From nobody Tue Jun 16 17:20:55 2026 Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazon11013052.outbound.protection.outlook.com [52.101.72.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 300943C3426; Thu, 30 Apr 2026 10:55:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.72.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777546538; cv=fail; b=N4r1uRI757FOEN0BuJ7qAVSJFHU+NbtFTz8u46ElCOx1MMdpe/apxb6/X/YD+Em665mwFJeGrowVD2Ehgk3SgeTMQCzMYfHs6WeX081jXOMeRUuNnU8ACrIxYYwsjYA5lZttvWwHF7YMDFPERpYrI2pam3mmuldvT81DLaUucMg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777546538; c=relaxed/simple; bh=yQ0Fq5dukHz0bpo48wg3pmP44EimYkNohO5/v0uEoPw=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=JxT6q+gPbM9FEpKfsX5w8wQCNGvwQAjhMZ3DHXeIKtIsPj0kJ4yEJJ6Y+xFZG+Jwb++P9KuG39PR2NZEHmvoTVQczezeEkAYE26LKTCLza2wYFOTAUeS6OP9IOmW964S6V/X8+MuVKNjpkAhYNqWOlYgLs9VfBvgX7gMi8ejl+0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=T4RN+lnD; arc=fail smtp.client-ip=52.101.72.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="T4RN+lnD" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=e2vl4JxExuHRoIm/WBFQhbJQAPfIyYQBG5Uv4HOqyjoeGV+k7cpI+MwFOc/OHVlIIf9LTy7BFQV+PaKcs5asTkC8FJACrpkSIlDLoleCpuj7+topoAl9juG3QQUkmpatK2pXr+vSsSL+KHPseFw9CtWcwUJQr0GQ4MwjFK/nMlOm3wRsDJcZi1bLvSVx0AKOPsTw9SFbpRo5z7lnMlZD6B249sNDgMAKrHgLRnOGKI1oI7PNCCSDTM6/5KMJ0CV0i4nhOn8xonv/1x4omAtA8fv99BzH1cRY77pZSUznd8Pz4isROPq024cpiyPUHFo6MM/YzJ3aspqXUUHUtfeXIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eLIumcBjdZ4/2ojapoQziXN0mBW27zcNw69zGs8Owc4=; b=M5X5TdWU1gMGpK2X9yZLa7Suy30+x4J+O8znXDAksqNM+OkMS6VW7l8/izaPwJixDRiMO3+V3bVY1253fKoTrcsThulS+R9bnRa4vVcZazgYQ4YAtjJngo+px5KGsC0zZYgtaKdkxMZx9i2K1MbSc209qZZ738gCRdaCvZp/b7wdb0NHcqYZWwlRvFkZB3EUAw+/ENE9klWGR5pziFSta2mseaEUIrIBjzsFMduR9J8P/7wb6kpmuf20ylM5C5Ye8G3/U960kuMG9pZainBOukYCH33puneCQoqr0V1rISX6W0o5CEjpVymBp+jfYtLzAlUFwFGFEbx9kx1vcS5Iaw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eLIumcBjdZ4/2ojapoQziXN0mBW27zcNw69zGs8Owc4=; b=T4RN+lnD79ZHrN2mKgp/sY6THtYDwed9fIQa0erv/dRhQ+I7KurmysBuXMxILF1VSIK6V/A6d6fLB2vFILLUrASq+BHGPBkWpnMAz2bOqLNeOUIOqTiqXiCprRDlpv9S4TP1h/FlKbKLhrxx2dpHcCbq1LCCvGrO15Y7WHTeTToCKsrf5aOriuScvk4m7lh7hTaj7h4R0j99UKywlG7X+EmSCFfpEmROC26EnzJZVZLVv+Bv8vmZF3Irt3ytSrhsXvS6QQnvYKa+esGKHOYbh7SoafxDJ/fK6GhLmJNTNbciodZoPGu2dxGrxytHn2Axy3uakzWq3gn6x67J2rmksQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from PAWP189MB2611.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:336::8) by DB4P189MB3117.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:5dc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9870.18; Thu, 30 Apr 2026 10:55:32 +0000 Received: from PAWP189MB2611.EURP189.PROD.OUTLOOK.COM ([fe80::b400:cf4f:b2e1:d884]) by PAWP189MB2611.EURP189.PROD.OUTLOOK.COM ([fe80::b400:cf4f:b2e1:d884%6]) with mapi id 15.20.9870.020; Thu, 30 Apr 2026 10:55:32 +0000 From: Fredrik Markstrom Date: Thu, 30 Apr 2026 12:55:13 +0200 Subject: [PATCH v2 1/3] arm64: perf: Skip device memory during user callchain unwinding Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260430-master-with-pfix-v3-v2-1-bd526ec04a75@est.tech> References: <20260430-master-with-pfix-v3-v2-0-bd526ec04a75@est.tech> In-Reply-To: <20260430-master-with-pfix-v3-v2-0-bd526ec04a75@est.tech> To: Catalin Marinas , Will Deacon , Shuah Khan , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Mark Rutland , Alexander Shishkin , Jiri Olsa , Ian Rogers , Adrian Hunter , James Clark , Santosh Shilimkar , Olof Johansson , Tony Lindgren Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-perf-users@vger.kernel.org, Nicolas Pitre , Fredrik Markstrom , Ivar Holmqvist , Malin Jonsson X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777546525; l=7911; i=fredrik.markstrom@est.tech; h=from:subject:message-id; bh=yQ0Fq5dukHz0bpo48wg3pmP44EimYkNohO5/v0uEoPw=; b=ikXtLmcnu8H2EL3Uba+jHXn1iKel3o8bmfW+UlGxDWcn5TfWUTdvT/8UzCBYRUfaxYaQO1IM9 2KFwwOiAF6jDY0JvDu7Cpl1hOC2KWJN8t6OeDnBvGKGZ16u5IRG5MIO X-Developer-Key: i=fredrik.markstrom@est.tech; a=ed25519; pk=0a8IXHEgAX55JPS8VZfTf1sDp7q/oAOf459tDQd40Eg= X-ClientProxiedBy: GVZP280CA0026.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:276::17) To PAWP189MB2611.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:336::8) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAWP189MB2611:EE_|DB4P189MB3117:EE_ X-MS-Office365-Filtering-Correlation-Id: cc060908-d539-4d96-642f-08dea6a6ffd7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|10070799003|366016|18002099003|22082099003|56012099003|921020; X-Microsoft-Antispam-Message-Info: w9QS4WtI1js9jFJz/AWaMoAk6jNLQ4YCSScHOvldnZiY75ZftE1Pqwe8Q0vgLENEtFivvxhuYzd9aRGtirdaDQaqnAqJam1eYaS7cyOJo3RFTuOAnbawp6O36QD+gTlEe332LfIr6JupUR8CZOq6ayHIPiJkNhRRMWUxjmnRE9Z4yByeNgvEuAHN0ClTBjwNOKGPPfQs779O3bEYIZAXH7B7GwZy4fcDCcuv9WUgo1UbrsFxYzGZ+60giASqhnH9U4x/dWKyCbR15eOW0h0bCpmfsdb2V0zDYseJG7dBTIDBiHZodF47Pi7JzSPspwCwhBy5r9T1Nn0OkNokceYMzL+4exwHMA40L5nihm6x2GzygjaOn5nRCwWarMwe0+7ZgD47Eg5SP0gzxa8y4oHgpu+wrB8fjpPHRZwTHuvai/WX6ioVhRrZtjlqGmSw899sxpU0PcUKgtuQOwmDvKR6ZFv3OohFLWr9ZdahAYoZJR6BJj1DIgy3x5HHbhFenvC81Yrc3v3msvmcT80ha8+zeSUHDuxZm9QvIFd/I/ISPXnwNx0xnRpOrzVTPMpW2H83KnJjws3HW7dWX3r44gPt/veTfKaD/9dY3//8U5EdxqtxPfeE4ED1TBEDyD8NtxUSjF1Sy7QNx+Vir8joYVge3lcPtwAKoQYZhdCRp6wVZkQWOOBoyCkpz4DS6GslBbSlFSpNuBFoyhjO90K1hzkO9+TSnRjLw+bOv82vYUo2WZu9DM5orL0TQA3em++hPca6OtdaRlbAzU6WsLW63wD26w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAWP189MB2611.