bb5e5ce545
Printing kernel text addresses in stack dumps is of questionable value, especially now that address randomization is becoming common. It can be a security issue because it leaks kernel addresses. It also affects the usefulness of the stack dump. Linus says: "I actually spend time cleaning up commit messages in logs, because useless data that isn't actually information (random hex numbers) is actively detrimental. It makes commit logs less legible. It also makes it harder to parse dumps. It's not useful. That makes it actively bad. I probably look at more oops reports than most people. I have not found the hex numbers useful for the last five years, because they are just randomized crap. The stack content thing just makes code scroll off the screen etc, for example." The only real downside to removing these addresses is that they can be used to disambiguate duplicate symbol names. However such cases are rare, and the context of the stack dump should be enough to be able to figure it out. There's now a 'faddr2line' script which can be used to convert a function address to a file name and line: $ ./scripts/faddr2line ~/k/vmlinux write_sysrq_trigger+0x51/0x60 write_sysrq_trigger+0x51/0x60: write_sysrq_trigger at drivers/tty/sysrq.c:1098 Or gdb can be used: $ echo "list *write_sysrq_trigger+0x51" |gdb ~/k/vmlinux |grep "is in" (gdb) 0xffffffff815b5d83 is in driver_probe_device (/home/jpoimboe/git/linux/drivers/base/dd.c:378). (But note that when there are duplicate symbol names, gdb will only show the first symbol it finds. faddr2line is recommended over gdb because it handles duplicates and it also does function size checking.) Here's an example of what a stack dump looks like after this change: BUG: unable to handle kernel NULL pointer dereference at (null) IP: sysrq_handle_crash+0x45/0x80 PGD 36bfa067 [ 29.650644] PUD 7aca3067 Oops: 0002 [#1] PREEMPT SMP Modules linked in: ... CPU: 1 PID: 786 Comm: bash Tainted: G E 4.9.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014 task: ffff880078582a40 task.stack: ffffc90000ba8000 RIP: 0010:sysrq_handle_crash+0x45/0x80 RSP: 0018:ffffc90000babdc8 EFLAGS: 00010296 RAX: ffff880078582a40 RBX: 0000000000000063 RCX: 0000000000000001 RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000292 RBP: ffffc90000babdc8 R08: 0000000b31866061 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000007 R14: ffffffff81ee8680 R15: 0000000000000000 FS: 00007ffb43869700(0000) GS:ffff88007d400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000007a3e9000 CR4: 00000000001406e0 Stack: ffffc90000babe00 ffffffff81572d08 ffffffff81572bd5 0000000000000002 0000000000000000 ffff880079606600 00007ffb4386e000 ffffc90000babe20 ffffffff81573201 ffff880036a3fd00 fffffffffffffffb ffffc90000babe40 Call Trace: __handle_sysrq+0x138/0x220 ? __handle_sysrq+0x5/0x220 write_sysrq_trigger+0x51/0x60 proc_reg_write+0x42/0x70 __vfs_write+0x37/0x140 ? preempt_count_sub+0xa1/0x100 ? __sb_start_write+0xf5/0x210 ? vfs_write+0x183/0x1a0 vfs_write+0xb8/0x1a0 SyS_write+0x58/0xc0 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: 0033:0x7ffb42f55940 RSP: 002b:00007ffd33bb6b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000046 RCX: 00007ffb42f55940 RDX: 0000000000000002 RSI: 00007ffb4386e000 RDI: 0000000000000001 RBP: 0000000000000011 R08: 00007ffb4321ea40 R09: 00007ffb43869700 R10: 00007ffb43869700 R11: 0000000000000246 R12: 0000000000778a10 R13: 00007ffd33bb5c00 R14: 0000000000000007 R15: 0000000000000010 Code: 34 e8 d0 34 bc ff 48 c7 c2 3b 2b 57 81 be 01 00 00 00 48 c7 c7 e0 dd e5 81 e8 a8 55 ba ff c7 05 0e 3f de 00 01 00 00 00 0f ae f8 <c6> 04 25 00 00 00 00 01 5d c3 e8 4c 49 bc ff 84 c0 75 c3 48 c7 RIP: sysrq_handle_crash+0x45/0x80 RSP: ffffc90000babdc8 CR2: 0000000000000000 Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/69329cb29b8f324bb5fcea14d61d224807fb6488.1477405374.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
303 lines
8.3 KiB
C
303 lines
8.3 KiB
C
/*
|
|
* Copyright (C) 1995 Linus Torvalds
|
|
*
|
|
* Pentium III FXSR, SSE support
|
|
* Gareth Hughes <gareth@valinux.com>, May 2000
|
|
*/
|
|
|
|
/*
|
|
* This file handles the architecture-dependent parts of process handling..
