1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Stack tracing support
4  *
5  * Copyright (C) 2012 ARM Ltd.
6  */
7 #include <linux/kernel.h>
8 #include <linux/efi.h>
9 #include <linux/export.h>
10 #include <linux/filter.h>
11 #include <linux/ftrace.h>
12 #include <linux/kprobes.h>
13 #include <linux/sched.h>
14 #include <linux/sched/debug.h>
15 #include <linux/sched/task_stack.h>
16 #include <linux/stacktrace.h>
17 
18 #include <asm/efi.h>
19 #include <asm/irq.h>
20 #include <asm/stack_pointer.h>
21 #include <asm/stacktrace.h>
22 
23 /*
24  * Kernel unwind state
25  *
26  * @common:      Common unwind state.
27  * @task:        The task being unwound.
28  * @graph_idx:   Used by ftrace_graph_ret_addr() for optimized stack unwinding.
29  * @kr_cur:      When KRETPROBES is selected, holds the kretprobe instance
30  *               associated with the most recently encountered replacement lr
31  *               value.
32  */
33 struct kunwind_state {
34 	struct unwind_state common;
35 	struct task_struct *task;
36 	int graph_idx;
37 #ifdef CONFIG_KRETPROBES
38 	struct llist_node *kr_cur;
39 #endif
40 };
41 
42 static __always_inline void
kunwind_init(struct kunwind_state * state,struct task_struct * task)43 kunwind_init(struct kunwind_state *state,
44 	     struct task_struct *task)
45 {
46 	unwind_init_common(&state->common);
47 	state->task = task;
48 }
49 
50 /*
51  * Start an unwind from a pt_regs.
52  *
53  * The unwind will begin at the PC within the regs.
54  *
55  * The regs must be on a stack currently owned by the calling task.
56  */
57 static __always_inline void
kunwind_init_from_regs(struct kunwind_state * state,struct pt_regs * regs)58 kunwind_init_from_regs(struct kunwind_state *state,
59 		       struct pt_regs *regs)
60 {
61 	kunwind_init(state, current);
62 
63 	state->common.fp = regs->regs[29];
64 	state->common.pc = regs->pc;
65 }
66 
67 /*
68  * Start an unwind from a caller.
69  *
70  * The unwind will begin at the caller of whichever function this is inlined
71  * into.
72  *
73  * The function which invokes this must be noinline.
74  */
75 static __always_inline void
kunwind_init_from_caller(struct kunwind_state * state)76 kunwind_init_from_caller(struct kunwind_state *state)
77 {
78 	kunwind_init(state, current);
79 
80 	state->common.fp = (unsigned long)__builtin_frame_address(1);
81 	state->common.pc = (unsigned long)__builtin_return_address(0);
82 }
83 
84 /*
85  * Start an unwind from a blocked task.
86  *
87  * The unwind will begin at the blocked tasks saved PC (i.e. the caller of
88  * cpu_switch_to()).
89  *
90  * The caller should ensure the task is blocked in cpu_switch_to() for the
91  * duration of the unwind, or the unwind will be bogus. It is never valid to
92  * call this for the current task.
93  */
94 static __always_inline void
kunwind_init_from_task(struct kunwind_state * state,struct task_struct * task)95 kunwind_init_from_task(struct kunwind_state *state,
96 		       struct task_struct *task)
97 {
98 	kunwind_init(state, task);
99 
100 	state->common.fp = thread_saved_fp(task);
101 	state->common.pc = thread_saved_pc(task);
102 }
103 
104 static __always_inline int
kunwind_recover_return_address(struct kunwind_state * state)105 kunwind_recover_return_address(struct kunwind_state *state)
106 {
107 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
108 	if (state->task->ret_stack &&
109 	    (state->common.pc == (unsigned long)return_to_handler)) {
110 		unsigned long orig_pc;
111 		orig_pc = ftrace_graph_ret_addr(state->task, &state->graph_idx,
112 						state->common.pc,
113 						(void *)state->common.fp);
114 		if (WARN_ON_ONCE(state->common.pc == orig_pc))
115 			return -EINVAL;
116 		state->common.pc = orig_pc;
117 	}
118 #endif /* CONFIG_FUNCTION_GRAPH_TRACER */
119 
120 #ifdef CONFIG_KRETPROBES
121 	if (is_kretprobe_trampoline(state->common.pc)) {
122 		unsigned long orig_pc;
123 		orig_pc = kretprobe_find_ret_addr(state->task,
124 						  (void *)state->common.fp,
125 						  &state->kr_cur);
126 		state->common.pc = orig_pc;
127 	}
128 #endif /* CONFIG_KRETPROBES */
129 
130 	return 0;
131 }
132 
133 /*
134  * Unwind from one frame record (A) to the next frame record (B).
