On Tue, Jul 16, 2024 at 7:27 PM cb126yx <cb12...@126.com> wrote:
> Hi lijiang and tao,
>
>
> Thanks, the case where IKCONFIG does not exist was indeed not considered
> before.
>
>
> In file arch/arm64/include/asm/processor.h
>
> We can see the "struct ptrauth_keys_kernel" have already been embeded into
> arm's thread structure.
>
>
>
> 136 struct thread_struct {
>
> 137 struct cpu_context cpu_context; /* cpu context */
>
> ...
>
> 159 #ifdef CONFIG_ARM64_PTR_AUTH
>
> 160 struct ptrauth_keys_user keys_user;
>
> 161 #ifdef CONFIG_ARM64_PTR_AUTH_KERNEL
>
> 162 struct ptrauth_keys_kernel keys_kernel;
>
> 163 #endif
>
> ...
>
> 169 };
>
>
> So your suggestion [1] is a very good idead to dealing with the case that
> IKCONFIG is not available.
>
>
>
Seems we all agree that [1] is the best solution. Let's go with this.
--->
> [1] check if the struct ptrauth_keys_kernel exists, eg:
>
> STRUCT_SIZE_INIT(ptrauth_keys_kernel, "ptrauth_keys_kernel");
>
> if (VALID_SIZE(ptrauth_keys_kernel) > 0) {
>
> if (machdep->machspec->VA_BITS_ACTUAL){
>
>
> machdep->machspec->CONFIG_ARM64_KERNELPACMASK =
>
> GENMASK_UL(63,
> machdep->machspec->VA_BITS_ACTUAL);
> }
>
> ---<
>
>
> BTW, most of the mobile phone already have IKCONFIG setting as using the
> google's gki kernel.
>
> So we may check IKconfig first , if the checking fail then we try to check
> if the struct ptrauth_keys_kernel exists should be a much compatible
> methods?
>
No, checking IKconfig may be redundant according to the current kernel code
once we use the solution [1].
Thanks
Lianbo
>
>
> What's more, the CONFIG_ARM64_PTR_AUTH_KERNEL does depend on
> CONFIG_ARM64_PTR_AUTH, just checking the CONFIG_ARM64_PTR_AUTH_KERNEL
> should enough.
>
>
> Origin KCONFIG:
>
> 1616 config ARM64_PTR_AUTH_KERNEL
>
> 1617 bool "Use pointer authentication for kernel"
>
> 1618 default y
>
> 1619 depends on ARM64_PTR_AUTH
>
>
> I will change the patch according to our discussion and do the local test
> first.
>
> If any other suggestion, please feel free to let me know.
>
>
> At 2024-07-16 19:20:33, "Tao Liu" <l...@redhat.com> wrote:
> >Hi Lijiang,
> >
> >Thanks for the info.
> >
> >On Tue, Jul 16, 2024 at 9:51 PM lijiang <liji...@redhat.com> wrote:
> >>
> >> Thank you for the update.
> >>
> >> On Mon, Jul 15, 2024 at 11:59 AM cb126yx <cb12...@126.com> wrote:
> >>>
> >>> Sorry, as the origin patch has aleardy been added to patch log,
> >>>
> >>> so the below comment in arm64.c is Inappropriate and inconsistent:
> >>>
> >>> * gki related commit url:
> >>>
> >>> *
> >>> https://lore.kernel.org/all/20230412160134.306148-4-mark.rutl...@arm.com/
> >>>
> >>> so delete these url link comment in V4 version.
> >>>
> >>>
> >>> patch v4 here:
> >>>
> >>> ===>
> >>>
> >>>
> >>> From ab61e60987e4a835e41e4c19822174045888b84e Mon Sep 17 00:00:00 2001
> >>>
> >>> From: bevis_chen <bevis_c...@asus.com>
> >>>
> >>> Date: Wed, 3 Jul 2024 15:05:44 +0800
> >>>
> >>> Subject: [PATCH] arm64: Fix bt command show wrong stacktrace on ramdump
> >>> source
> >>>
> >>>
> >>> If we use crash to parse ramdump(Qcom phone device) rathen than vmcore.