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(10070799003)(366016)(18002099003)(22082099003)(56012099003)(921020);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Ymt2MmJqbld0K2M3TTZaTGxVTEtmbjlHYTZvd25yRktnS0VYcGw1dGZkK2w5?= =?utf-8?B?SXZ4MTl5RHdoOVpoSmd5eHZDeGpVamNhYUxtcGxxbzJmWFpXY1UwUnlxaHJO?= =?utf-8?B?ZzRpYXdhemhKVlNGWXdVeXE5T2p6eWhmNTI1d3VsUUJSSWNxekFzK21uWDVl?= =?utf-8?B?UElPbkhEQ2VMbENHV3dpdS84ekx3RWZ2RnhPYS85MnhJN2FQMFk2eWdVbEJE?= =?utf-8?B?a0hHclRIMGcvek5FcXR5ZnlXS3Bxd29GOXd2NjQ4V1VWYmhmQTVpSm9kcFQ1?= =?utf-8?B?UndyRVZ0SmhSOW9TYUE0UmVvc1pFZzIrRWhodHVQcElJU2JtWHhkUkNOUlBu?= =?utf-8?B?dW9xVUFUT3dQNnFtQWViK3NVenBMenVsbHR2b2o5dHVhY1RxQ0FQa3ptTnlG?= =?utf-8?B?bUJzZXpORXRUYmRqa29sN1p0aVBIY1lRUEtNTXFpdHhuRHVGSHQxMStZNHhO?= =?utf-8?B?bE1WYU1XQmpSbnVhRWJBYS9HNW43dnpZbGIrVVdTUnA1SWtHNDZXVU94d1dw?= =?utf-8?B?aXhrZU1MaHNDUGNaVFpSZzNpNGF6YVhMQW5Gd1NaRzlwTitKWTZTUjdqUWNM?= =?utf-8?B?R21RamNLam95bUlzYVVrVTZnY3JkSHl2eDk3VUthZE5YdFJhdk5VVmhoR3V5?= =?utf-8?B?RExzNHBaN0xsN0RuZU9OMjBQb1B5QVBNMGFxM2VIakRNbVl3Y0JzZ1VWNnhZ?= =?utf-8?B?aFpVbWNVNVhuMWx6dG9YeUpIYTlnYTQySmduSmhwYW9WNlRKRGhPZGhRMjVC?= =?utf-8?B?WGFERy9uZVlLbUwxelpVRjdKMy9tLy90V1NrWnZvNFhGZU82YXh3cUxYenJR?= =?utf-8?B?R283Vnp4Z1AxazgwelNSdGNDT3ovK0xzcDBCbmFxR3VtUTlTWkZaV0NhMWQ0?= =?utf-8?B?T0M1Y2trSFZEVVNVVUpmRmUwL2tocGI1MGV4SkF2T1dQdU10bGRzaUZhcW85?= =?utf-8?B?TlRvUDYyQlA0WmtPalpqS0xOMWRNMitrODBjQk9kb2tiRTBuVUdLU0JTTnZT?= =?utf-8?B?TjBHRFBhWlNyQXg2bnRJa2RqeUowSFI5ZUJ0djlvd2F5Q0g1ajYwYWkyQ1lv?= =?utf-8?B?NEk4MTJqcW1sd2xNWVJQRno3MFZIdHRCZENLRFU1L3FjSU5SMVNGVVB2Z1Bt?= =?utf-8?B?M3JHYU1BWnN3YWsxa2dIamhlSGx4RVVLZWJaeHIzMWYzbWNKZDJTVFdya3dh?= =?utf-8?B?SGs5S1hRbDNzSEFFYkhvTDZZcHdub08yakNEdUZ3QjZrK1FjZkRjZUdkRXg3?= =?utf-8?B?QW9QaWVKK3JIQ055UWJEdVJpL20zQnRacFo0WngydmYrQVZHZGRJUWRURncw?= =?utf-8?B?VnJ1bU1JTFROUHZKZFUrbWtuQVZqUUZGYW1QeWlTZFM2ekFza3ptYTFYYTBN?= =?utf-8?B?ZDZ1Tk05SVo1YjMyeFRlVHprbmVoNnpsWURWK2l1ZWFDOFR4SGVwdXFDZVls?= =?utf-8?B?WmN3bXYzVElSTHcxajQ5WDdOOERZYmRiU3JocTB4UDg1VzFsQnR2UjB5WHp1?= =?utf-8?B?R0IyWXE1b0thUDVOd0w5WDJhMmhuY3ljL1l6S2c2dFZTVVllV09PcysxMGoz?= =?utf-8?B?Q0JpaE9oWTlvUnVoMnp2RS9QcXdZMWNYSXU3cW9yWlFqUGhwK2poU1Zaekxa?= =?utf-8?B?dk01SW81OFpRQmhLVldCbVJBeGMzUlR3c29wMkx4eHJXN2JGeW1oVlhFNVRW?= =?utf-8?B?NkpkbGluOG5OZ3VTdFRXUHhGSTViTzJkTm42UGk3SXk0NWRZTGZxSmdmSml5?= =?utf-8?B?VkRQNG9XblZRS0VWcWc1ZDNaTGExUmViTGMvMGpiNmsxYTRiYzIyOTczdlhN?= =?utf-8?B?U1doTnhyOWpZRjF2ams5RlRhR0JGMStBQkIzQkFUT05JUFU5Wkxtc2hEZTQy?= =?utf-8?B?Z3BsYWtTZE8xSHg5b0FneXN2d0ZzSXl0Y3BaaGRZcHN4Y0hrTjJ2VWliQ2xu?= =?utf-8?B?QUlsRFBBN2QyUkg5RHN4c25TTzlKRWdNNUZ2clJRQjhOVFpoR1k2Q1pSemtB?= =?utf-8?B?ajZwS3RFMWhNajNaWXhxbk1kdVVpbWljSmNHcGlNYktDNFlxOGVYdjhuQ1ZW?= =?utf-8?B?d2tPVGxJR0ZBRFJvTDdEL21uc0RhMzRoRkYzc0NOSVZQZldwZ0lsWk9kZjRD?= =?utf-8?B?dEFGUHRPQms2WGdSUHZ4WUhadmkzNXdxaE9DTVhUSVR2aS9UZU9tUVRFck80?= =?utf-8?B?NUVWbDJBcTIxOG9VMGg4YTExTjBPR1BBNW44Rmlsb3Y4d1VsOGtxZE96bllX?= =?utf-8?B?U3k1cGxHbE45TDR4WENIczFVTDhEUzQwVEhkei85MFJXVHh0ODk4Ty8zNm1M?= =?utf-8?B?by9rQUI1RlBkT1R3amF2MkdvWGd4b3U3dENGdVpCa1Jvd1RIUDJCM1diQnVl?= =?utf-8?Q?IBWeCl+oXtdpWDcvarcied2Kkxgb/mxLJfmGLVSEuGoR9?= X-MS-Exchange-AntiSpam-MessageData-1: R6j1vgMdPDJsZORfUlKjN8ax2b9odvwot4E= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: cc060908-d539-4d96-642f-08dea6a6ffd7 X-MS-Exchange-CrossTenant-AuthSource: PAWP189MB2611.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2026 10:55:32.1225 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: y0x3L9l+lbvFCWUsnoOZ/XUhKDEYShNeJBkeUGlweyWjXQsEqBhs/Ae1lfhHQJsnhsUyfSxmRcniTV1p7N1tvlftLFDZRgFqaCZTpQLs4S4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4P189MB3117 Perf callchain unwinding follows userspace frame pointers via copy_from_user. A corrupted frame pointer can point into device I/O memory mapped into the process (e.g. via UIO), causing the kernel to read from MMIO regions. Reads from device memory can have side effects, trigger bus errors, or produce faults that crash the kernel. Add a lockless page table walk that inspects the MAIR attribute index in the leaf PTE before reading. If the PTE indicates device memory (MT_DEVICE_nGnRnE or MT_DEVICE_nGnRE), the frame is skipped. The walk uses the same lockless accessors as perf_get_pgtable_size() with local_irq_save/restore to ensure page table pages are not freed during the walk, as arch_stack_walk_user() can also be reached from process context via ftrace (stack_trace_save_user). The walk is guarded by #ifdef CONFIG_HAVE_GUP_FAST to match perf_get_pgtable_size(), though the lockless helpers all have generic fallbacks and the guard may not be strictly necessary. A TOCTOU race exists: another thread in the same process could mmap device memory at the target address between the page table walk and the copy_from_user read. Preventing that would require mm-level VM_IO tracking (e.g. an atomic counter on the mm). Without this guard the kernel panics: Internal error: synchronous external abort: 0000000096000010 [#1] SMP CPU: 1 UID: 0 PID: 33 Comm: test_perf_vmio Tainted: G M = 7.0.0+ #37 PREEMPTLAZY Tainted: [M]=3DMACHINE_CHECK Hardware name: linux,dummy-virt (DT) pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) pc : __arch_copy_from_user+0xb8/0x23c lr : arch_stack_walk_user+0x218/0x258 sp : ffff800080433ba0 x29: ffff800080433ba0 x28: ffff00000097ed40 x27: 0000000000000000 x26: 000000000000001f x25: ffffffffffffffff x24: ffff00000097ed40 x23: 000ffffffffffff0 x22: ffff800080433c78 x21: ffff800080022db8 x20: ffff80008032bc60 x19: 0000ffff9e575000 x18: 0000000000000000 x17: ffff7fffbfac5000 x16: ffff800080430000 x15: 0000ffff9e575000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000001 x7 : 000000000000007f x6 : ffff800080433c10 x5 : ffff800080433c20 x4 : 0000000000000000 x3 : 0000000000000010 x2 : 0000000000000010 x1 : 0000ffff9e575000 x0 : ffff800080433c10 Call trace: __arch_copy_from_user+0xb8/0x23c (P) perf_callchain_user+0x1c/0x24 get_perf_callchain+0x130/0x138 perf_callchain+0xac/0xc4 perf_prepare_sample+0xac/0x5d8 perf_event_output_forward+0x44/0xa0 __perf_event_overflow+0x190/0x230 perf_event_overflow+0x18/0x20 armv8pmu_handle_irq+0x154/0x194 armpmu_dispatch_irq+0x28/0x54 handle_percpu_devid_irq+0xf0/0x11c handle_irq_desc+0x3c/0x50 generic_handle_domain_irq+0x14/0x1c gic_handle_irq+0x80/0x98 call_on_irq_stack+0x30/0x4c do_interrupt_handler+0x5c/0x84 el0_interrupt+0x58/0x8c __el0_irq_handler_common+0x14/0x1c el0t_64_irq_handler+0xc/0x14 el0t_64_irq+0x154/0x158 Code: f8400827 f8408828 91004021 a88120c7 (f8400827) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: synchronous external abort: Fatal exception= in interrupt SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0000000,000d0000,00040000,0400400b Memory Limit: none Assisted-by: Kiro:claude-opus-4.6 [kiro-cli] Fixes: 030896885ade ("arm64: Performance counters support") Signed-off-by: Fredrik Markstrom Reviewed-by: Ivar Holmqvist Reviewed-by: Malin Jonsson --- arch/arm64/kernel/stacktrace.c | 109 +++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 109 insertions(+) diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index 3ebcf8c53fb04050488ffc110ff2059028b6772d..4a28df9bbe763ea7e88f02c1797= bf0d4f1bbac2d 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -4,12 +4,14 @@ * * Copyright (C) 2012 ARM Ltd. */ +#include #include #include #include #include #include #include +#include #include #include #include @@ -17,9 +19,110 @@ =20 #include #include +#include #include #include =20 +/* + * addr_is_device_mem - check if a userspace address maps device memory + * + * Walks the current task's page tables without taking the mmap lock, + * using the same lockless pattern as perf_get_pgtable_size() in + * kernel/events/core.c. Inspects the MAIR attribute index in the + * leaf PTE to detect device memory types. + * + * Returns true for device memory (MT_DEVICE_nGnRnE, MT_DEVICE_nGnRE) + * or if the mapping cannot be determined. Safe to call from IRQ/NMI + * context. + */ +static bool addr_is_device_mem(unsigned long addr) +{ +#ifdef CONFIG_HAVE_GUP_FAST + struct mm_struct *mm =3D current->mm; + pgd_t *pgdp, pgd; + p4d_t *p4dp, p4d; + pud_t *pudp, pud; + pmd_t *pmdp, pmd; + pte_t *ptep, pte; + unsigned long flags; + unsigned int idx; + bool is_dev; + + if (!mm) + return true; + + local_irq_save(flags); + + pgdp =3D pgd_offset(mm, addr); + pgd =3D pgdp_get(pgdp); + if (pgd_none(pgd)) + goto err; + + p4dp =3D p4d_offset_lockless(pgdp, pgd, addr); + p4d =3D p4dp_get(p4dp); + if (!p4d_present(p4d)) + goto err; + + pudp =3D pud_offset_lockless(p4dp, p4d, addr); + pud =3D pudp_get(pudp); + if (!pud_present(pud)) + goto err; + + if (pud_leaf(pud)) { + pte =3D pud_pte(pud); + goto check; + } + + pmdp =3D pmd_offset_lockless(pudp, pud, addr); +again: + pmd =3D pmdp_get_lockless(pmdp); + if (!pmd_present(pmd)) + goto err; + + if (pmd_leaf(pmd)) { + pte =3D pmd_pte(pmd); + goto check; + } + + ptep =3D pte_offset_map(&pmd, addr); + if (!ptep) + goto again; + + pte =3D ptep_get_lockless(ptep); + pte_unmap(ptep); + + if (!pte_present(pte)) + goto err; +check: + idx =3D FIELD_GET(PTE_ATTRINDX_MASK, pte_val(pte)); + is_dev =3D idx =3D=3D MT_DEVICE_nGnRnE || idx =3D=3D MT_DEVICE_nGnRE; + local_irq_restore(flags); + return is_dev; +err: + local_irq_restore(flags); + return true; +#else + /* + * Without GUP-fast lockless page table helpers we cannot + * inspect the PTE. Preserve the existing behavior (no + * device memory check) rather than unconditionally blocking + * all unwinding. + */ + return false; +#endif +} + +static bool range_is_device_mem(unsigned long start, unsigned long size) +{ + unsigned long end =3D start + size - 1; + + if (addr_is_device_mem(start)) + return true; + if ((start ^ end) >> PAGE_SHIFT) + return addr_is_device_mem(end); + return false; +} + enum kunwind_source { KUNWIND_SOURCE_UNKNOWN, KUNWIND_SOURCE_FRAME, @@ -524,6 +627,9 @@ unwind_user_frame(struct frame_tail __user *tail, void = *cookie, if (!access_ok(tail, sizeof(buftail))) return NULL; =20 + if (range_is_device_mem((unsigned long)tail, sizeof(buftail))) + return NULL; + pagefault_disable(); err =3D __copy_from_user_inatomic(&buftail, tail, sizeof(buftail)); pagefault_enable(); @@ -572,6 +678,9 @@ unwind_compat_user_frame(struct compat_frame_tail __use= r *tail, void *cookie, if (!access_ok(tail, sizeof(buftail))) return NULL; =20 + if (range_is_device_mem((unsigned long)tail, sizeof(buftail))) + return NULL; + pagefault_disable(); err =3D __copy_from_user_inatomic(&buftail, tail, sizeof(buftail)); pagefault_enable(); --=20 2.51.0 From nobody Tue Jun 16 17:20:55 2026 Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazon11013052.outbound.protection.outlook.com [52.101.72.