From nobody Thu Oct  9 14:39:50 2025
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com
 [216.40.44.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0954B5383;
	Tue, 17 Jun 2025 22:51:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=216.40.44.13
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1750200679; cv=none;
 b=hNAPQaQcBSCxDO3Xj79i0HUuWF3nVXwyXoZeD/gg9gTno2+AnHMLnd06Ut3Fah3S7bE6CTrawwYtuBiPkmSkxRJvbr4Ssxbqt8VonWqZdimQ+XBb5ybMiOnyxFMARsQbePvBR0e9st3ZZPQxVZld1XRQ61CV4cHkz5KFOgX4BlQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1750200679; c=relaxed/simple;
	bh=Kp6RYb5t+RCZ7jokiwYGJB2GAw8QmJKJAuA8NhLPUp4=;
	h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version:
	 Content-Type;
 b=bG8NfJH/mP9c6fmbY5R/nhWFMAmddz1pN6mS9W7NJtofyshtGMakGBSzHhiDdc1VLYNyoYm+BddrUH6vrhK47PfvIjt9lHorBVmEaFh2gNt2Lx3FmKaiIYYzmg3b8hTJBDAVW+Pt2GRqMGBRFEsilXMcpnKUKlhLuaq7U9OiZeg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=goodmis.org;
 spf=pass smtp.mailfrom=goodmis.org; arc=none smtp.client-ip=216.40.44.13
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=goodmis.org
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=goodmis.org
Received: from omf01.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 4C8415F01C;
	Tue, 17 Jun 2025 22:51:15 +0000 (UTC)
Received: from [HIDDEN] (Authenticated sender: nevets@goodmis.org) by
 omf01.hostedemail.com (Postfix) with ESMTPA id 46A6860011;
	Tue, 17 Jun 2025 22:51:12 +0000 (UTC)
Received: from rostedt by gandalf with local (Exim 4.98.2)
	(envelope-from <rostedt@goodmis.org>)
	id 1uRf9D-00000002L8o-0mIa;
	Tue, 17 Jun 2025 18:51:19 -0400
Message-ID: <20250617225119.037842151@goodmis.org>
User-Agent: quilt/0.68
Date: Tue, 17 Jun 2025 18:50:21 -0400
From: Steven Rostedt <rostedt@goodmis.org>
To: linux-kernel@vger.kernel.org,
 linux-trace-kernel@vger.kernel.org,
 bpf@vger.kernel.org,
 x86@kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
 Josh Poimboeuf <jpoimboe@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>,
 Ingo Molnar <mingo@kernel.org>,
 Jiri Olsa <jolsa@kernel.org>,
 Namhyung Kim <namhyung@kernel.org>,
 Thomas Gleixner <tglx@linutronix.de>,
 Andrii Nakryiko <andrii@kernel.org>,
 Indu Bhagat <indu.bhagat@oracle.com>,
 "Jose E. Marchesi" <jemarch@gnu.org>,
 Beau Belgrave <beaub@linux.microsoft.com>,
 Jens Remus <jremus@linux.ibm.com>,
 Linus Torvalds <torvalds@linux-foundation.org>,
 Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH v6 12/12] unwind_user/sframe: Add .sframe validation option
References: <20250617225009.233007152@goodmis.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Rspamd-Queue-Id: 46A6860011
X-Stat-Signature: jaxhukph5skj4tuhj9qr6q1kq4y4pfmx
X-Rspamd-Server: rspamout05
X-Session-Marker: 6E657665747340676F6F646D69732E6F7267
X-Session-ID: U2FsdGVkX19hQztm/p4BjEUc0SSv37svTRxwDa6q3zM=
X-HE-Tag: 1750200672-592088
X-HE-Meta: 
 U2FsdGVkX1/GKRvTwuSUpbwBsWNMWFFyAqxCR4+tyAokYduk8y7ss0FeSNow6H2kcxwMSw9bq9kOubc5r0YUuKQvcATGWF3tT330Uabkhvf6GjL4f/ckhoCfjgByAeVGSLXTO/DYf8Fx+EsYqxbVZDg+aSF9uey5fPxLzaw9H0kV3cUzBfvhJTglyOHSw0n1iy0WG/wUIfPexDLXLFZ8y0snHAGEZ3ECaAA4yFggcsaHq6ozTj6l3h7yqLxy1Mb9WloXhnyg6tmnoQth+dfJhZMqPjyMoS5Vf+RpZUPnwccr9UmSMTIRWzAool5ucyv1BfJ4Mi2sO6EW9WDYhJVDJtRfabRY+cY4oWb1YtdtuF6vV2jtyIKiYw6psRTrkHDIXbo5Tco/J9KNeRDda9XBrUsOcdJOQhTWuA+FUzHjOzk=
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Josh Poimboeuf <jpoimboe@kernel.org>

Add a debug feature to validate all .sframe sections when first loading
the file rather than on demand.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
 arch/Kconfig           | 19 ++++++++++
 kernel/unwind/sframe.c | 81 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)

diff --git a/arch/Kconfig b/arch/Kconfig
index 0c6056ef13de..86eec85cb898 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -450,6 +450,25 @@ config HAVE_UNWIND_USER_SFRAME
 	bool
 	select UNWIND_USER
=20
+config SFRAME_VALIDATION
+	bool "Enable .sframe section debugging"
+	depends on HAVE_UNWIND_USER_SFRAME
+	depends on DYNAMIC_DEBUG
+	help
+	  When adding an .sframe section for a task, validate the entire
+	  section immediately rather than on demand.