|
|
*/
|
|
|
|
#include <linux/cpu.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/elfcore.h>
|
|
#include <linux/smp.h>
|
|
#include <linux/stddef.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/vmalloc.h>
|
|
#include <linux/user.h>
|
|
#include <linux/interrupt.h>
|
|
#include <linux/delay.h>
|
|
#include <linux/reboot.h>
|
|
#include <linux/mc146818rtc.h>
|
|
#include <linux/export.h>
|
|
#include <linux/kallsyms.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/personality.h>
|
|
#include <linux/percpu.h>
|
|
#include <linux/prctl.h>
|
|
#include <linux/ftrace.h>
|
|
#include <linux/uaccess.h>
|
|
#include <linux/io.h>
|
|
#include <linux/kdebug.h>
|
|
|
|
#include <asm/pgtable.h>
|
|
#include <asm/ldt.h>
|
|
#include <asm/processor.h>
|
|
#include <asm/fpu/internal.h>
|
|
#include <asm/desc.h>
|
|
#ifdef CONFIG_MATH_EMULATION
|
|
#include <asm/math_emu.h>
|
|
#endif
|
|
|
|
#include <linux/err.h>
|
|
|
|
#include <asm/tlbflush.h>
|
|
#include <asm/cpu.h>
|
|
#include <asm/idle.h>
|
|
#include <asm/syscalls.h>
|
|
#include <asm/debugreg.h>
|
|
#include <asm/switch_to.h>
|
|
#include <asm/vm86.h>
|
|
|
|
void __show_regs(struct pt_regs *regs, int all)
|
|
{
|
|
unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L;
|
|
unsigned long d0, d1, d2, d3, d6, d7;
|
|
unsigned long sp;
|
|
unsigned short ss, gs;
|
|
|
|
if (user_mode(regs)) {
|
|
sp = regs->sp;
|
|
ss = regs->ss & 0xffff;
|
|
gs = get_user_gs(regs);
|
|
} else {
|
|
sp = kernel_stack_pointer(regs);
|
|
savesegment(ss, ss);
|
|
savesegment(gs, gs);
|
|
}
|
|
|
|
printk(KERN_DEFAULT "EIP: %pS\n", (void *)regs->ip);
|
|
printk(KERN_DEFAULT "EFLAGS: %08lx CPU: %d\n", regs->flags,
|
|
smp_processor_id());
|
|
|
|
printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
|
|
regs->ax, regs->bx, regs->cx, regs->dx);
|
|
printk(KERN_DEFAULT "ESI: %08lx EDI: %08lx EBP: %08lx ESP: %08lx\n",
|
|
regs->si, regs->di, regs->bp, sp);
|
|
printk(KERN_DEFAULT " DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x\n",
|
|
(u16)regs->ds, (u16)regs->es, (u16)regs->fs, gs, ss);
|
|
|
|
if (!all)
|
|
return;
|
|
|
|
cr0 = read_cr0();
|
|
cr2 = read_cr2();
|
|
cr3 = read_cr3();
|
|
cr4 = __read_cr4();
|
|
printk(KERN_DEFAULT "CR0: %08lx CR2: %08lx CR3: %08lx CR4: %08lx\n",
|
|
cr0, cr2, cr3, cr4);
|
|
|
|
get_debugreg(d0, 0);
|
|
get_debugreg(d1, 1);
|
|
get_debugreg(d2, 2);
|
|
get_debugreg(d3, 3);
|
|
get_debugreg(d6, 6);
|
|
get_debugreg(d7, 7);
|
|
|
|
/* Only print out debug registers if they are in their non-default state. */
|
|
if ((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) &&
|
|
(d6 == DR6_RESERVED) && (d7 == 0x400))
|
|
return;
|
|
|
|
printk(KERN_DEFAULT "DR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n",