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 135793BED70; Thu, 30 Apr 2026 10:55:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.72.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777546541; cv=fail; b=MhYSXOKKZjgjr3NlnGQokKGYrrPRIRJqZCIaMh5QL035blGDFFnYqLIsub8SYX0Ee6QnqZi8FyZouNU/rysis43qC7xsGMuESxMd8Xz8q8/gndPUjWb1rF28ULji36XKZ8m0EL3AkYZNUOspExBY7tE+Ma95eIpv/9WVhIgitXI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777546541; c=relaxed/simple; bh=RP9SD6OW+R3UzyIfJtIbgHt9+O+k4MJRzsi9YyE5F5s=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=baGgv/XF5ZsMj59lCoNS7FGn1aCZ+yendaHE9sDhtNMS9HY4j3h9dqOy8ro3F7ijGPtPnfcAg+CeSpBG99NRgXtMUl5gh+9xGmpj8btuwFiMBTR6P5SVKehDtBPElMwjtkonLXUozd4EE1fbtGacLGPnpDIJCLHS18NBpHeKCTQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=JOUGzd61; arc=fail smtp.client-ip=52.101.72.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="JOUGzd61" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=y4WbkigktiIvcGLCVq5hxl4gEXqxJw20ixBPqN1kCdn3kHIw/xyPZkH+MU220wvgSxjFmsgEjAX6fEnFPLAQYvgGShUzI6sRmYvKIjtfxDednJd+eUgBamV4n7I1JLFbltNdhN9s/u+NQlE2B0QRpXo8JXRqpTSEoLqLqDMcTmslky077jen1Gd1sG43Khs1B2DacFFdDJ8M71MNUNmYru6YreFMrxTlQiSTpb9R0vc/MCxmwpkONkomNtZ+KW79MpTQhd9ymCDGsYm07rNqUBiRoi2bIwcXlWOxEs3zuEbKmwxo7aPpT+CnYa/XFhWO+B7N8a9CL3gcukyCTTipog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I18cS2GCA2ZTbrUJZMuRxK5qLAhwQ94e0IJv26AnbIg=; b=Ne0pAGVJlmsWKQcfJvWrhWBXAsX+huAnwTEo2KiO0RMzwWp+HhWuUrSEcFCGb4uh2ZAWc90gYP76T3JSPSaKe6s0slEPnL+bewAtYtfeP3WI7HE2OzJwAiyHiZlg2ImmZl3PRS/Miuo0XtX0tX1gvdTt3buwCqWKMXxLsGKVVsHZg2Oa97z09zKOMrKUTKPNq51Wxii3AXcB/caKBLbjSRGcXARFVzCZ1rmNU8z9MitIZXOOOryOAM/9KHhHjwBpQGCuJ9PdVofpNN5KvuLqUf1iEr0V/xQjC2/eZ1U+uc1OIf96kEeeZv0lSceMHBrpwHtoZcEwQaFAAYThLxSyKw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I18cS2GCA2ZTbrUJZMuRxK5qLAhwQ94e0IJv26AnbIg=; b=JOUGzd61QhXWCPcEyvXQdRR9TJksvvAEdt44tzdzjxcDm37Y+zGjxO/JH6vaGdJOqd48gs+2ZeAr9nFQPnbdW0ht08H3bqlBQrB6y6RVsOF/P9zZLqEPKr+ykn9E7FhV4vXKbsgcmVLJIRQekeeH1xVu5I2nPajlkCKtvFGThkQ1dlVPnzDxeRDZ/mkgj/edBwkYMr/hwjjDfVmU0Y+rBoV7kFD8wpFZGFQTb0I4fzt+NgdBUmdXpQZ8gBuQOV+RNFDqvZuQI79j2hbxJKj2x0If1uL8pE2h8H7XzqBYGzEES00cZM7zmhnjRtTadMxwEeo102SHTQ5h73V50bwGrw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from PAWP189MB2611.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:336::8) by DB4P189MB3117.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:5dc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9870.18; Thu, 30 Apr 2026 10:55:34 +0000 Received: from PAWP189MB2611.EURP189.PROD.OUTLOOK.COM ([fe80::b400:cf4f:b2e1:d884]) by PAWP189MB2611.EURP189.PROD.OUTLOOK.COM ([fe80::b400:cf4f:b2e1:d884%6]) with mapi id 15.20.9870.020; Thu, 30 Apr 2026 10:55:34 +0000 From: Fredrik Markstrom Date: Thu, 30 Apr 2026 12:55:14 +0200 Subject: [PATCH v2 2/3] DO NOT MERGE: arm64: perf: Add skip_vmio parameter to control device memory callchain guard Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260430-master-with-pfix-v3-v2-2-bd526ec04a75@est.tech> References: <20260430-master-with-pfix-v3-v2-0-bd526ec04a75@est.tech> In-Reply-To: <20260430-master-with-pfix-v3-v2-0-bd526ec04a75@est.tech> To: Catalin Marinas , Will Deacon , Shuah Khan , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Mark Rutland , Alexander Shishkin , Jiri Olsa , Ian Rogers , Adrian Hunter , James Clark , Santosh Shilimkar , Olof Johansson , Tony Lindgren Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-perf-users@vger.kernel.org, Nicolas Pitre , Fredrik Markstrom , Ivar Holmqvist , Malin Jonsson X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777546525; l=2497; i=fredrik.markstrom@est.tech; h=from:subject:message-id; bh=RP9SD6OW+R3UzyIfJtIbgHt9+O+k4MJRzsi9YyE5F5s=; b=roX8WpkSV9v0oQZ80uSGj7SX2JMUq4/DWjnxDBHLv1rVu7Tlmhs2tyex7MIELV7Sge5bvN/wk 6Gv458GcTpMAnZZxX9sFlwP61l81ocXTvglyfQjZGYDNDrcBenogNcO X-Developer-Key: i=fredrik.markstrom@est.tech; a=ed25519; pk=0a8IXHEgAX55JPS8VZfTf1sDp7q/oAOf459tDQd40Eg= X-ClientProxiedBy: GV3PEPF0001DBF6.SWEP280.PROD.OUTLOOK.COM (2603:10a6:158:400::306) To PAWP189MB2611.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:336::8) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAWP189MB2611:EE_|DB4P189MB3117:EE_ X-MS-Office365-Filtering-Correlation-Id: 0f41ad77-5b11-45a7-69c7-08dea6a70161 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|10070799003|366016|18002099003|22082099003|56012099003|921020; X-Microsoft-Antispam-Message-Info: /DWH6d8IKhuUq2r4acoCZQYVmM2pJ8OXfddsKde2jr3UAVd8SEvT0wPRfJDQN0g9MkGf2wHDsYOT1uQDaojobCzAIlENqIKFSvwa5wF4uNKDpBytytAAvlo1+j9hJXFhknUtVHgaO4OchlC2rdRrVMxNz2OoU9Jvm4gRdJDfm1DD0xR/Auj/9Sd3qfyUs+n3+HtuA86H3q+hrSVHBpuhUP7L98PQyHn0Qm/H8q9oyrytnfJpMgGYeCM7kFU827Ah/gUp6vzRdo2zFXGZKloKGe8nob+76qgHSOVXpvqUJaDUwbXgJAyZYvKk7Hjp8aU4z9lGAXy8EHhj3Tgv+BLRL3Q2unRorPodv/ZTvbTNYHogUGNQSMzUwcl3bs76FeWTOsC7JQ3LFjPyanDeLh8lIiHCWfo5rz9ao5ZA7Tc5JKEdkAIqXKZjh/g1xmeiyjfsCiEa+bkImhAR9ko+/YCddWzZMtR43nqFHbacdfLb2TyGiJFWgssXN9R3zU32L8PPMTbzMvd8q+rj1FaGw/Z/HiLhVLWZAk+xH8qt4L2ZhjFEhXlAmCoJiTXECqSZUhzy7VEZGZJWss2/eizx0+ERKVyuo9yS8V4/YLVEGuHT4ue2TASyizTRKkPcgP/0AV5FTNqlBEge+bKQCgqTKcQoWMRGGWfMPcfvVrDppwz1yykAA3/hdFnI58/VYDW6e8LCoxg4ufkV/uVd8rYVefRgq0g5OHFTOF7ywQn6Qy+0Z4SzBA82zZORrgru5wIPErfJVoctb/6hw5OjHhYtiKtUyA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAWP189MB2611.