> >>>
> >>> Start command should be like: crash vmlinux --kaslr=xxx
> >>> DDRCS0_0.BIN@0x0000000080000000,... --machdep vabits_actual=39
> >>>
> >>> Then We will see bt command show misleading backtrace information below:
> >>>
> >>>
> >>> crash> bt 16930
> >>>
> >>> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase Backgr"
> >>>
> >>> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>>
> >>> #1 [ffffffc034c43850] __kvm_nvhe_$d.2314 at 6be732e004cf05a0
> >>>
> >>> #2 [ffffffc034c438b0] __kvm_nvhe_$d.2314 at 86c54c6004ceff80
> >>>
> >>> #3 [ffffffc034c43950] __kvm_nvhe_$d.2314 at 55d6f96003a7b120
> >>>
> >>> #4 [ffffffc034c439f0] __kvm_nvhe_$d.2314 at 9ccec46003a80a64
> >>>
> >>> #5 [ffffffc034c43ac0] __kvm_nvhe_$d.2314 at 8cf41e6003a945c4
> >>>
> >>> #6 [ffffffc034c43b10] __kvm_nvhe_$d.2314 at a8f181e00372c818
> >>>
> >>> #7 [ffffffc034c43b40] __kvm_nvhe_$d.2314 at 6dedde600372c0d0
> >>>
> >>> #8 [ffffffc034c43b90] __kvm_nvhe_$d.2314 at 62cc07e00373d0ac
> >>>
> >>> #9 [ffffffc034c43c00] __kvm_nvhe_$d.2314 at 72fb1de00373bedc
> >>>
> >>> ...
> >>>
> >>> PC: 00000073f5294840 LR: 00000070d8f39ba4 SP: 00000070d4afd5d0
> >>>
> >>> X29: 00000070d4afd600 X28: b4000071efcda7f0 X27: 00000070d4afe000
> >>>
> >>> X26: 0000000000000000 X25: 00000070d9616000 X24: 0000000000000000
> >>>
> >>> X23: 0000000000000000 X22: 0000000000000000 X21: 0000000000000000
> >>>
> >>> X20: b40000728fd27520 X19: b40000728fd27550 X18: 000000702daba000
> >>>
> >>> X17: 00000073f5294820 X16: 00000070d940f9d8 X15: 00000000000000bf
> >>>
> >>> X14: 0000000000000000 X13: 00000070d8ad2fac X12: b40000718fce5040
> >>>
> >>> X11: 0000000000000000 X10: 0000000000000070 X9: 0000000000000001
> >>>
> >>> X8: 0000000000000062 X7: 0000000000000020 X6: 0000000000000000
> >>>
> >>> X5: 0000000000000000 X4: 0000000000000000 X3: 0000000000000000
> >>>
> >>> X2: 0000000000000002 X1: 0000000000000080 X0: b40000728fd27550
> >>>
> >>> ORIG_X0: b40000728fd27550 SYSCALLNO: ffffffff PSTATE: 40001000
> >>>
> >>>
> >>> By checking the raw data below, will see the lr (fp+8) data show the
> >>> pointer which already been replaced by PAC prefix.
