arch/riscv/kernel/traps.c | 10 +++++++--- include/linux/uaccess.h | 5 +++++ 2 files changed, 12 insertions(+), 3 deletions(-)
Added userland instruction dump in dump_kernel_instr().
An example:
[ 0.822439] Freeing unused kernel image (initmem) memory: 6916K
[ 0.823817] Run /init as init process
[ 0.839411] init[1]: unhandled signal 4 code 0x1 at 0x000000000005be18 in bb[10000+5fb000]
[ 0.840751] CPU: 0 PID: 1 Comm: init Not tainted 5.14.0-rc4-00049-gbd644290aa72-dirty #187
[ 0.841373] Hardware name: , BIOS
[ 0.841743] epc : 000000000005be18 ra : 0000000000079e74 sp : 0000003fffcafda0
[ 0.842271] gp : ffffffff816e9dc8 tp : 0000000000000000 t0 : 0000000000000000
[ 0.842947] t1 : 0000003fffc9fdf0 t2 : 0000000000000000 s0 : 0000000000000000
[ 0.843434] s1 : 0000000000000000 a0 : 0000003fffca0190 a1 : 0000003fffcafe18
[ 0.843891] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000
[ 0.844357] a5 : 0000000000000000 a6 : 0000000000000000 a7 : 0000000000000000
[ 0.844803] s2 : 0000000000000000 s3 : 0000000000000000 s4 : 0000000000000000
[ 0.845253] s5 : 0000000000000000 s6 : 0000000000000000 s7 : 0000000000000000
[ 0.845722] s8 : 0000000000000000 s9 : 0000000000000000 s10: 0000000000000000
[ 0.846180] s11: 0000000000d144e0 t3 : 0000000000000000 t4 : 0000000000000000
[ 0.846616] t5 : 0000000000000000 t6 : 0000000000000000
[ 0.847204] status: 0000000200000020 badaddr: 00000000f0028053 cause: 0000000000000002
[ 0.848219] Code: f06f ff5f 3823 fa11 0113 fb01 2e23 0201 0293 0000 (8053) f002
[ 0.851016] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
Signed-off-by: Yunhui Cui <cuiyunhui@bytedance.com>
---
arch/riscv/kernel/traps.c | 10 +++++++---
include/linux/uaccess.h | 5 +++++
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
index f910dfccbf5d..a6a850e42d59 100644
--- a/arch/riscv/kernel/traps.c
+++ b/arch/riscv/kernel/traps.c
@@ -33,7 +33,7 @@ int show_unhandled_signals = 1;
static DEFINE_SPINLOCK(die_lock);
-static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
+static void dump_instr(const char *loglvl, struct pt_regs *regs)
{
char str[sizeof("0000 ") * 12 + 2 + 1], *p = str;
const u16 *insns = (u16 *)instruction_pointer(regs);
@@ -42,7 +42,10 @@ static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
int i;
for (i = -10; i < 2; i++) {
- bad = get_kernel_nofault(val, &insns[i]);
+ if (user_mode(regs))
+ bad = get_user_nofault(val, &insns[i]);
+ else
+ bad = get_kernel_nofault(val, &insns[i]);
if (!bad) {
p += sprintf(p, i == 0 ? "(%04hx) " : "%04hx ", val);
} else {
@@ -71,7 +74,7 @@ void die(struct pt_regs *regs, const char *str)
print_modules();
if (regs) {
show_regs(regs);
- dump_kernel_instr(KERN_EMERG, regs);
+ dump_instr(KERN_EMERG, regs);
}
cause = regs ? regs->cause : -1;
@@ -104,6 +107,7 @@ void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
print_vma_addr(KERN_CONT " in ", instruction_pointer(regs));
pr_cont("\n");
__show_regs(regs);
+ dump_instr(KERN_EMERG, regs);
}
force_sig_fault(signo, code, (void __user *)addr);
diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
index 3064314f4832..ba8cb37a7241 100644
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -385,6 +385,11 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
long count);
long strnlen_user_nofault(const void __user *unsafe_addr, long count);
+#define get_user_nofault(val, ptr) ({ \
+ const typeof(val) *__gk_ptr = (ptr); \
+ copy_from_user_nofault(&(val), __gk_ptr, sizeof(val));\
+})
+
#ifndef __get_kernel_nofault
#define __get_kernel_nofault(dst, src, type, label) \
do { \
--
2.20.1Yunhui Cui <cuiyunhui@bytedance.com> writes:
> Added userland instruction dump in dump_kernel_instr().