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(10070799003)(366016)(18002099003)(22082099003)(56012099003)(921020);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VEo5RlFNQU53cWs1dFF4WVNvOEVMNDN2cnoyTmNPSVlTK0RxNmhEeG1wVzVh?= =?utf-8?B?aDk4RFo0RXhVZjE4Mjk2Ym1yaWVZYmVsQkswVG1McWhueFF4L3FkQ1ZXVXVj?= =?utf-8?B?WFVRUjMrKytUdW8zejZ2RnNKOUZrQnZwaHZNNlpuN1lDZTl1TDl1ZE90Wkt6?= =?utf-8?B?bXY0bVduKy8zUWxubnArUDJhaFRzeUUvZ045dXhzck9xMy9iMnNtVC9vcVgw?= =?utf-8?B?czFwRGJlUEZBdGxndG4rVHpxeU94bDBUVVh3TGpLL25OUi9UU0hsL21rZ1cy?= =?utf-8?B?ZmZOU1pDNzNXaWlqcThvNmlDYlFrY3orU3BqZTYyVVorNS9xd1NsblpPZnAv?= =?utf-8?B?ZDdpRVlqbkR1OG80TUVXN1ZkNjhTU1dVVDcrUW9odDdpTmtwbHVBcWc3K2tz?= =?utf-8?B?eXFHYit3SjgwclJpdkZlTFFWRTF0VGp0TnpYN1poWjVoT3JUMXVvSk4veEtC?= =?utf-8?B?RmEzbEFqUHdQQXo1cGhNOHd2bEQwaXU1bVJxOUhDSVlNVXB4TDkyeS9wOW52?= =?utf-8?B?UU1ZaTNCazN2QnVUN2RVVW84R1BMeVJ3R1dURXRKNUxwT0xKOWdKb0tUQzI2?= =?utf-8?B?TTM5RVNVZHpKR1o5WVhIKzl0a3RFWjNvN29Ddzh1ZVJmSVhDTGdFZjBmZDhW?= =?utf-8?B?RUdRMFdUU0syWnVXQzdyNmN3MlBDTnV4WUMyNTBQcVpwNWEzUFRMbEgzaVJB?= =?utf-8?B?a0Z5djhrdGxNcHlSUzBZZkp1Q1dlNFpFYUVoa0RSMWx0MWs2YkY3b091M1ow?= =?utf-8?B?L0p1OTJLVUFpTUViL2tySk5DSHpDa1RGNU5GeHdtWjh2aEk5NU5FcHZFN1JM?= =?utf-8?B?RVdheksyaGJoVjJ1eTZsRlJzTVY2VC9jS1RzZnByWG9oNmpQdjNJNWdKcUJv?= =?utf-8?B?NTlHY0ViZUE4TWZGTGJUWTVxY2taOC9HMXNwSUV2dGlieVY3SnREcERrbEpm?= =?utf-8?B?eTBHY0lycmlYK2xlVlByZE1nWFE5eEUrb0krVmtYRXFUVVdqd1B6S3d0dWx5?= =?utf-8?B?Y25rb20xYUVCeWRDY3VHVUNGQ1hjOXBkaEZBSDU1U0xGbVg1cWllWlFFWHhH?= =?utf-8?B?SVBOQWZvRzg5dmtFeDY4aG44ZnRWNHNjRGxUeFYyY3VtV0VXOVVsWXdpQXA2?= =?utf-8?B?SEFQbThYTDlDdUI5cEIrM3VtekR5bzlvS3pnMXp2NWYxTU83Tml1M2JrbzVt?= =?utf-8?B?U2pEeTBTUXBaSzFyVVBmWEZuaFlDYkQ5eHdYVk8xR0E2N3FtODhzL0I5bS9W?= =?utf-8?B?aWtGMWxYc0lkTy85YjBEcXhONFVDR2VMN1BhTGVIa3JzcXVtUzRjWHlIY0RX?= =?utf-8?B?TGp3VkplNG96b0MwaHF1WDZKRG1ONHRsa1FPajFSRm04ZVNaUEF4QTJsNDVU?= =?utf-8?B?aW15eU82L2RteXkvUFJ6b2lET1RBdU1UWE9jUkpleDUrVXJuenFCNngyWFJa?= =?utf-8?B?MmpqMmc5cVVPZldUTmlOQjRZV09XM2NFYlpGRFBvZFJSRFZaV3crNXA1WU9D?= =?utf-8?B?TjBNT0xpVkZDaGRsckV6WkxySktJZkhiTzFMeDVSS2NQT3hzRFFxNmpjNThw?= =?utf-8?B?bGM4cXd2Z1FBVEx2bTRTVEI2cld4cVlJWTBpL05BRkhGRTZWbXNVamo5MWtF?= =?utf-8?B?WHkrcjdBNE40MFhReTA3VVA0OWI3VERPMWVJQk10V2hKa0NKOHZJUXpuYkFo?= =?utf-8?B?bHBpMmNUSU9PQ0FxYzR5RTkvdThsRDhOSlBDNk9jZEFiMjdteEFxUS93RHdT?= =?utf-8?B?SU8ycnVuTk5NNEdkVTRtbGxuOFA4N3Z4ajZqTG1CbkJCcmdkNkRBVi80QzBQ?= =?utf-8?B?NVEyME0wTFFzc3c2K05KMjhlRDFnWVRuNmR1bGZpT0ZMQzVYQ25nVjhLcjBa?= =?utf-8?B?cGpqZzhmSlRxUHl0WUg2aTlObDlZR29uL1BOK05LYjdUTFdvUUQyYmkrQjgw?= =?utf-8?B?cjdzcnNZSzFTUkYwZGlRR3dHSkhVZVZmZWh4azBMTjIxVXBtUnVGZWhZL25n?= =?utf-8?B?T1VqL1d5dk9GK2R3NXZkS0FNa3kyRytSdmRwUUtGYkF1RFhTOERnTDZQVVZa?= =?utf-8?B?RWRzMEIvN1ZlNUkwZ0tsS2M5UTJ2cWtsWnJ0NS82M3NSMndrUlNaUExyVUY5?= =?utf-8?B?eUsyNG51WS83Mm83RnZKTHN6NWVkNDZhVjk1Vm1kdWhtcDhoT3V1d21XL1FP?= =?utf-8?B?MFpMQXFYdEF1cFVCK3V2U2FnQkVUTm45K3Q5LzdwRlM2UzdPQnBBeVJoTC9w?= =?utf-8?B?RkNYM254Si9sSkRNZitSdFNqVGtQenV1d1FLbXBHUjRGMWhmVklBRk9WcEdq?= =?utf-8?B?RjNzTnJjVWhHcVEwa2xqNXA2dW9PZTk4RUlKakNFZWQvSml4YjBJbEcxc0gv?= =?utf-8?Q?Tbq9I2bdlU3CyhP26MbHQc0ec3oseDxiGOwxToiSEgTKc?= X-MS-Exchange-AntiSpam-MessageData-1: /hc50Ez3klqOmWeG5OLO1KQX3FvjOuqhhnc= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 0f41ad77-5b11-45a7-69c7-08dea6a70161 X-MS-Exchange-CrossTenant-AuthSource: PAWP189MB2611.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2026 10:55:34.7663 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iVacin3gH3B7OXiCiYcgxe+9BcrUke/XFKMl5CdOcQzl8RSn3oTldk0iGx1G6AC9QvXAAudeIooUIxJXoHwvpJWw0Rvx4lBOpcEJLMxO3Ho= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4P189MB3117 Reproducing the synchronous external abort that the device memory guard prevents requires disabling the guard at runtime. Without this, there is no way to verify the guard is actually needed or to regression-test the crash path. Add a module parameter (skip_vmio, default true) that controls whether the guard is active. Set to 0 to disable it: Boot: stacktrace.skip_vmio=3D0 Runtime: echo 0 > /sys/module/stacktrace/parameters/skip_vmio When disabled, perf follows frame pointers into device memory regions, triggering a synchronous external abort and kernel panic on arm64. Assisted-by: Kiro:claude-opus-4.6 [kiro-cli] Signed-off-by: Fredrik Markstrom Reviewed-by: Ivar Holmqvist Reviewed-by: Malin Jonsson --- arch/arm64/kernel/stacktrace.