> >>>
> >>>
> >>> crash> bt -f
> >>>
> >>> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase Backgr"
> >>>
> >>> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>>
> >>> ffffffc034c437f0: ffffffc034c43850 6be732e004cf05a4
> >>>
> >>> ffffffc034c43800: ffffffe006186108 a0ed07e004cf09c4
> >>>
> >>> ffffffc034c43810: ffffff8a1a340000 ffffff8a8d343c00
> >>>
> >>> ffffffc034c43820: ffffff89b3eada00 ffffff8b780db540
> >>>
> >>> ffffffc034c43830: ffffff89b3eada00 0000000000000000
> >>>
> >>> ffffffc034c43840: 0000000000000004 712b828118484a00
> >>>
> >>> #1 [ffffffc034c43850] __kvm_nvhe_$d.2314 at 6be732e004cf05a0
> >>>
> >>> ffffffc034c43850: ffffffc034c438b0 86c54c6004ceff84
> >>>
> >>> ffffffc034c43860: 000000708070f000 ffffffc034c43938
> >>>
> >>> ffffffc034c43870: ffffff88bd822878 ffffff89b3eada00
> >>>
> >>> ...
> >>>
> >>>
> >>> So we check the CONFIG_ARM64_PTR_AUTH and CONFIG_ARM64_PTR_AUTH_KERNEL to
> >>> double check if pac mechanism been enabled on this ramdump.
> >>>
> >>> Then we use vabits to figure it out.
> >>>
> >>> Fix then show the right backtrace below:
> >>>
> >>> crash> bt 16930
> >>>
> >>> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase Backgr"
> >>>
> >>> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>>
> >>> #1 [ffffffc034c43850] __schedule at ffffffe004cf05a0
> >>>
> >>> #2 [ffffffc034c438b0] preempt_schedule_common at ffffffe004ceff80
> >>>
> >>> #3 [ffffffc034c43950] unmap_page_range at ffffffe003a7b120
> >>>
> >>> #4 [ffffffc034c439f0] unmap_vmas at ffffffe003a80a64
> >>>
> >>> #5 [ffffffc034c43ac0] exit_mmap at ffffffe003a945c4
> >>>
> >>> #6 [ffffffc034c43b10] __mmput at ffffffe00372c818
> >>>
> >>> #7 [ffffffc034c43b40] mmput at ffffffe00372c0d0
> >>>
> >>> #8 [ffffffc034c43b90] exit_mm at ffffffe00373d0ac
> >>>
> >>> #9 [ffffffc034c43c00] do_exit at ffffffe00373bedc
> >>>
> >>> PC: 00000073f5294840 LR: 00000070d8f39ba4 SP: 00000070d4afd5d0
> >>>
> >>> X29: 00000070d4afd600 X28: b4000071efcda7f0 X27: 00000070d4afe000
> >>>
> >>> X26: 0000000000000000 X25: 00000070d9616000 X24: 0000000000000000
> >>>
> >>> X23: 0000000000000000 X22: 0000000000000000 X21: 0000000000000000
> >>>
> >>> X20: b40000728fd27520 X19: b40000728fd27550 X18: 000000702daba000
> >>>
> >>> X17: 00000073f5294820 X16: 00000070d940f9d8 X15: 00000000000000bf
> >>>
> >>> X14: 0000000000000000 X13: 00000070d8ad2fac X12: b40000718fce5040
> >>>
> >>> X11: 0000000000000000 X10: 0000000000000070 X9: 0000000000000001
> >>>
> >>> X8: 0000000000000062 X7: 0000000000000020 X6: 0000000000000000
> >>>
> >>> X5: 0000000000000000 X4: 0000000000000000 X3: 0000000000000000
> >>>
> >>> X2: 0000000000000002 X1: 0000000000000080 X0: b40000728fd27550
> >>>
> >>> ORIG_X0: b40000728fd27550 SYSCALLNO: ffffffff PSTATE: 40001000
> >>>
> >>>
> >>> Let's use GENMASK to replace the pac pointer to fix it.
> >>>
> >>> gki related commit as below:
> >>>
> >>>
> >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>>
> >>> Author: Amit Daniel Kachhap <amit.kach...@arm.com>
> >>>
> >>> Date: Fri Mar 13 14:34:58 2020 +0530
> >>>
> >>>
> >>> arm64: mask PAC bits of __builtin_return_address
> >>>
> >>>
> >>> Functions like vmap() record how much memory has been allocated by
> >>> their
> >>>
> >>> callers, and callers are identified using __builtin_return_address().
