On 2023/02/22 19:19, lijiang wrote:
On Mon, Feb 20, 2023 at 9:29 AM HAGIO KAZUHITO(萩尾 一仁)
<k-hagio-ab(a)nec.com>
wrote:
> On kernels configured with CONFIG_RANDOMIZE_KSTACK_OFFSET=y and
> random_kstack_offset=on, a random offset is added to the stack with
> __kstack_alloca() at the beginning of do_syscall_64() and other syscall
> entry functions. This function has the following instruction.
>
> <do_syscall_64+32>: sub %rax,%rsp
On the other hand, crash uses only a part of data for ORC unwinder to
> unwind stacks and if an ip value doesn't have a usable ORC data, it
> caluculates the frame size with parsing the assembly of the function.
>
> However, crash cannot calculate the frame size correctly with the
> instruction above, and prints stale return addresses like this:
>
> crash> bt 1
> PID: 1 TASK: ffff9c250023b880 CPU: 0 COMMAND: "systemd"
> #0 [ffffb7e5c001fc80] __schedule at ffffffff91ae2b16
> #1 [ffffb7e5c001fd00] schedule at ffffffff91ae2ed3
> #2 [ffffb7e5c001fd18] schedule_hrtimeout_range_clock at
> ffffffff91ae7ed8
> #3 [ffffb7e5c001fda8] ep_poll at ffffffff913ef828
> #4 [ffffb7e5c001fe48] do_epoll_wait at ffffffff913ef943
> #5 [ffffb7e5c001fe80] __x64_sys_epoll_wait at ffffffff913f0130
> #6 [ffffb7e5c001fed0] do_syscall_64 at ffffffff91ad7169
> #7 [ffffb7e5c001fef0] do_syscall_64 at ffffffff91ad7179 <<
> #8 [ffffb7e5c001ff10] syscall_exit_to_user_mode at ffffffff91adaab2 <<
> stale entries
> #9 [ffffb7e5c001ff20] do_syscall_64 at ffffffff91ad7179 <<
> #10 [ffffb7e5c001ff50] entry_SYSCALL_64_after_hwframe at
> ffffffff91c0009b
> RIP: 00007f258d9427ae RSP: 00007fffda631d60 RFLAGS: 00000293
> ...
>
> To fix this, enhance the usage of ORC data. The ORC unwinder often uses
> %rbp value, so keep it from exception frames and inactive task stacks.
>
Good understanding, Kazu.
The patch looks good to me. So: Ack.
Thank you for the review, applied.
https://github.com/crash-utility/crash/commit/daa43fa5324f2dd232ad72df2c6...
Thanks,
Kazu