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index 4a28df9bbe763ea7e88f02c1797bf0d4f1bbac2d..19b5251f214f2f6e083e55894eb= aed84a3a4f585 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -123,6 +124,10 @@ static bool range_is_device_mem(unsigned long start, u= nsigned long size) return false; } =20 +static bool skip_vmio =3D true; +module_param_unsafe(skip_vmio, bool, 0600); +MODULE_PARM_DESC(skip_vmio, "Skip device memory during user callchain unwi= nding"); + enum kunwind_source { KUNWIND_SOURCE_UNKNOWN, KUNWIND_SOURCE_FRAME, @@ -627,7 +632,8 @@ unwind_user_frame(struct frame_tail __user *tail, void = *cookie, if (!access_ok(tail, sizeof(buftail))) return NULL; =20 - if (range_is_device_mem((unsigned long)tail, sizeof(buftail))) + if (READ_ONCE(skip_vmio) && + range_is_device_mem((unsigned long)tail, sizeof(buftail))) return NULL; =20 pagefault_disable(); @@ -678,7 +684,8 @@ unwind_compat_user_frame(struct compat_frame_tail __use= r *tail, void *cookie, if (!access_ok(tail, sizeof(buftail))) return NULL; =20 - if (range_is_device_mem((unsigned long)tail, sizeof(buftail))) + if (READ_ONCE(skip_vmio) && + range_is_device_mem((unsigned long)tail, sizeof(buftail))) return NULL; =20 pagefault_disable(); --=20 2.51.0 From nobody Tue Jun 16 17:20:55 2026 Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazon11013052.outbound.protection.outlook.com [52.101.72.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C7013BFE3A; Thu, 30 Apr 2026 10:55:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.72.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777546550; cv=fail; b=BqZ5sXXp5yfBnpqS/mREC84hic4jgBfWidWbFEc+TbUb5KpqMNj3NIrefkmg1pKeb+OiWwQfjUUMwXXliDh9IsGeVTtvw3SlmETrIeSFJog7zGAJBLC5ovGapdXFLs/Kd2OyzNM20a5OQgBKyQnJiF/niN9eTdIowe5PQiu8PtU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777546550; c=relaxed/simple; bh=0tNePIa2kQRXIa/Bj3oJrrHN/P8EaLRtEp6RYIHY8Lg=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=FqupQTqsmjL/zUr/Vn85BJos8A9eplxBCmT4ZZHi0n8laU/vmI+QQWsM/bjT+rMYDxP99LDdy7L74LrekS4cFtDLrcA0KfW7vVoIIteligA2nGRlpKhnBpBzzfu290crRCfo07eIWv508w3XQfFHUesNx9UIO0zbwKiLKMcOdj0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=RpzcjQ0i; arc=fail smtp.client-ip=52.101.72.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="RpzcjQ0i" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LoO3KMR4gaz9z7PdBje6WJXLnuy0kBMMBVrh+K86KeFY8vYTdZjTyVspaIZAq/BeT0pKEgq8PC5b+1i5xcff/svsHJFMytbzV247IkSdp7uxHGC9y5Jr79PO4qUgO4I8jmc4WdBr3ZHThPmApCJrR6/NBqPI8PiOhTKC+amr7t3NADVvfuQ0Vkytbn9dVUxLElen+k7ZP7wdQ3w/7cGrX28Swvwjhngt1hm/1y2wpJ8CqkS2Kux55cv4yrbE68DUNjMn63AjRypw1oMhHpeceoidYgy6EYnLrLmdscGPymurz0vW928gV1T2nLvdoeZB3KssmNDJHMLnkqKhgeoxfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=F7PLHIF93Vk5dxSnqUydDv0irtq8kaE5CWfBQ8dQF0U=; b=CWPGCzWgGy80J3WDGtZ2CedMgft+IOqf5L2HMxy31TO5abs+/ngofy54PQFiF7wX/Njoy8c8t3bPc+ovCwq3MqQVfjFO9PLTQWH5vdSzHiNpaa7sNVfcAjd1ja0pKuLDnEYjWthNNI/aPlS90y95HHgK8RTa0CC2HjM0P4dzux5KNa7Lr9GFpMAxwGSER1wz5wyT0jy/aAI5QDavBZK5mQJau2jSf3zNKqQvyYx+MHBD6Pr7NmvAN0FJ2Xic2SfMfWYGMq+zBO1+QnS18wOga0xRZRhss9eNBMDp+Baxq2JcC5AfEBscoEvNK1hib6mrpgR2drluNyXo0ZuQlFfyWA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F7PLHIF93Vk5dxSnqUydDv0irtq8kaE5CWfBQ8dQF0U=; b=RpzcjQ0i50E6yd5P6TNYy0nnYsV9SEDc3J83eR2OsVTztOI4cdMEGmeeeC457YfdE7c+GApl/F4I8k9an4HmMxxDaWgQ9/EqKd/g3tplOIG+TbFnaVBGOLLQCXTOfy04APSU9a9yh7UkrMiUqcpCAlHha6fAFyyAdyimO8LeiiK+06udxFISbujDiQPkJNmr/yPY3VNYBc3QXIR1lDeME2uSuYXS3Kxe89X5i7zNj8uoWPVdMwunekjv8m50nvoKZl6DtucPx8oK3A0LkQaDAyqGuGC0IMos0Ih256XqiLT6WHj7hHafWg5PpaJN6bWCGgFDuhWTTUGXT6jvZpiGiw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from PAWP189MB2611.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:336::8) by DB4P189MB3117.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:5dc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9870.18; Thu, 30 Apr 2026 10:55:37 +0000 Received: from PAWP189MB2611.EURP189.PROD.OUTLOOK.COM ([fe80::b400:cf4f:b2e1:d884]) by PAWP189MB2611.EURP189.PROD.OUTLOOK.COM ([fe80::b400:cf4f:b2e1:d884%6]) with mapi id 15.20.9870.020; Thu, 30 Apr 2026 10:55:37 +0000 From: Fredrik Markstrom Date: Thu, 30 Apr 2026 12:55:15 +0200 Subject: [PATCH v2 3/3] DO NOT MERGE: selftests: perf_events: Add device memory callchain unwinding test Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260430-master-with-pfix-v3-v2-3-bd526ec04a75@est.tech> References: <20260430-master-with-pfix-v3-v2-0-bd526ec04a75@est.tech> In-Reply-To: <20260430-master-with-pfix-v3-v2-0-bd526ec04a75@est.tech> To: Catalin Marinas , Will Deacon , Shuah Khan , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Mark Rutland , Alexander Shishkin , Jiri Olsa , Ian Rogers , Adrian Hunter , James Clark , Santosh Shilimkar , Olof Johansson , Tony Lindgren Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-perf-users@vger.kernel.org, Nicolas Pitre , Fredrik Markstrom , Ivar Holmqvist , Malin Jonsson X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777546525; l=6672; i=fredrik.markstrom@est.tech; h=from:subject:message-id; bh=0tNePIa2kQRXIa/Bj3oJrrHN/P8EaLRtEp6RYIHY8Lg=; b=4Yhf0lC4xgm80/9H7DwHJ7l4cawXTt9M0lBdJeSkAtJKEMEgZaLUixrD/+0XQ3w0mcCacTdPj RyUFLEUSoS/Db6aGEp1FdJ5nWETjXPg2fe2Dzu0HlvG7nfEV7lY8tZ7 X-Developer-Key: i=fredrik.markstrom@est.tech; a=ed25519; pk=0a8IXHEgAX55JPS8VZfTf1sDp7q/oAOf459tDQd40Eg= X-ClientProxiedBy: GVX0EPF0005F6EF.SWEP280.PROD.OUTLOOK.COM (2603:10a6:158:400::256) To PAWP189MB2611.