> >>> Once
> >>>
> >>> the kernel is using pointer-auth the return address will be signed.
> >>> This
> >>>
> >>> means it will not match any kernel symbol, and will vary between
> >>> threads
> >>>
> >>> even for the same caller.
> >>>
> >>>
> >>> The output of /proc/vmallocinfo in this case may look like,
> >>>
> >>> 0x(____ptrval____)-0x(____ptrval____) 20480 0x86e28000100e7c60
> >>> pages=4 vmalloc N0=4
> >>>
> >>> 0x(____ptrval____)-0x(____ptrval____) 20480 0x86e28000100e7c60
> >>> pages=4 vmalloc N0=4
> >>>
> >>> 0x(____ptrval____)-0x(____ptrval____) 20480 0xc5c78000100e7c60
> >>> pages=4 vmalloc N0=4
> >>>
> >>>
> >>> The above three 64bit values should be the same symbol name and not
> >>>
> >>> different LR values.
> >>>
> >>>
> >>> Use the pre-processor to add logic to clear the PAC to
> >>>
> >>> __builtin_return_address() callers. This patch adds a new file
> >>>
> >>> asm/compiler.h and is transitively included via
> >>> include/compiler_types.h on
> >>>
> >>> the compiler command line so it is guaranteed to be loaded and the
> >>> users of
> >>>
> >>> this macro will not find a wrong version.
> >>>
> >>>
> >>> Helper macros ptrauth_kernel_pac_mask/ptrauth_clear_pac are created
> >>> for
> >>>
> >>> this purpose and added in this file. Existing macro
> >>> ptrauth_user_pac_mask
> >>>
> >>> moved from asm/pointer_auth.h.
> >>>
> >>>
> >>> Signed-off-by: Amit Daniel Kachhap <amit.kach...@arm.com>
> >>>
> >>> Reviewed-by: James Morse <james.mo...@arm.com>
> >>>
> >>> Signed-off-by: Catalin Marinas <catalin.mari...@arm.com>
> >>>
> >>>
> >>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> >>>
> >>> index 87e2cbb76930..115ceea0293e 100644
> >>>
> >>> --- a/arch/arm64/Kconfig
> >>>
> >>> +++ b/arch/arm64/Kconfig
> >>>
> >>> @@ -118,6 +118,7 @@ config ARM64
> >>>
> >>> select HAVE_ALIGNED_STRUCT_PAGE if SLUB
> >>>
> >>> select HAVE_ARCH_AUDITSYSCALL
> >>>
> >>> select HAVE_ARCH_BITREVERSE
> >>>
> >>> + select HAVE_ARCH_COMPILER_H
> >>>
> >>> select HAVE_ARCH_HUGE_VMAP
> >>>
> >>> select HAVE_ARCH_JUMP_LABEL
> >>>
> >>> select HAVE_ARCH_JUMP_LABEL_RELATIVE
> >>>
> >>> diff --git a/arch/arm64/include/asm/compiler.h
> >>> b/arch/arm64/include/asm/compiler.h
> >>>
> >>> new file mode 100644
> >>>
> >>> index 000000000000..eece20d2c55f
> >>>
> >>> --- /dev/null
> >>>
> >>> +++ b/arch/arm64/include/asm/compiler.h
> >>>
> >>> @@ -0,0 +1,24 @@
> >>>
> >>> +/* SPDX-License-Identifier: GPL-2.0 */
> >>>
> >>> +#ifndef __ASM_COMPILER_H
> >>>
> >>> +#define __ASM_COMPILER_H
> >>>
> >>> +
> >>>
> >>> +#if defined(CONFIG_ARM64_PTR_AUTH)
> >>>
> >>> +
> >>>
> >>> +/*
> >>>
> >>> + * The EL0/EL1 pointer bits used by a pointer authentication code.
