1 // SPDX-License-Identifier: GPL-2.0-only
3 * arch/arm/kernel/unwind.c
5 * Copyright (C) 2008 ARM Limited
7 * Stack unwinding support for ARM
9 * An ARM EABI version of gcc is required to generate the unwind
10 * tables. For information about the structure of the unwind tables,
11 * see "Exception Handling ABI for the ARM Architecture" at:
13 * http://infocenter.arm.com/help/topic/com.arm.doc.subset.swdev.abi/index.html
17 #if !defined (__ARM_EABI__)
18 #warning Your compiler does not have EABI support.
19 #warning ARM unwind is known to compile only with EABI compilers.
20 #warning Change compiler or disable ARM_UNWIND option.
22 #endif /* __CHECKER__ */
24 #include <linux/kernel.h>
25 #include <linux/init.h>
26 #include <linux/export.h>
27 #include <linux/sched.h>
28 #include <linux/slab.h>
29 #include <linux/spinlock.h>
30 #include <linux/list.h>
32 #include <asm/stacktrace.h>
33 #include <asm/traps.h>
34 #include <asm/unwind.h>
38 /* Dummy functions to avoid linker complaints */
39 void __aeabi_unwind_cpp_pr0(void)
42 EXPORT_SYMBOL(__aeabi_unwind_cpp_pr0);
44 void __aeabi_unwind_cpp_pr1(void)
47 EXPORT_SYMBOL(__aeabi_unwind_cpp_pr1);
49 void __aeabi_unwind_cpp_pr2(void)
52 EXPORT_SYMBOL(__aeabi_unwind_cpp_pr2);
54 struct unwind_ctrl_block {
55 unsigned long vrs[16]; /* virtual register set */
56 const unsigned long *insn; /* pointer to the current instructions word */
57 unsigned long sp_high; /* highest value of sp allowed */
58 unsigned long *lr_addr; /* address of LR value on the stack */
60 * 1 : check for stack overflow for each register pop.
61 * 0 : save overhead if there is plenty of stack remaining.
64 int entries; /* number of entries left to interpret */
65 int byte; /* current byte number in the instructions word */
69 #ifdef CONFIG_THUMB2_KERNEL
79 extern const struct unwind_idx __start_unwind_idx[];
80 static const struct unwind_idx *__origin_unwind_idx;
81 extern const struct unwind_idx __stop_unwind_idx[];
83 static DEFINE_RAW_SPINLOCK(unwind_lock);
84 static LIST_HEAD(unwind_tables);
86 /* Convert a prel31 symbol to an absolute address */
87 #define prel31_to_addr(ptr) \
89 /* sign-extend to 32 bits */ \
90 long offset = (((long)*(ptr)) << 1) >> 1; \
91 (unsigned long)(ptr) + offset; \
95 * Binary search in the unwind index. The entries are
96 * guaranteed to be sorted in ascending order by the linker.
99 * origin = first entry with positive offset (or stop if there is no such entry)
100 * stop - 1 = last entry
102 static const struct unwind_idx *search_index(unsigned long addr,
103 const struct unwind_idx *start,
104 const struct unwind_idx *origin,
105 const struct unwind_idx *stop)
107 unsigned long addr_prel31;
109 pr_debug("%s(%08lx, %p, %p, %p)\n",
110 __func__, addr, start, origin, stop);
113 * only search in the section with the matching sign. This way the
114 * prel31 numbers can be compared as unsigned longs.
116 if (addr < (unsigned long)start)
117 /* negative offsets: [start; origin) */
120 /* positive offsets: [origin; stop) */
123 /* prel31 for address relavive to start */
124 addr_prel31 = (addr - (unsigned long)start) & 0x7fffffff;
126 while (start < stop - 1) {
127 const struct unwind_idx *mid = start + ((stop - start) >> 1);
130 * As addr_prel31 is relative to start an offset is needed to
131 * make it relative to mid.