135  *
136  * We terminate early if the location of B indicates a malformed chain of frame
137  * records (e.g. a cycle), determined based on the location and fp value of A
138  * and the location (but not the fp value) of B.
139  */
140 static __always_inline int
kunwind_next(struct kunwind_state * state)141 kunwind_next(struct kunwind_state *state)
142 {
143 	struct task_struct *tsk = state->task;
144 	unsigned long fp = state->common.fp;
145 	int err;
146 
147 	/* Final frame; nothing to unwind */
148 	if (fp == (unsigned long)task_pt_regs(tsk)->stackframe)
149 		return -ENOENT;
150 
151 	err = unwind_next_frame_record(&state->common);
152 	if (err)
153 		return err;
154 
155 	state->common.pc = ptrauth_strip_kernel_insn_pac(state->common.pc);
156 
157 	return kunwind_recover_return_address(state);
158 }
159 
160 typedef bool (*kunwind_consume_fn)(const struct kunwind_state *state, void *cookie);
161 
162 static __always_inline void
do_kunwind(struct kunwind_state * state,kunwind_consume_fn consume_state,void * cookie)163 do_kunwind(struct kunwind_state *state, kunwind_consume_fn consume_state,
164 	   void *cookie)
165 {
166 	if (kunwind_recover_return_address(state))
167 		return;
168 
169 	while (1) {
170 		int ret;
171 
172 		if (!consume_state(state, cookie))
173 			break;
174 		ret = kunwind_next(state);
175 		if (ret < 0)
176 			break;
177 	}
178 }
179 
180 /*
181  * Per-cpu stacks are only accessible when unwinding the current task in a
182  * non-preemptible context.
183  */
184 #define STACKINFO_CPU(name)					\
185 	({							\
186 		((task == current) && !preemptible())		\
187 			? stackinfo_get_##name()		\
188 			: stackinfo_get_unknown();		\
189 	})
190 
191 /*
192  * SDEI stacks are only accessible when unwinding the current task in an NMI
193  * context.
194  */
195 #define STACKINFO_SDEI(name)					\
196 	({							\
197 		((task == current) && in_nmi())			\
198 			? stackinfo_get_sdei_##name()		\
199 			: stackinfo_get_unknown();		\
200 	})
201 
202 #define STACKINFO_EFI						\
203 	({							\
204 		((task == current) && current_in_efi())		\
205 			? stackinfo_get_efi()			\
206 			: stackinfo_get_unknown();		\
207 	})
208 
209 static __always_inline void
kunwind_stack_walk(kunwind_consume_fn consume_state,void * cookie,struct task_struct * task,struct pt_regs * regs)210 kunwind_stack_walk(kunwind_consume_fn consume_state,
211 		   void *cookie, struct task_struct *task,
212 		   struct pt_regs *regs)
213 {
214 	struct stack_info stacks[] = {
215 		stackinfo_get_task(task),
216 		STACKINFO_CPU(irq),
217 #if defined(CONFIG_VMAP_STACK)
218 		STACKINFO_CPU(overflow),
219 #endif
220 #if defined(CONFIG_VMAP_STACK) && defined(CONFIG_ARM_SDE_INTERFACE)
221 		STACKINFO_SDEI(normal),
222 		STACKINFO_SDEI(critical),
223 #endif
224 #ifdef CONFIG_EFI
225 		STACKINFO_EFI,
226 #endif
227 	};
228 	struct kunwind_state state = {
229 		.common = {
230 			.stacks = stacks,
231 			.nr_stacks = ARRAY_SIZE(stacks),
232 		},
233 	};
234 
235 	if (regs) {
236 		if (task != current)
237 			return;
238 		kunwind_init_from_regs(&state, regs);
239 	} else if (task == current) {
240 		kunwind_init_from_caller(&state);
241 	} else {
242 		kunwind_init_from_task(&state, task);
243 	}
244 