+
+	  This is a debug feature which is helpful for rooting out .sframe
+	  section issues.  If the .sframe section is corrupt, it will fail to
+	  load immediately, with more information provided in dynamic printks.
+
+	  This has a significant page cache footprint due to its reading of the
+	  entire .sframe section for every loaded executable and shared
+	  library.  Also, it's done for all processes, even those which don't
+	  get stack traced by the kernel.  Not recommended for general use.
+
+	  If unsure, say N.
+
 config HAVE_PERF_REGS
 	bool
 	help
diff --git a/kernel/unwind/sframe.c b/kernel/unwind/sframe.c
index 3972bce40fc7..6159f072bdb6 100644
--- a/kernel/unwind/sframe.c
+++ b/kernel/unwind/sframe.c
@@ -353,6 +353,83 @@ int sframe_find(unsigned long ip, struct unwind_user_f=
rame *frame)
 	return ret;
 }
=20
+#ifdef CONFIG_SFRAME_VALIDATION
+
+static __always_inline int __sframe_validate_section(struct sframe_section=
 *sec)
+{
+	unsigned long prev_ip =3D 0;
+	unsigned int i;
+
+	for (i =3D 0; i < sec->num_fdes; i++) {
+		struct sframe_fre *fre, *prev_fre =3D NULL;
+		unsigned long ip, fre_addr;
+		struct sframe_fde fde;
+		struct sframe_fre fres[2];
+		bool which =3D false;
+		unsigned int j;
+		int ret;
+
+		ret =3D __read_fde(sec, i, &fde);
+		if (ret)
+			return ret;
+
+		ip =3D sec->sframe_start + fde.start_addr;
+		if (ip <=3D prev_ip) {
+			dbg_sec_uaccess("fde %u not sorted\n", i);
+			return -EFAULT;
+		}
+		prev_ip =3D ip;
+
+		fre_addr =3D sec->fres_start + fde.fres_off;
+		for (j =3D 0; j < fde.fres_num; j++) {
+			int ret;
+
+			fre =3D which ? fres : fres + 1;
+			which =3D !which;
+
+			ret =3D __read_fre(sec, &fde, fre_addr, fre);
+			if (ret) {
+				dbg_sec_uaccess("fde %u: __read_fre(%u) failed\n", i, j);
+				dbg_print_fde_uaccess(sec, &fde);
+				return ret;
+			}
+
+			fre_addr +=3D fre->size;
+
+			if (prev_fre && fre->ip_off <=3D prev_fre->ip_off) {
+				dbg_sec_uaccess("fde %u: fre %u not sorted\n", i, j);
+				return -EFAULT;
+			}
+
+			prev_fre =3D fre;
+		}
+	}
+
+	return 0;
+}
+
+static int sframe_validate_section(struct sframe_section *sec)
+{
+	int ret;
+
+	if (!user_read_access_begin((void __user *)sec->sframe_start,
+				    sec->sframe_end - sec->sframe_start)) {
+		dbg_sec("section usercopy failed\n");
+		return -EFAULT;
+	}
+
+	ret =3D __sframe_validate_section(sec);
+	user_read_access_end();
+	return ret;
+}
+
+#else /*  !CONFIG_SFRAME_VALIDATION */
+
+static int sframe_validate_section(struct sframe_section *sec) { return 0;=
 }
+
+#endif /* !CONFIG_SFRAME_VALIDATION */
+
+
 static void free_section(struct sframe_section *sec)
 {
 	dbg_free(sec);
@@ -461,6 +538,10 @@ int sframe_add_section(unsigned long sframe_start, uns=
igned long sframe_end,
 		goto err_free;
 	}
=20
+	ret =3D sframe_validate_section(sec);
+	if (ret)
+		goto err_free;
+
 	ret =3D mtree_insert_range(sframe_mt, sec->text_start, sec->text_end, sec=
, GFP_KERNEL);
 	if (ret) {
 		dbg_sec("mtree_insert_range failed: text=3D%lx-%lx\n",
--=20
2.47.2