133 if (addr_prel31 - ((unsigned long)mid - (unsigned long)start) <
137 /* keep addr_prel31 relative to start */
138 addr_prel31 -= ((unsigned long)mid -
139 (unsigned long)start);
144 if (likely(start->addr_offset <= addr_prel31))
147 pr_warn("unwind: Unknown symbol address %08lx\n", addr);
152 static const struct unwind_idx *unwind_find_origin(
153 const struct unwind_idx *start, const struct unwind_idx *stop)
155 pr_debug("%s(%p, %p)\n", __func__, start, stop);
156 while (start < stop) {
157 const struct unwind_idx *mid = start + ((stop - start) >> 1);
159 if (mid->addr_offset >= 0x40000000)
160 /* negative offset */
163 /* positive offset */
166 pr_debug("%s -> %p\n", __func__, stop);
170 static const struct unwind_idx *unwind_find_idx(unsigned long addr)
172 const struct unwind_idx *idx = NULL;
175 pr_debug("%s(%08lx)\n", __func__, addr);
177 if (core_kernel_text(addr)) {
178 if (unlikely(!__origin_unwind_idx))
179 __origin_unwind_idx =
180 unwind_find_origin(__start_unwind_idx,
183 /* main unwind table */
184 idx = search_index(addr, __start_unwind_idx,
188 /* module unwind tables */
189 struct unwind_table *table;
191 raw_spin_lock_irqsave(&unwind_lock, flags);
192 list_for_each_entry(table, &unwind_tables, list) {
193 if (addr >= table->begin_addr &&
194 addr < table->end_addr) {
195 idx = search_index(addr, table->start,
198 /* Move-to-front to exploit common traces */
199 list_move(&table->list, &unwind_tables);
203 raw_spin_unlock_irqrestore(&unwind_lock, flags);
206 pr_debug("%s: idx = %p\n", __func__, idx);
210 static unsigned long unwind_get_byte(struct unwind_ctrl_block *ctrl)
214 if (ctrl->entries <= 0) {
215 pr_warn("unwind: Corrupt unwind table\n");
219 ret = (*ctrl->insn >> (ctrl->byte * 8)) & 0xff;
221 if (ctrl->byte == 0) {
231 /* Before poping a register check whether it is feasible or not */
232 static int unwind_pop_register(struct unwind_ctrl_block *ctrl,
233 unsigned long **vsp, unsigned int reg)
235 if (unlikely(ctrl->check_each_pop))
236 if (*vsp >= (unsigned long *)ctrl->sp_high)
239 /* Use READ_ONCE_NOCHECK here to avoid this memory access
240 * from being tracked by KASAN.
242 ctrl->vrs[reg] = READ_ONCE_NOCHECK(*(*vsp));
244 ctrl->lr_addr = *vsp;
249 /* Helper functions to execute the instructions */
250 static int unwind_exec_pop_subset_r4_to_r13(struct unwind_ctrl_block *ctrl,
253 unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
254 int load_sp, reg = 4;
256 load_sp = mask & (1 << (13 - 4));
259 if (unwind_pop_register(ctrl, &vsp, reg))
265 ctrl->vrs[SP] = (unsigned long)vsp;
271 static int unwind_exec_pop_r4_to_rN(struct unwind_ctrl_block *ctrl,
274 unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
277 /* pop R4-R[4+bbb] */
278 for (reg = 4; reg <= 4 + (insn & 7); reg++)
279 if (unwind_pop_register(ctrl, &vsp, reg))
283 if (unwind_pop_register(ctrl, &vsp, 14))
286 ctrl->vrs[SP] = (unsigned long)vsp;
291 static int unwind_exec_pop_subset_r0_to_r3(struct unwind_ctrl_block *ctrl,
294 unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
297 /* pop R0-R3 according to mask */
300 if (unwind_pop_register(ctrl, &vsp, reg))
305 ctrl->vrs[SP] = (unsigned long)vsp;
311 * Execute the current unwind instruction.