245 	do_kunwind(&state, consume_state, cookie);
246 }
247 
248 struct kunwind_consume_entry_data {
249 	stack_trace_consume_fn consume_entry;
250 	void *cookie;
251 };
252 
253 static __always_inline bool
arch_kunwind_consume_entry(const struct kunwind_state * state,void * cookie)254 arch_kunwind_consume_entry(const struct kunwind_state *state, void *cookie)
255 {
256 	struct kunwind_consume_entry_data *data = cookie;
257 	return data->consume_entry(data->cookie, state->common.pc);
258 }
259 
arch_stack_walk(stack_trace_consume_fn consume_entry,void * cookie,struct task_struct * task,struct pt_regs * regs)260 noinline noinstr void arch_stack_walk(stack_trace_consume_fn consume_entry,
261 			      void *cookie, struct task_struct *task,
262 			      struct pt_regs *regs)
263 {
264 	struct kunwind_consume_entry_data data = {
265 		.consume_entry = consume_entry,
266 		.cookie = cookie,
267 	};
268 
269 	kunwind_stack_walk(arch_kunwind_consume_entry, &data, task, regs);
270 }
271 
272 struct bpf_unwind_consume_entry_data {
273 	bool (*consume_entry)(void *cookie, u64 ip, u64 sp, u64 fp);
274 	void *cookie;
275 };
276 
277 static bool
arch_bpf_unwind_consume_entry(const struct kunwind_state * state,void * cookie)278 arch_bpf_unwind_consume_entry(const struct kunwind_state *state, void *cookie)
279 {
280 	struct bpf_unwind_consume_entry_data *data = cookie;
281 
282 	return data->consume_entry(data->cookie, state->common.pc, 0,
283 				   state->common.fp);
284 }
285 
arch_bpf_stack_walk(bool (* consume_entry)(void * cookie,u64 ip,u64 sp,u64 fp),void * cookie)286 noinline noinstr void arch_bpf_stack_walk(bool (*consume_entry)(void *cookie, u64 ip, u64 sp,
287 								u64 fp), void *cookie)
288 {
289 	struct bpf_unwind_consume_entry_data data = {
290 		.consume_entry = consume_entry,
291 		.cookie = cookie,
292 	};
293 
294 	kunwind_stack_walk(arch_bpf_unwind_consume_entry, &data, current, NULL);
295 }
296 
dump_backtrace_entry(void * arg,unsigned long where)297 static bool dump_backtrace_entry(void *arg, unsigned long where)
298 {
299 	char *loglvl = arg;
300 	printk("%s %pSb\n", loglvl, (void *)where);
301 	return true;
302 }
303 
dump_backtrace(struct pt_regs * regs,struct task_struct * tsk,const char * loglvl)304 void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk,
305 		    const char *loglvl)
306 {
307 	pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk);
308 
309 	if (regs && user_mode(regs))
310 		return;
311 
312 	if (!tsk)
313 		tsk = current;
314 
315 	if (!try_get_task_stack(tsk))
316 		return;
317 
318 	printk("%sCall trace:\n", loglvl);
319 	arch_stack_walk(dump_backtrace_entry, (void *)loglvl, tsk, regs);
320 
321 	put_task_stack(tsk);
322 }
323 
show_stack(struct task_struct * tsk,unsigned long * sp,const char * loglvl)324 void show_stack(struct task_struct *tsk, unsigned long *sp, const char *loglvl)
325 {
326 	dump_backtrace(NULL, tsk, loglvl);
327 	barrier();
328 }
329 
330 /*
331  * The struct defined for userspace stack frame in AARCH64 mode.
332  */
333 struct frame_tail {
334 	struct frame_tail	__user *fp;
335 	unsigned long		lr;
336 } __attribute__((packed));
337 
338 /*
339  * Get the return address for a single stackframe and return a pointer to the
340  * next frame tail.