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:336::8) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAWP189MB2611:EE_|DB4P189MB3117:EE_ X-MS-Office365-Filtering-Correlation-Id: 3617eeb4-94f9-4002-8f18-08dea6a70311 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|10070799003|366016|18002099003|22082099003|56012099003|921020; X-Microsoft-Antispam-Message-Info: fLIo981yaqP62uv4JuW2s7Ia23Iyq/rJQ3MBGcYFz8DwrdvYD/tdKEUk4YNObd4dzBWAks7272QO5iSBH4EU8HHv8pKORCtvoyajAkEDKSCnoM1OP0EYtd7W2bna6nvMqVIyVrqIl9VfjoD4mmTrH4G2gu7jctVbuxC2b23PxBX4AEUsNgrYzC1plCIfGkwG75N/hjx9c390YRi78v3DXTskTyuBh00eWi36PIfBT3CJv5MvrVApCUQ0uw5l7Vx4mYhxV/8hhzI9xxNeksLbJlRasy7gINmJdnYLMmHBkT9cZukKqgXRnwlDz0xiP3YqT5wJyT3SVdzo9OJYpzKJT8u/O3L9hXSExC3WymkXmSchmsmNj2LAYPZcZhnFhcjE8CauezDmMrd6t+zaj3LHNOW0UGKTT+8s0gOeP+CYEh7V4gen3uDjcxPqkiy6hOmOtQ/anN3ViFvQ0ORaYt4A89qp6CX4Cm/3UDFbc7R/QAPfBrdTkHYnXyiLKGbuEibjOYGZRrTyW9B3KRyRhIsh1gxejZXyEHBlfJB6jmXdRT22PB6KzDsZwej93GxAuKUsQKHx6JLJrYUcsYgSIJ0bhpJ7vMQgHgX3MeYb1dsES80WDKnJMbLiDje7lS8bAwL/I9/QGasDbLm3rNB5F1P7OP5XnTw5AuhZi2dcOMYKnA2OovdJ4aMxnVfh5PRbT+9HLB3YuZmWYQC5ml32AJLFwtHMynbFyiTdXskbXXwJOqNzJmR0/H8yt+5RBDY7tYnxpvuC2w+sPZSI+QEWmBuoxg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAWP189MB2611.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(10070799003)(366016)(18002099003)(22082099003)(56012099003)(921020);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?UTFKZUVQWlg2TG9JVXVTemlXWGJOOWFQUXZBR3BoWWxjcnBmRHZNOTd4cjVK?= =?utf-8?B?TDUzOXlYZUtnemV4RW40cFJUYjdrVzBmUzVTWU5qODdxK2JZU2lOZjhhS2lE?= =?utf-8?B?eFdDcjNCTnIzVzBtRXBrYVk3eVh3NmFZSzNwTEk5QkVNOTMzb0wrMVpOUVVo?= =?utf-8?B?RUd5Z0RGWVpEdXdCZUNvWGdoYTVWMEdsZzAzbVpjcUFJN1UyOW5lY0dwdTlC?= =?utf-8?B?R1hCVDhQOTcySFZBTGx6YTZiMGczK2VOTjlEbkVwNUl4cy9UbXMrZ0VOVHVH?= =?utf-8?B?VCsxSXpnN29Jb2tXM3A1ZWxtQmZZT2Ezd3NPNGZGdGQzcXduMWZqQ1p1RFVU?= =?utf-8?B?b1FxL1A2Zm53c3ZXaU5mKzJManFLVVlBdkVzQ0QzMXRGOHp5dlRLMlA1MUJJ?= =?utf-8?B?UnZiNmhqWXVSV0pQQlNWOG16QWlaRHprZFE4V3luL3dVQW5HbktzUWg4QkI3?= =?utf-8?B?WC8wVGxaVmVmai85Nm5hemFQK1hKM3RoZHlVSFFqWGliZWdlMVpPZE5nU2dV?= =?utf-8?B?c0FReVd2REVRVkFaVlhtRkhWWC85RC93RDhzZ0NKdkROK0hrWUw4a2x1SGNk?= =?utf-8?B?MUNnM1g4cEhCc3RhbWR0RVR4eHhTQTBZSUkrcG9qSm1Oa2hGNjNDeGZFaVBQ?= =?utf-8?B?L2FNczMzOTQwK2xqaVZadDJIRWdrVWxYbVRvb3VXQy9GWXpMaFhXbG1FYnA3?= =?utf-8?B?UjR2Sy9tYmlkSU9LOXlhWExTVHpKdUlISDh1bFY5MUZwaWprQlNmNVZVNTJS?= =?utf-8?B?emFjU1p2V3UyMllMeXpwdmZ4cWNZWWcvUlFiaUNONlIzZ1NzL3hKaDNoQVlC?= =?utf-8?B?S2o5OHJiWjJLaXZJdTREN2ZNa0xjd1MwWmZJR0NVZjBYLytxZDhPM2VjVFlF?= =?utf-8?B?aFcyNDQ2eE5TRzZCa3dqY01jRUlMZjVjWXRJL0xhMXNYcGYwMTBPSkZEQU9y?= =?utf-8?B?c21VcDR4SWxYRG51YXBmUFZaOWZNdjlHUHFOMml1S1NBZE1KT0ZRc1ZsaHVa?= =?utf-8?B?aWh6NnRpOGVVbksyRFpiSnE4SWVZZFdWY1FIU2VmbFdORlUwblBWYVd6NWw3?= =?utf-8?B?T3pDV2ZPUGNKclIyYUNqdW5Ibnh6eGJtODcxNEhpdGFkL1JEU254NGUrZGRq?= =?utf-8?B?QmdlL2FtVG9ueUdYaFA2N2dIU2I1YzQwUnFLaUt6MnJFbGljU1RjOHF1MW9s?= =?utf-8?B?bUlJeTNnaFdxeTFjL1ZlRkx1ci9Ob1N2V0tmWnplMDBldGp0ZG5wc0VjRGpa?= =?utf-8?B?L3oyT1gvdHlMMHlNb1JrOG1abEtPQmc0ODlWM3Zad2M1eW45M0JIcEJlcEVm?= =?utf-8?B?aldyZ1JLRHA5NzAvaDh3a3g2cm04SE1aTzFFNDFzUDREb25wMlRhdU04Z3RR?= =?utf-8?B?QjZtNk5QTXVmYy9DV1FVSXVud2Z6dVFyVFVRMnB4OURtdWx2WmtoMCtSTzhN?= =?utf-8?B?dGdPajBXa3ArR2h3aG0xVGdyUUIyc2ZxVVl3eXdPWitGTUVhZjk1ZC9DZ0t3?= =?utf-8?B?TitZZGkxTWRvYkxwKzlUVG9LNys4bHJSTEpJNXI3TzZkUktJVWVvajZtQmxZ?= =?utf-8?B?T3NsemNlbnlDUXVyeTNYUFc0TFIvM013enB5ZEVZZ05FOUk5M1lmNTJaTGZH?= =?utf-8?B?aWdBa2VWL3JHOWVjdksreUh6ckx4T0lMeG1kUURnWlRNT1lzYzBxK3RoNkxD?= =?utf-8?B?eFZrbmpudFBRVGhuV3hiQmdDUWtHTkh6VTc0RkhNOEo2MmJlR045b3ZRZ3Ft?= =?utf-8?B?Um1VYWdUZUJaNUpXTWtiSkhpbHZGMlJTeU9XOXViT3I2aGIvVDZtazMzdkwv?= =?utf-8?B?TzFqK1pxN1NZV3lPWTFxSDg1M3RWb2ZVNkQyaWtVMERDT0F6RU1XeEcvZkw5?= =?utf-8?B?VkhRNVFuL1BENE55L1B1K2hwdnNQaEpLUUg3bHZHdEMrU0hGTDM0c2ZMZGdM?= =?utf-8?B?RU1Yb1JyS1IzdVNHNTV0OEJ0NUhLUFl2bk01YnRick40UGZ0TVFNdWcwM1Fs?= =?utf-8?B?eE1XVzRaSzRZZkZVeGl5aVZMcEh3K1VzOVNzSTRwamJSUHc4QnhFZ0VENjhm?= =?utf-8?B?YmZ3OElHWHpUejZjakI5NlJVUWw5Sno3RUtwU2FJN2xGcyttTmFvM2lvOHhB?= =?utf-8?B?bG5uZ3JYQXF6YkNJZktlTUlPU3RrNGpmUktqMUgwbmp4ZitLSUJRVHJ0b3pI?= =?utf-8?B?U1QzSHliTGpjencvMCsydFYvME5QeCtYVEJ0UGxWK3lkRzAxNGNEcFoyOWYz?= =?utf-8?B?UHd1RWp1QjlrbEFnZGVFZHJ1a1ZzM0J6VEp1aUp1Yms2eGc4by9KTHh3S1dB?= =?utf-8?B?dEtwTmJDSks0YkZEa0g1KzhaMDFtUEtEaXFNbG9VVE1UZ3JvdFRLQVFNeWE0?= =?utf-8?Q?9/jED/dIvh0DaA3QLHfy/Wia446eVj+w98a5ha73MiE2n?= X-MS-Exchange-AntiSpam-MessageData-1: DSFlCrvg+C2iITtngtH/9Wv6uc7jpdrFX/A= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 3617eeb4-94f9-4002-8f18-08dea6a70311 X-MS-Exchange-CrossTenant-AuthSource: PAWP189MB2611.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2026 10:55:37.5517 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cQ7yyywlZhvKp1hYMfnv/r8HodNQ+gYKOfF3y82m4EPYeC6MOL5MW80Q/de1YOSLYXCNF315srYwsOLSyxwH1hxp5bano3CGcEH7au2t1Jk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4P189MB3117 The device memory callchain guard introduced earlier in this series needs a regression test to ensure future refactoring does not silently reintroduce the vulnerability where perf follows frame pointers into device memory. Add a kselftest that exercises the exact attack vector: a process mmaps /dev/mem (creating a device memory mapping), points its frame pointer into it, and is sampled by perf with frame-pointer callchains. The test passes if both the process and kernel survive. The default MMIO address is 0xc0000000; override via the MMIO_ADDR environment variable if that is unsuitable. The address must be a physical address that is not backed by any responding device, so that an access produces a synchronous external abort rather than returning data. On QEMU's virt machine and many modern arm64 platforms, 0xc0000000 falls in an unused region of the MMIO address space and works for this purpose. Since the test only sets the frame pointer to the address (never reads