313 static int unwind_exec_insn(struct unwind_ctrl_block *ctrl)
315 unsigned long insn = unwind_get_byte(ctrl);
318 pr_debug("%s: insn = %08lx\n", __func__, insn);
320 if ((insn & 0xc0) == 0x00)
321 ctrl->vrs[SP] += ((insn & 0x3f) << 2) + 4;
322 else if ((insn & 0xc0) == 0x40) {
323 ctrl->vrs[SP] -= ((insn & 0x3f) << 2) + 4;
324 } else if ((insn & 0xf0) == 0x80) {
327 insn = (insn << 8) | unwind_get_byte(ctrl);
328 mask = insn & 0x0fff;
330 pr_warn("unwind: 'Refuse to unwind' instruction %04lx\n",
335 ret = unwind_exec_pop_subset_r4_to_r13(ctrl, mask);
338 } else if ((insn & 0xf0) == 0x90 &&
339 (insn & 0x0d) != 0x0d) {
340 ctrl->vrs[SP] = ctrl->vrs[insn & 0x0f];
341 } else if ((insn & 0xf0) == 0xa0) {
342 ret = unwind_exec_pop_r4_to_rN(ctrl, insn);
345 } else if (insn == 0xb0) {
346 if (ctrl->vrs[PC] == 0)
347 ctrl->vrs[PC] = ctrl->vrs[LR];
348 /* no further processing */
350 } else if (insn == 0xb1) {
351 unsigned long mask = unwind_get_byte(ctrl);
353 if (mask == 0 || mask & 0xf0) {
354 pr_warn("unwind: Spare encoding %04lx\n",
359 ret = unwind_exec_pop_subset_r0_to_r3(ctrl, mask);
362 } else if (insn == 0xb2) {
363 unsigned long uleb128 = unwind_get_byte(ctrl);
365 ctrl->vrs[SP] += 0x204 + (uleb128 << 2);
367 pr_warn("unwind: Unhandled instruction %02lx\n", insn);
371 pr_debug("%s: fp = %08lx sp = %08lx lr = %08lx pc = %08lx\n", __func__,
372 ctrl->vrs[FP], ctrl->vrs[SP], ctrl->vrs[LR], ctrl->vrs[PC]);
379 * Unwind a single frame starting with *sp for the symbol at *pc. It
380 * updates the *pc and *sp with the new values.
382 int unwind_frame(struct stackframe *frame)
384 const struct unwind_idx *idx;
385 struct unwind_ctrl_block ctrl;
386 unsigned long sp_low;
388 /* store the highest address on the stack to avoid crossing it*/
390 ctrl.sp_high = ALIGN(sp_low - THREAD_SIZE, THREAD_ALIGN)
393 pr_debug("%s(pc = %08lx lr = %08lx sp = %08lx)\n", __func__,
394 frame->pc, frame->lr, frame->sp);
396 idx = unwind_find_idx(frame->pc);
398 if (frame->pc && kernel_text_address(frame->pc))
399 pr_warn("unwind: Index not found %08lx\n", frame->pc);
403 ctrl.vrs[FP] = frame->fp;
404 ctrl.vrs[SP] = frame->sp;
405 ctrl.vrs[LR] = frame->lr;
411 else if (frame->pc == prel31_to_addr(&idx->addr_offset)) {
413 * Unwinding is tricky when we're halfway through the prologue,
414 * since the stack frame that the unwinder expects may not be
415 * fully set up yet. However, one thing we do know for sure is
416 * that if we are unwinding from the very first instruction of
417 * a function, we are still effectively in the stack frame of
418 * the caller, and the unwind info has no relevance yet.