>
> An example:
> [ 0.822439] Freeing unused kernel image (initmem) memory: 6916K
> [ 0.823817] Run /init as init process
> [ 0.839411] init[1]: unhandled signal 4 code 0x1 at 0x000000000005be18 in bb[10000+5fb000]
> [ 0.840751] CPU: 0 PID: 1 Comm: init Not tainted 5.14.0-rc4-00049-gbd644290aa72-dirty #187
> [ 0.841373] Hardware name: , BIOS
> [ 0.841743] epc : 000000000005be18 ra : 0000000000079e74 sp : 0000003fffcafda0
> [ 0.842271] gp : ffffffff816e9dc8 tp : 0000000000000000 t0 : 0000000000000000
> [ 0.842947] t1 : 0000003fffc9fdf0 t2 : 0000000000000000 s0 : 0000000000000000
> [ 0.843434] s1 : 0000000000000000 a0 : 0000003fffca0190 a1 : 0000003fffcafe18
> [ 0.843891] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000
> [ 0.844357] a5 : 0000000000000000 a6 : 0000000000000000 a7 : 0000000000000000
> [ 0.844803] s2 : 0000000000000000 s3 : 0000000000000000 s4 : 0000000000000000
> [ 0.845253] s5 : 0000000000000000 s6 : 0000000000000000 s7 : 0000000000000000
> [ 0.845722] s8 : 0000000000000000 s9 : 0000000000000000 s10: 0000000000000000
> [ 0.846180] s11: 0000000000d144e0 t3 : 0000000000000000 t4 : 0000000000000000
> [ 0.846616] t5 : 0000000000000000 t6 : 0000000000000000
> [ 0.847204] status: 0000000200000020 badaddr: 00000000f0028053 cause: 0000000000000002
> [ 0.848219] Code: f06f ff5f 3823 fa11 0113 fb01 2e23 0201 0293 0000 (8053) f002
> [ 0.851016] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
>
> Signed-off-by: Yunhui Cui <cuiyunhui@bytedance.com>
> ---
> arch/riscv/kernel/traps.c | 10 +++++++---
> include/linux/uaccess.h | 5 +++++
> 2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
> index f910dfccbf5d..a6a850e42d59 100644
> --- a/arch/riscv/kernel/traps.c
> +++ b/arch/riscv/kernel/traps.c
> @@ -33,7 +33,7 @@ int show_unhandled_signals = 1;
>
> static DEFINE_SPINLOCK(die_lock);
>
> -static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
> +static void dump_instr(const char *loglvl, struct pt_regs *regs)
> {
> char str[sizeof("0000 ") * 12 + 2 + 1], *p = str;
> const u16 *insns = (u16 *)instruction_pointer(regs);
> @@ -42,7 +42,10 @@ static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
> int i;
>
> for (i = -10; i < 2; i++) {
> - bad = get_kernel_nofault(val, &insns[i]);
> + if (user_mode(regs))
> + bad = get_user_nofault(val, &insns[i]);
> + else
> + bad = get_kernel_nofault(val, &insns[i]);
> if (!bad) {
> p += sprintf(p, i == 0 ? "(%04hx) " : "%04hx ", val);
> } else {
> @@ -71,7 +74,7 @@ void die(struct pt_regs *regs, const char *str)
> print_modules();
> if (regs) {
> show_regs(regs);
> - dump_kernel_instr(KERN_EMERG, regs);
> + dump_instr(KERN_EMERG, regs);
> }
>
> cause = regs ? regs->cause : -1;
> @@ -104,6 +107,7 @@ void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
> print_vma_addr(KERN_CONT " in ", instruction_pointer(regs));
> pr_cont("\n");
> __show_regs(regs);
> + dump_instr(KERN_EMERG, regs);
> }
>
> force_sig_fault(signo, code, (void __user *)addr);
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 3064314f4832..ba8cb37a7241 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -385,6 +385,11 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
> long count);
> long strnlen_user_nofault(const void __user *unsafe_addr, long count);
>
> +#define get_user_nofault(val, ptr) ({ \
> + const typeof(val) *__gk_ptr = (ptr); \
> + copy_from_user_nofault(&(val), __gk_ptr, sizeof(val));\
> +})
> +
Your previous version had a check:
| /* The user space code from other tasks cannot be accessed. */
| if (regs != task_pt_regs(current))
| return -EPERM;
Why was that left out? Is it not needed?
Your get_user_nofault is only used in this file, so maybe it's better to
do what x86 does, and introduce a static "copy_code()" that deals with
the user/kernel checks/copy?
Björn
Hi Björn,
On Thu, Aug 17, 2023 at 9:27 PM Björn Töpel <bjorn@kernel.org> wrote:
>
> Yunhui Cui <cuiyunhui@bytedance.com> writes:
>
> > Added userland instruction dump in dump_kernel_instr().