|
|
d0, d1, d2, d3);
|
|
printk(KERN_DEFAULT "DR6: %08lx DR7: %08lx\n",
|
|
d6, d7);
|
|
}
|
|
|
|
void release_thread(struct task_struct *dead_task)
|
|
{
|
|
BUG_ON(dead_task->mm);
|
|
release_vm86_irqs(dead_task);
|
|
}
|
|
|
|
int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
|
|
unsigned long arg, struct task_struct *p, unsigned long tls)
|
|
{
|
|
struct pt_regs *childregs = task_pt_regs(p);
|
|
struct fork_frame *fork_frame = container_of(childregs, struct fork_frame, regs);
|
|
struct inactive_task_frame *frame = &fork_frame->frame;
|
|
struct task_struct *tsk;
|
|
int err;
|
|
|
|
frame->bp = 0;
|
|
frame->ret_addr = (unsigned long) ret_from_fork;
|
|
p->thread.sp = (unsigned long) fork_frame;
|
|
p->thread.sp0 = (unsigned long) (childregs+1);
|
|
memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
|
|
|
|
if (unlikely(p->flags & PF_KTHREAD)) {
|
|
/* kernel thread */
|
|
memset(childregs, 0, sizeof(struct pt_regs));
|
|
frame->bx = sp; /* function */
|
|
frame->di = arg;
|
|
p->thread.io_bitmap_ptr = NULL;
|
|
return 0;
|
|
}
|
|
frame->bx = 0;
|
|
*childregs = *current_pt_regs();
|
|
childregs->ax = 0;
|
|
if (sp)
|
|
childregs->sp = sp;
|
|
|
|
task_user_gs(p) = get_user_gs(current_pt_regs());
|
|
|
|
p->thread.io_bitmap_ptr = NULL;
|
|
tsk = current;
|
|
err = -ENOMEM;
|
|
|
|
if (unlikely(test_tsk_thread_flag(tsk, TIF_IO_BITMAP))) {
|
|
p->thread.io_bitmap_ptr = kmemdup(tsk->thread.io_bitmap_ptr,
|
|
IO_BITMAP_BYTES, GFP_KERNEL);
|
|
if (!p->thread.io_bitmap_ptr) {
|
|
p->thread.io_bitmap_max = 0;
|
|
return -ENOMEM;
|
|
}
|
|
set_tsk_thread_flag(p, TIF_IO_BITMAP);
|
|
}
|
|
|
|
err = 0;
|
|
|
|
/*
|
|
* Set a new TLS for the child thread?
|
|
*/
|
|
if (clone_flags & CLONE_SETTLS)
|
|
err = do_set_thread_area(p, -1,
|
|
(struct user_desc __user *)tls, 0);
|
|
|
|
if (err && p->thread.io_bitmap_ptr) {
|
|
kfree(p->thread.io_bitmap_ptr);
|
|
p->thread.io_bitmap_max = 0;
|
|
}
|
|
return err;
|
|
}
|
|
|
|
void
|
|
start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
|
|
{
|
|
set_user_gs(regs, 0);
|
|
regs->fs = 0;
|
|
regs->ds = __USER_DS;
|
|
regs->es = __USER_DS;
|
|
regs->ss = __USER_DS;
|
|
regs->cs = __USER_CS;
|
|
regs->ip = new_ip;
|
|
regs->sp = new_sp;
|
|
regs->flags = X86_EFLAGS_IF;
|
|
force_iret();
|
|
}
|
|
EXPORT_SYMBOL_GPL(start_thread);
|
|
|
|
|
|
/*
|
|
* switch_to(x,y) should switch tasks from x to y.
|
|
*
|
|
* We fsave/fwait so that an exception goes off at the right time
|
|
* (as a call from the fsave or fwait in effect) rather than to
|
|
* the wrong process. Lazy FP saving no longer makes any sense
|
|
* with modern CPU's, and this simplifies a lot of things (SMP
|
|
* and UP become the same).