341  */
342 static struct frame_tail __user *
unwind_user_frame(struct frame_tail __user * tail,void * cookie,stack_trace_consume_fn consume_entry)343 unwind_user_frame(struct frame_tail __user *tail, void *cookie,
344 	       stack_trace_consume_fn consume_entry)
345 {
346 	struct frame_tail buftail;
347 	unsigned long err;
348 	unsigned long lr;
349 
350 	/* Also check accessibility of one struct frame_tail beyond */
351 	if (!access_ok(tail, sizeof(buftail)))
352 		return NULL;
353 
354 	pagefault_disable();
355 	err = __copy_from_user_inatomic(&buftail, tail, sizeof(buftail));
356 	pagefault_enable();
357 
358 	if (err)
359 		return NULL;
360 
361 	lr = ptrauth_strip_user_insn_pac(buftail.lr);
362 
363 	if (!consume_entry(cookie, lr))
364 		return NULL;
365 
366 	/*
367 	 * Frame pointers should strictly progress back up the stack
368 	 * (towards higher addresses).
369 	 */
370 	if (tail >= buftail.fp)
371 		return NULL;
372 
373 	return buftail.fp;
374 }
375 
376 #ifdef CONFIG_COMPAT
377 /*
378  * The registers we're interested in are at the end of the variable
379  * length saved register structure. The fp points at the end of this
380  * structure so the address of this struct is:
381  * (struct compat_frame_tail *)(xxx->fp)-1
382  *
383  * This code has been adapted from the ARM OProfile support.
384  */
385 struct compat_frame_tail {
386 	compat_uptr_t	fp; /* a (struct compat_frame_tail *) in compat mode */
387 	u32		sp;
388 	u32		lr;
389 } __attribute__((packed));
390 
391 static struct compat_frame_tail __user *
unwind_compat_user_frame(struct compat_frame_tail __user * tail,void * cookie,stack_trace_consume_fn consume_entry)392 unwind_compat_user_frame(struct compat_frame_tail __user *tail, void *cookie,
393 				stack_trace_consume_fn consume_entry)
394 {
395 	struct compat_frame_tail buftail;
396 	unsigned long err;
397 
398 	/* Also check accessibility of one struct frame_tail beyond */
399 	if (!access_ok(tail, sizeof(buftail)))
400 		return NULL;
401 
402 	pagefault_disable();
403 	err = __copy_from_user_inatomic(&buftail, tail, sizeof(buftail));
404 	pagefault_enable();
405 
406 	if (err)
407 		return NULL;
408 
409 	if (!consume_entry(cookie, buftail.lr))
410 		return NULL;
411 
412 	/*
413 	 * Frame pointers should strictly progress back up the stack
414 	 * (towards higher addresses).
415 	 */
416 	if (tail + 1 >= (struct compat_frame_tail __user *)
417 			compat_ptr(buftail.fp))
418 		return NULL;
419 
420 	return (struct compat_frame_tail __user *)compat_ptr(buftail.fp) - 1;
421 }
422 #endif /* CONFIG_COMPAT */
423 
424 
arch_stack_walk_user(stack_trace_consume_fn consume_entry,void * cookie,const struct pt_regs * regs)425 void arch_stack_walk_user(stack_trace_consume_fn consume_entry, void *cookie,
426 					const struct pt_regs *regs)
427 {
428 	if (!consume_entry(cookie, regs->pc))
429 		return;
430 
431 	if (!compat_user_mode(regs)) {
432 		/* AARCH64 mode */
433 		struct frame_tail __user *tail;
434 
435 		tail = (struct frame_tail __user *)regs->regs[29];
436 		while (tail && !((unsigned long)tail & 0x7))
437 			tail = unwind_user_frame(tail, cookie, consume_entry);
438 	} else {
439 #ifdef CONFIG_COMPAT
440 		/* AARCH32 compat mode */
441 		struct compat_frame_tail __user *tail;
442 
443 		tail = (struct compat_frame_tail __user *)regs->compat_fp - 1;
444 		while (tail && !((unsigned long)tail & 0x3))
445 			tail = unwind_compat_user_frame(tail, cookie, consume_entry);
446 #endif
447 	}
448 }
449