> >>>
> >>> + * This is dependent on TBI0/TBI1 being enabled, or bits 63:56 would
> >>> also apply.
> >>>
> >>> + */
> >>>
> >>> +#define ptrauth_user_pac_mask() GENMASK_ULL(54,
> >>> vabits_actual)
> >>>
> >>> +#define ptrauth_kernel_pac_mask() GENMASK_ULL(63, vabits_actual)
> >>>
> >>> +
> >>>
> >>> +/* Valid for EL0 TTBR0 and EL1 TTBR1 instruction pointers */
> >>>
> >>> +#define ptrauth_clear_pac(ptr) \
> >>>
> >>> + ((ptr & BIT_ULL(55)) ? (ptr | ptrauth_kernel_pac_mask()) : \
> >>>
> >>> + (ptr & ~ptrauth_user_pac_mask()))
> >>>
> >>> +
> >>>
> >>> +#define __builtin_return_address(val) \
> >>>
> >>> + (void *)(ptrauth_clear_pac((unsigned
> >>> long)__builtin_return_address(val)))
> >>>
> >>> +
> >>>
> >>> +#endif /* CONFIG_ARM64_PTR_AUTH */
> >>>
> >>> +
> >>>
> >>> +#endif /* __ASM_COMPILER_H */
> >>>
> >>> diff --git a/arch/arm64/include/asm/pointer_auth.h
> >>> b/arch/arm64/include/asm/pointer_auth.h
> >>>
> >>> index 833d3f948de0..70c47156e54b 100644
> >>>
> >>> --- a/arch/arm64/include/asm/pointer_auth.h
> >>>
> >>> +++ b/arch/arm64/include/asm/pointer_auth.h
> >>>
> >>> @@ -68,16 +68,9 @@ static __always_inline void
> >>> ptrauth_keys_switch_kernel(struct ptrauth_keys_kerne
> >>>
> >>>
> >>> extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned
> >>> long arg);
> >>>
> >>>
> >>> -/*
> >>>
> >>> - * The EL0 pointer bits used by a pointer authentication code.
> >>>
> >>> - * This is dependent on TBI0 being enabled, or bits 63:56 would also
> >>> apply.
> >>>
> >>> - */
> >>>
> >>> -#define ptrauth_user_pac_mask() GENMASK(54, vabits_actual)
> >>>
> >>> -
> >>>
> >>> -/* Only valid for EL0 TTBR0 instruction pointers */
> >>>
> >>> static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
> >>>
> >>> {
> >>>
> >>> - return ptr & ~ptrauth_user_pac_mask();
> >>>
> >>> + return ptrauth_clear_pac(ptr);
> >>>
> >>> }
> >>>
> >>>
> >>> #define ptrauth_thread_init_user(tsk)
> >>>
> >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>>
> >>>
> >>> Signed-off-by: bevis_chen <bevis_c...@asus.com>
> >>>
> >>> ---
> >>>
> >>> arm64.c | 31 +++++++++++++++++++++++++++++++
> >>>
> >>> 1 file changed, 31 insertions(+)
> >>>
> >>>
> >>> diff --git a/arm64.c b/arm64.c
> >>>
> >>> index b3040d7..c83a91a 100644
> >>>
> >>> --- a/arm64.c
> >>>
> >>> +++ b/arm64.c
> >>>
> >>> @@ -92,6 +92,7 @@ static void arm64_get_crash_notes(void);
> >>>
> >>> static void arm64_calc_VA_BITS(void);
> >>>
> >>> static int arm64_is_uvaddr(ulong, struct task_context *);
> >>>
> >>> static void arm64_calc_KERNELPACMASK(void);
> >>>
> >>> +static void arm64_recalc_KERNELPACMASK(void);
> >>>
> >>> static int arm64_get_vmcoreinfo(unsigned long *vaddr, const char *label,
> >>> int base);
> >>>
> >>>
> >>> struct kernel_range {
> >>>
> >>> @@ -581,6 +582,16 @@ arm64_init(int when)
> >>>
> >>> if (!machdep->hz)
> >>>
> >>> machdep->hz = 100;
> >>>
> >>>
> >>> + /*
> >>>
> >>> + * In the case of using ramdump rather than vmcore,
> >>>
> >>> + * Will fail to parse out KERNELPAC.
