 -08:00
resource_kunit.c
resource: add missing MODULE_DESCRIPTION()
2024-06-28 19:36:30 -07:00
resource.c
resource: Export find_resource_space()
2024-05-28 11:14:14 -05:00
rseq.c
scftorture.c
scftorture: Make torture_type static
2024-05-30 15:31:51 -07:00
scs.c
seccomp.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
signal.c
kernel: rerun task_work while freezing in get_signal()
2024-07-11 01:51:44 -06:00
smp.c
smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
2024-07-10 22:40:39 +02:00
smpboot.c
kthread: add kthread_stop_put
2023-10-04 10:41:57 -07:00
smpboot.h
softirq.c
softirq: Fix suspicious RCU usage in __do_softirq()
2024-04-29 05:03:51 +02:00
stackleak.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
stacktrace.c
stacktrace: fix kernel-doc typo
2023-12-29 12:22:29 -08:00
static_call_inline.c
static_call.c
stop_machine.c
sys_ni.c
Merge tag 'probes-v6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
2024-07-18 12:19:20 -07:00
sys.c
Merge tag 'riscv-for-linus-6.10-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
2024-05-22 09:56:00 -07:00
sysctl-test.c
sysctl: Add module description to sysctl-testing
2024-06-03 15:20:37 +02:00
sysctl.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
task_work.c
task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK
2024-07-29 12:05:06 -07:00
taskstats.c
taskstats: fill_stats_for_tgid: use for_each_thread()
2023-10-04 10:41:57 -07:00
torture.c
torture: Add MODULE_DESCRIPTION()
2024-05-30 15:31:38 -07:00
tracepoint.c
tsacct.c
tsacct: replace strncpy() with strscpy()
2024-07-12 16:39:53 -07:00
ucount.c
Merge tag 'sysctl-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl
2024-05-17 17:31:24 -07:00
uid16.c
uid16.h
umh.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
up.c
smp: Change function signatures to use call_single_data_t
2023-09-13 14:59:24 +02:00
user_namespace.c
user_namespace: remove unnecessary NULL values from kbuf
2024-02-22 15:38:52 -08:00
user-return-notifier.c
user.c
printk: Change type of CONFIG_BASE_SMALL to bool
2024-05-06 17:39:09 +02:00
usermode_driver.c
utsname_sysctl.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
utsname.c
vhost_task.c
vhost_task: Handle SIGKILL by flushing work and exiting
2024-05-22 08:31:15 -04:00
vmcore_info.c
kallsyms: get rid of code for absolute kallsyms
2024-07-20 16:33:21 +09:00
watch_queue.c
watch_queue: fix kcalloc() arguments order
2023-12-21 13:17:54 +01:00
watchdog_buddy.c
watchdog_perf.c
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
2024-07-17 21:11:34 -07:00
watchdog.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
workqueue_internal.h
workqueue.c
workqueue: Remove unneeded lockdep_assert_cpus_held()
2024-07-15 14:01:14 -10:00