> >
> > An example:
> > [ 0.822439] Freeing unused kernel image (initmem) memory: 6916K
> > [ 0.823817] Run /init as init process
> > [ 0.839411] init[1]: unhandled signal 4 code 0x1 at 0x000000000005be18 in bb[10000+5fb000]
> > [ 0.840751] CPU: 0 PID: 1 Comm: init Not tainted 5.14.0-rc4-00049-gbd644290aa72-dirty #187
> > [ 0.841373] Hardware name: , BIOS
> > [ 0.841743] epc : 000000000005be18 ra : 0000000000079e74 sp : 0000003fffcafda0
> > [ 0.842271] gp : ffffffff816e9dc8 tp : 0000000000000000 t0 : 0000000000000000
> > [ 0.842947] t1 : 0000003fffc9fdf0 t2 : 0000000000000000 s0 : 0000000000000000
> > [ 0.843434] s1 : 0000000000000000 a0 : 0000003fffca0190 a1 : 0000003fffcafe18
> > [ 0.843891] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000
> > [ 0.844357] a5 : 0000000000000000 a6 : 0000000000000000 a7 : 0000000000000000
> > [ 0.844803] s2 : 0000000000000000 s3 : 0000000000000000 s4 : 0000000000000000
> > [ 0.845253] s5 : 0000000000000000 s6 : 0000000000000000 s7 : 0000000000000000
> > [ 0.845722] s8 : 0000000000000000 s9 : 0000000000000000 s10: 0000000000000000
> > [ 0.846180] s11: 0000000000d144e0 t3 : 0000000000000000 t4 : 0000000000000000
> > [ 0.846616] t5 : 0000000000000000 t6 : 0000000000000000
> > [ 0.847204] status: 0000000200000020 badaddr: 00000000f0028053 cause: 0000000000000002
> > [ 0.848219] Code: f06f ff5f 3823 fa11 0113 fb01 2e23 0201 0293 0000 (8053) f002
> > [ 0.851016] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
> >
> > Signed-off-by: Yunhui Cui <cuiyunhui@bytedance.com>
> > ---
> > arch/riscv/kernel/traps.c | 10 +++++++---
> > include/linux/uaccess.h | 5 +++++
> > 2 files changed, 12 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
> > index f910dfccbf5d..a6a850e42d59 100644
> > --- a/arch/riscv/kernel/traps.c
> > +++ b/arch/riscv/kernel/traps.c
> > @@ -33,7 +33,7 @@ int show_unhandled_signals = 1;
> >
> > static DEFINE_SPINLOCK(die_lock);
> >
> > -static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
> > +static void dump_instr(const char *loglvl, struct pt_regs *regs)
> > {
> > char str[sizeof("0000 ") * 12 + 2 + 1], *p = str;
> > const u16 *insns = (u16 *)instruction_pointer(regs);
> > @@ -42,7 +42,10 @@ static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
> > int i;
> >
> > for (i = -10; i < 2; i++) {
> > - bad = get_kernel_nofault(val, &insns[i]);
> > + if (user_mode(regs))
> > + bad = get_user_nofault(val, &insns[i]);
> > + else
> > + bad = get_kernel_nofault(val, &insns[i]);
> > if (!bad) {
> > p += sprintf(p, i == 0 ? "(%04hx) " : "%04hx ", val);
> > } else {
> > @@ -71,7 +74,7 @@ void die(struct pt_regs *regs, const char *str)
> > print_modules();
> > if (regs) {
> > show_regs(regs);
> > - dump_kernel_instr(KERN_EMERG, regs);
> > + dump_instr(KERN_EMERG, regs);
> > }
> >
> > cause = regs ? regs->cause : -1;
> > @@ -104,6 +107,7 @@ void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
> > print_vma_addr(KERN_CONT " in ", instruction_pointer(regs));
> > pr_cont("\n");
> > __show_regs(regs);
> > + dump_instr(KERN_EMERG, regs);
> > }
> >
> > force_sig_fault(signo, code, (void __user *)addr);
> > diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> > index 3064314f4832..ba8cb37a7241 100644
> > --- a/include/linux/uaccess.h
> > +++ b/include/linux/uaccess.h
> > @@ -385,6 +385,11 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
> > long count);
> > long strnlen_user_nofault(const void __user *unsafe_addr, long count);
> >
> > +#define get_user_nofault(val, ptr) ({ \
> > + const typeof(val) *__gk_ptr = (ptr); \
> > + copy_from_user_nofault(&(val), __gk_ptr, sizeof(val));\
> > +})
> > +
>
> Your previous version had a check:
> | /* The user space code from other tasks cannot be accessed. */
> | if (regs != task_pt_regs(current))
> | return -EPERM;
>
> Why was that left out? Is it not needed?
>
> Your get_user_nofault is only used in this file, so maybe it's better to
> do what x86 does, and introduce a static "copy_code()" that deals with
> the user/kernel checks/copy?
Okay, i‘ll update it to v4.
Thanks,
Yunhui
© 2016 - 2025 Red Hat, Inc.