|
|
*
|
|
* NOTE! We used to use the x86 hardware context switching. The
|
|
* reason for not using it any more becomes apparent when you
|
|
* try to recover gracefully from saved state that is no longer
|
|
* valid (stale segment register values in particular). With the
|
|
* hardware task-switch, there is no way to fix up bad state in
|
|
* a reasonable manner.
|
|
*
|
|
* The fact that Intel documents the hardware task-switching to
|
|
* be slow is a fairly red herring - this code is not noticeably
|
|
* faster. However, there _is_ some room for improvement here,
|
|
* so the performance issues may eventually be a valid point.
|
|
* More important, however, is the fact that this allows us much
|
|
* more flexibility.
|
|
*
|
|
* The return value (in %ax) will be the "prev" task after
|
|
* the task-switch, and shows up in ret_from_fork in entry.S,
|
|
* for example.
|
|
*/
|
|
__visible __notrace_funcgraph struct task_struct *
|
|
__switch_to(struct task_struct *prev_p, struct task_struct *next_p)
|
|
{
|
|
struct thread_struct *prev = &prev_p->thread,
|
|
*next = &next_p->thread;
|
|
struct fpu *prev_fpu = &prev->fpu;
|
|
struct fpu *next_fpu = &next->fpu;
|
|
int cpu = smp_processor_id();
|
|
struct tss_struct *tss = &per_cpu(cpu_tss, cpu);
|
|
fpu_switch_t fpu_switch;
|
|
|
|
/* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
|
|
|
|
fpu_switch = switch_fpu_prepare(prev_fpu, next_fpu, cpu);
|
|
|
|
/*
|
|
* Save away %gs. No need to save %fs, as it was saved on the
|
|
* stack on entry. No need to save %es and %ds, as those are
|
|
* always kernel segments while inside the kernel. Doing this
|
|
* before setting the new TLS descriptors avoids the situation
|
|
* where we temporarily have non-reloadable segments in %fs
|
|
* and %gs. This could be an issue if the NMI handler ever
|
|
* used %fs or %gs (it does not today), or if the kernel is
|
|
* running inside of a hypervisor layer.
|
|
*/
|
|
lazy_save_gs(prev->gs);
|
|
|
|
/*
|
|
* Load the per-thread Thread-Local Storage descriptor.
|
|
*/
|
|
load_TLS(next, cpu);
|
|
|
|
/*
|
|
* Restore IOPL if needed. In normal use, the flags restore
|
|
* in the switch assembly will handle this. But if the kernel
|
|
* is running virtualized at a non-zero CPL, the popf will
|
|
* not restore flags, so it must be done in a separate step.
|
|
*/
|
|
if (get_kernel_rpl() && unlikely(prev->iopl != next->iopl))
|
|
set_iopl_mask(next->iopl);
|
|
|
|
/*
|
|
* Now maybe handle debug registers and/or IO bitmaps
|
|
*/
|
|
if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV ||
|
|
task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT))
|
|
__switch_to_xtra(prev_p, next_p, tss);
|
|
|
|
/*
|
|
* Leave lazy mode, flushing any hypercalls made here.
|
|
* This must be done before restoring TLS segments so
|
|
* the GDT and LDT are properly updated, and must be
|
|
* done before fpu__restore(), so the TS bit is up
|
|
* to date.
|
|
*/
|
|
arch_end_context_switch(next_p);
|
|
|
|
/*
|
|
* Reload esp0 and cpu_current_top_of_stack. This changes
|
|
* current_thread_info().
|
|
*/
|
|
load_sp0(tss, next);
|
|
this_cpu_write(cpu_current_top_of_stack,
|
|
(unsigned long)task_stack_page(next_p) +
|
|
THREAD_SIZE);
|
|
|
|
/*
|
|
* Restore %gs if needed (which is common)
|
|
*/
|
|
if (prev->gs | next->gs)
|
|
lazy_load_gs(next->gs);
|
|
|
|
switch_fpu_finish(next_fpu, fpu_switch);
|
|
|
|
this_cpu_write(current_task, next_p);
|
|
|
|
return prev_p;
|
|
}
|