420 if (frame->pc == frame->lr)
422 frame->pc = frame->lr;
424 } else if ((idx->insn & 0x80000000) == 0)
425 /* prel31 to the unwind table */
426 ctrl.insn = (unsigned long *)prel31_to_addr(&idx->insn);
427 else if ((idx->insn & 0xff000000) == 0x80000000)
428 /* only personality routine 0 supported in the index */
429 ctrl.insn = &idx->insn;
431 pr_warn("unwind: Unsupported personality routine %08lx in the index at %p\n",
436 /* check the personality routine */
437 if ((*ctrl.insn & 0xff000000) == 0x80000000) {
440 } else if ((*ctrl.insn & 0xff000000) == 0x81000000) {
442 ctrl.entries = 1 + ((*ctrl.insn & 0x00ff0000) >> 16);
444 pr_warn("unwind: Unsupported personality routine %08lx at %p\n",
445 *ctrl.insn, ctrl.insn);
449 ctrl.check_each_pop = 0;
451 if (prel31_to_addr(&idx->addr_offset) == (u32)&call_with_stack) {
453 * call_with_stack() is the only place where we permit SP to
454 * jump from one stack to another, and since we know it is
455 * guaranteed to happen, set up the SP bounds accordingly.
458 ctrl.sp_high = ALIGN(frame->fp, THREAD_SIZE);
461 while (ctrl.entries > 0) {
463 if ((ctrl.sp_high - ctrl.vrs[SP]) < sizeof(ctrl.vrs))
464 ctrl.check_each_pop = 1;
465 urc = unwind_exec_insn(&ctrl);
468 if (ctrl.vrs[SP] < sp_low || ctrl.vrs[SP] > ctrl.sp_high)
472 if (ctrl.vrs[PC] == 0)
473 ctrl.vrs[PC] = ctrl.vrs[LR];
475 /* check for infinite loop */
476 if (frame->pc == ctrl.vrs[PC] && frame->sp == ctrl.vrs[SP])
479 frame->fp = ctrl.vrs[FP];
480 frame->sp = ctrl.vrs[SP];
481 frame->lr = ctrl.vrs[LR];
482 frame->pc = ctrl.vrs[PC];
483 frame->lr_addr = ctrl.lr_addr;
488 void unwind_backtrace(struct pt_regs *regs, struct task_struct *tsk,
491 struct stackframe frame;
493 pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk);
499 arm_get_current_stackframe(regs, &frame);
500 /* PC might be corrupted, use LR in that case. */
501 if (!kernel_text_address(regs->ARM_pc))
502 frame.pc = regs->ARM_lr;
503 } else if (tsk == current) {
504 frame.fp = (unsigned long)__builtin_frame_address(0);
505 frame.sp = current_stack_pointer;
506 frame.lr = (unsigned long)__builtin_return_address(0);
507 /* We are saving the stack and execution state at this
508 * point, so we should ensure that frame.pc is within
509 * this block of code.
512 frame.pc = (unsigned long)&&here;
514 /* task blocked in __switch_to */
515 frame.fp = thread_saved_fp(tsk);
516 frame.sp = thread_saved_sp(tsk);
518 * The function calling __switch_to cannot be a leaf function
519 * so LR is recovered from the stack.
522 frame.pc = thread_saved_pc(tsk);
527 unsigned long where = frame.pc;
529 urc = unwind_frame(&frame);
532 dump_backtrace_entry(where, frame.pc, frame.sp - 4, loglvl);
536 struct unwind_table *unwind_table_add(unsigned long start, unsigned long size,
537 unsigned long text_addr,
538 unsigned long text_size)
541 struct unwind_table *tab = kmalloc(sizeof(*tab), GFP_KERNEL);
543 pr_debug("%s(%08lx, %08lx, %08lx, %08lx)\n", __func__, start, size,
544 text_addr, text_size);
549 tab->start = (const struct unwind_idx *)start;
550 tab->stop = (const struct unwind_idx *)(start + size);
551 tab->origin = unwind_find_origin(tab->start, tab->stop);
552 tab->begin_addr = text_addr;
553 tab->end_addr = text_addr + text_size;
555 raw_spin_lock_irqsave(&unwind_lock, flags);
556 list_add_tail(&tab->list, &unwind_tables);
557 raw_spin_unlock_irqrestore(&unwind_lock, flags);
562 void unwind_table_del(struct unwind_table *tab)
569 raw_spin_lock_irqsave(&unwind_lock, flags);
570 list_del(&tab->list);
571 raw_spin_unlock_irqrestore(&unwind_lock, flags);
projects / releases.git / blob