From nobody Tue Dec 16 16:41:12 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7428EC77B76 for ; Sun, 23 Apr 2023 01:29:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229985AbjDWB3p (ORCPT ); Sat, 22 Apr 2023 21:29:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229556AbjDWB3n (ORCPT ); Sat, 22 Apr 2023 21:29:43 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99FA52735 for ; Sat, 22 Apr 2023 18:29:17 -0700 (PDT) Received: from dggpemm500013.china.huawei.com (unknown [172.30.72.55]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4Q3rHm0DnXzKtZm; Sun, 23 Apr 2023 09:28:20 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.175.36) by dggpemm500013.china.huawei.com (7.185.36.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 23 Apr 2023 09:29:15 +0800 From: Chen Zhongjin To: CC: , , , , , , , , , Subject: [PATCH v3] x86: profiling: remove lock functions profiling in profile_pc Date: Sun, 23 Apr 2023 09:27:44 +0800 Message-ID: <20230423012744.24320-1-chenzhongjin@huawei.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Originating-IP: [10.67.175.36] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggpemm500013.china.huawei.com (7.185.36.172) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Syzbot has been reporting the problem of stack-out-of-bounds in profile_pc for a long time: https://syzkaller.appspot.com/bug?extid=3D84fe685c02cd112a2ac3 profile_pc will get return address for caller if current function is lock function. For !CONFIG_FRAME_POINTER it uses a hack way to get the caller by directly reading sp[0] or sp [1]. It not works when KASAN is enabled because KASAN pushes data on stack which makes sp[0/1] become KASAN red zone. Then profile_pc reads wrong memory and triggers KASAN warning frequently. This hack might be ok when first added at 2006 but now it's different: 1. There are some lock functions which have frame longer than two stack slots. For these functions sp[0/1] is not a legal return address even KASAN is not enabled. 2. !CONFIG_FRAME_POINTER is more used today because UNWINDER_ORC. 3. Lock function caller information can be prfiled by perf better. Since profile as a low level facility it's not proper to depend on complex generic unwinder to get the next frame. As lock profiling is no longer useful, it's fine to remove it. Fixes: 0cb91a229364 ("[PATCH] i386: Account spinlocks to the caller during = profiling for !FP kernels") Suggested-by: Andi Kleen Signed-off-by: Chen Zhongjin --- v1->v2: Make a more detailed commit log. v2->v3: Also remove if for FRAME_POINTER case; slightly fix the commit log. --- arch/x86/kernel/time.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c index e42faa792c07..52e1f3f0b361 100644 --- a/arch/x86/kernel/time.c +++ b/arch/x86/kernel/time.c @@ -27,25 +27,7 @@ =20 unsigned long profile_pc(struct pt_regs *regs) { - unsigned long pc =3D instruction_pointer(regs); - - if (!user_mode(regs) && in_lock_functions(pc)) { -#ifdef CONFIG_FRAME_POINTER - return *(unsigned long *)(regs->bp + sizeof(long)); -#else - unsigned long *sp =3D (unsigned long *)regs->sp; - /* - * Return address is either directly at stack pointer - * or above a saved flags. Eflags has bits 22-31 zero, - * kernel addresses don't. - */ - if (sp[0] >> 22) - return sp[0]; - if (sp[1] >> 22) - return sp[1]; -#endif - } - return pc; + return instruction_pointer(regs); } EXPORT_SYMBOL(profile_pc); =20 --=20 2.17.1