> >>>
> >>> + * So let's try again from kconfig to ensure if PAC
> >>> enabled.
> >>>
> >>> + * If yes, then we use vabits to figure it out.
> >>>
> >>> + */
> >>>
> >>> + if(!machdep->machspec->CONFIG_ARM64_KERNELPACMASK)
> >>>
> >>> + arm64_recalc_KERNELPACMASK();
> >>>
> >>> +
> >>>
> >>> +
> >>>
> >>> arm64_irq_stack_init();
> >>>
> >>> arm64_overflow_stack_init();
> >>>
> >>> arm64_stackframe_init();
> >>>
> >>> @@ -4921,6 +4932,26 @@ static void arm64_calc_KERNELPACMASK(void)
> >>>
> >>> }
> >>>
> >>> }
> >>>
> >>>
> >>> +
> >>>
> >>> +#define GENMASK_UL(h, l) \
> >>>
> >>> + (((~0UL) << (l)) & (~0UL >> (BITS_PER_LONG - 1 - (h))))
> >>>
> >>> +
> >>
> >>
> >>
> >> Think it again, the IKCONFIG is not available in most distributions, so it
> >> may not work well in such cases.
> >>
> >> Can we use some symbols to determine if the PTR AUTH mechanism is enabled?
> >> For example([1] or [2]):
> >> #ifdef CONFIG_ARM64_PTR_AUTH_KERNEL
> >>
> >> struct ptrauth_keys_kernel {
> >> struct ptrauth_key apia;
> >> };
> >>
> >> [1] check if the struct ptrauth_keys_kernel exists, eg:
> >>
> >> STRUCT_SIZE_INIT(ptrauth_keys_kernel, "ptrauth_keys_kernel");
> >>
> >> if (VALID_SIZE(ptrauth_keys_kernel) > 0) {
> >
> >I think
> >
> >if (VALID_SIZE(ptrauth_keys_kernel))
> >
> >is enough...
> >
> >>
> >> if (machdep->machspec->VA_BITS_ACTUAL){
> >>
> >>
> >> machdep->machspec->CONFIG_ARM64_KERNELPACMASK =
> >>
> >> GENMASK_UL(63,
> >> machdep->machspec->VA_BITS_ACTUAL);
> >>
> >> }
> >
> >I'm OK with this check, it looks reasonable and worth a try... Hi
> >@cb126yx, could you please have a try on this modification, to see if
> >it can work for you?
> >
> >>
> >> ------------------------------------------------------------------------------------------------------------------
> >> static __always_inline void ptrauth_keys_init_kernel(struct
> >> ptrauth_keys_kernel *keys)
> >> {
> >> if (system_supports_address_auth())
> >> get_random_bytes(&keys->apia, sizeof(keys->apia));
> >> }
> >> ...
> >>
> >> [2] check if the kernel symbol exists, eg:
> >> if (kernel_symbol_exists("ptrauth_keys_init_kernel")) {
> >
> >I guess this check will not work, since the ptrauth_keys_init_kernel
> >is inlined, there might be no such symbol found in kernel. Please
> >correct me if I'm wrong...
> >
> >Thanks,
> >Tao Liu
> >
> >> if (machdep->machspec->VA_BITS_ACTUAL){
> >>
> >>
> >> machdep->machspec->CONFIG_ARM64_KERNELPACMASK =
> >>
> >> GENMASK_UL(63,
> >> machdep->machspec->VA_BITS_ACTUAL);
> >>
> >> }
> >>
> >> What do you think? bevis_chen and Tao. Or any thoughts?