it directly), the only reads come from the perf unwinder =E2=80=94 which the guard blocks. The /dev/mem mmap must happen in the child process after fork. fork() does not copy PTEs for VM_PFNMAP regions, so mapping before fork leaves the child with empty page tables =E2=80=94 the unwinder gets a translation fault (caught by extable) instead of a synchronous external abort. arm64-only; skipped on other architectures. Assisted-by: Kiro:claude-opus-4.6 [kiro-cli] Signed-off-by: Fredrik Markstrom Reviewed-by: Ivar Holmqvist Reviewed-by: Malin Jonsson --- MAINTAINERS | 1 + tools/testing/selftests/perf_events/Makefile | 2 +- .../testing/selftests/perf_events/test_perf_vmio.c | 131 +++++++++++++++++= ++++ 3 files changed, 133 insertions(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 2fb1c75afd16388f590a77c04e08d2d6d002f5cc..5416f80c4aac28a5f1d780c76bb= 23110283dcdc3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -20881,6 +20881,7 @@ F: include/uapi/linux/perf_event.h F: kernel/events/* F: tools/lib/perf/ F: tools/perf/ +F: tools/testing/selftests/perf_events/ =20 PERFORMANCE EVENTS TOOLING ARM64 R: John Garry diff --git a/tools/testing/selftests/perf_events/Makefile b/tools/testing/s= elftests/perf_events/Makefile index 2e5d85770dfeadd909196dbf980fd334b9580477..a432e24d9e493f7795109257198= 9249703d22351 100644 --- a/tools/testing/selftests/perf_events/Makefile +++ b/tools/testing/selftests/perf_events/Makefile @@ -2,5 +2,5 @@ CFLAGS +=3D -Wl,-no-as-needed -Wall $(KHDR_INCLUDES) LDFLAGS +=3D -lpthread =20 -TEST_GEN_PROGS :=3D sigtrap_threads remove_on_exec watermark_signal mmap +TEST_GEN_PROGS :=3D sigtrap_threads remove_on_exec watermark_signal mmap t= est_perf_vmio include ../lib.mk diff --git a/tools/testing/selftests/perf_events/test_perf_vmio.c b/tools/t= esting/selftests/perf_events/test_perf_vmio.c new file mode 100644 index 0000000000000000000000000000000000000000..c9ceee3f15927f26e299dc9ac0e= dca6cff49c9ac --- /dev/null +++ b/tools/testing/selftests/perf_events/test_perf_vmio.c @@ -0,0 +1,131 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Device memory perf callchain unwinding test (arm64 only). + * + * Maps a physical address via /dev/mem (creating a device memory mapping), + * launches perf record to sample this process with frame-pointer + * callchains, then points FP (x29) into the mapping and spins. + * The test passes if the kernel survives without crashing. + * + * The default MMIO address is 0xc0000000; override via environment: + * MMIO_ADDR=3D0x10000000 ./test_perf_vmio + */ +#include +#include +#include +#include +#include +#include +#include + +#include "kselftest_harness.h" + +#define DEFAULT_MMIO_ADDR 0xc0000000UL + +TEST(device_memory_callchain) +{ +#ifndef __aarch64__ + SKIP(return, "arm64 only"); +#else + unsigned long pa =3D DEFAULT_MMIO_ADDR; + unsigned long page_size =3D sysconf(_SC_PAGESIZE); + unsigned long page, off; + pid_t spin_pid, perf_pid; + char pid_str[16]; + char tmpdir[] =3D "/tmp/test_perf_vmio_XXXXXX"; + int fd, pst =3D 0; + void *m, *fp; + char *env; + + if (getuid() !=3D 0) + SKIP(return, "need root"); + + env =3D getenv("MMIO_ADDR"); + if (env) + pa =3D strtoul(env, NULL, 16); + + page =3D pa & ~(page_size - 1); + off =3D pa - page; + + fd =3D open("/dev/mem", O_RDWR | O_SYNC | O_CLOEXEC); + if (fd < 0) + SKIP(return, "cannot open /dev/mem"); + + if (!mkdtemp(tmpdir)) { + close(fd); + SKIP(return, "cannot create temp directory"); + } + + /* Fork a spinner child with FP pointing into device memory */ + spin_pid =3D fork(); + if (spin_pid < 0) { + close(fd); + rmdir(tmpdir); + ASSERT_GE(spin_pid, 0); + } + if (spin_pid =3D=3D 0) { + /* + * mmap /dev/mem in the child so remap_pfn_range populates + * PTEs directly. fork() does not copy PTEs for VM_PFNMAP + * regions, so mapping before fork leaves the child with + * empty page tables =E2=80=94 the unwinder would get a translation + * fault instead of a synchronous external abort. + */ + m =3D mmap(NULL, off + page_size, PROT_READ | PROT_WRITE, + MAP_SHARED, fd, page); + if (m =3D=3D MAP_FAILED) + _exit(2); + fp =3D (char *)m + off; + __asm__ volatile( + "mov x29, %0\n" + "1: b 1b\n" + : : "r"(fp) : "x29", "memory"); + _exit(0); + } + + /* Launch perf to sample the spinner */ + snprintf(pid_str, sizeof(pid_str), "%d", spin_pid); + + perf_pid =3D fork(); + if (perf_pid < 0) { + kill(spin_pid, SIGKILL); + waitpid(spin_pid, NULL, 0); + close(fd); + rmdir(tmpdir); + ASSERT_GE(perf_pid, 0); + } + if (perf_pid =3D=3D 0) { + char *const perf_argv[] =3D { + "perf", "record", "-g", "--call-graph", "fp", + "-p", pid_str, "--", "sleep", "3", NULL + }; + + if (chdir(tmpdir)) + _exit(1); + execvp(perf_argv[0], perf_argv); + _exit(1); + } + + waitpid(perf_pid, &pst, 0); + + kill(spin_pid, SIGKILL); + waitpid(spin_pid, NULL, 0); + close(fd); + + /* Clean up perf output */ + rmdir(tmpdir); + + if (!WIFEXITED(pst)) + SKIP(return, "perf terminated abnormally"); + if (WEXITSTATUS(pst) =3D=3D 1) + SKIP(return, "perf not available"); + + /* + * The real test is that the kernel survived. If we got here + * without a synchronous external abort, the guard worked. + */ + TH_LOG("kernel survived perf sampling with FP in device memory"); +#endif /* __aarch64__ */ +} + +TEST_HARNESS_MAIN --=20 2.51.0