> >>
> >> BTW: In addition, the CONFIG_ARM64_PTR_AUTH_KERNEL relies on the
> >> CONFIG_ARM64_PTR_AUTH, no need to check them simultaneously.
> >>
> >> Thanks
> >> Lianbo
> >>
> >>> +static void arm64_recalc_KERNELPACMASK(void){
> >>>
> >>> + if (kt->ikconfig_flags & IKCONFIG_AVAIL){
> >>>
> >>> + /* arm64: check pac already enabled yet.*/
> >>>
> >>> + if ((get_kernel_config("CONFIG_ARM64_PTR_AUTH", NULL) ==
> >>> IKCONFIG_Y)
> >>>
> >>> + &&
> >>> (get_kernel_config("CONFIG_ARM64_PTR_AUTH_KERNEL", NULL) == IKCONFIG_Y)){
> >>>
> >>> + if (machdep->machspec->VA_BITS_ACTUAL){
> >>>
> >>> +
> >>> machdep->machspec->CONFIG_ARM64_KERNELPACMASK =
> >>>
> >>> + GENMASK_UL(63,
> >>> machdep->machspec->VA_BITS_ACTUAL);
> >>>
> >>> + if (CRASHDEBUG(1))
> >>>
> >>> + fprintf(fp,
> >>> "CONFIG_ARM64_KERNELPACMASK: %lx\n",
> >>>
> >>> +
> >>> machdep->machspec->CONFIG_ARM64_KERNELPACMASK);
> >>>
> >>> + }
> >>>
> >>> + }
> >>>
> >>> + }
> >>>
> >>> +}
> >>>
> >>> +
> >>>
> >>> #endif /* ARM64 */
> >>>
> >>>
> >>>
> >>> --
> >>>
> >>> 2.27.0
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> At 2024-07-15 11:33:13, "cb126yx" <cb12...@126.com> wrote:
> >>>
> >>>
> >>> Hi Lianbo
> >>>
> >>>
> >>> I have already added the origin commit information to patch log, as V3
> >>> below.
> >>>
> >>>
> >>> About the macro __GENMASK and GENMASK_UL.
> >>>
> >>> Both the two macros achieve the same effect, but __GENMASK uses more
> >>> addition and subtraction operations and is usually called in an internal
> >>> kernel core bit operation function,.
> >>>
> >>> Whereas GENMASK_UL uses shift operations directly, which are more
> >>> efficient and been exposed to external users as api, so I indeed use the
> >>> GENMASK_UL on purpose.
> >>>
> >>>
> >>> If you have any other suggestions, please feel free to tell me !
> >>>
> >>>
> >>>
> >>> From 1da252fcba90af00a42328f2a5e2ec5058ff4f7e Mon Sep 17 00:00:00 2001
> >>>
> >>> From: bevis_chen <bevis_c...@asus.com>
> >>>
> >>> Date: Wed, 3 Jul 2024 15:05:44 +0800
> >>>
> >>> Subject: [PATCH] arm64: Fix bt command show wrong stacktrace on ramdump
> >>> source
> >>>
> >>>
> >>> If we use crash to parse ramdump(Qcom phone device) rathen than vmcore.
> >>>
> >>> Start command should be like: crash vmlinux --kaslr=xxx
> >>> DDRCS0_0.BIN@0x0000000080000000,... --machdep vabits_actual=39
> >>>
> >>> Then We will see bt command show misleading backtrace information below:
> >>>
> >>>
> >>> crash> bt 16930
> >>>
> >>> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase Backgr"
> >>>
> >>> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>>
> >>> #1 [ffffffc034c43850] __kvm_nvhe_$d.2314 at 6be732e004cf05a0
> >>>
> >>> #2 [ffffffc034c438b0] __kvm_nvhe_$d.2314 at 86c54c6004ceff80
> >>>
> >>> #3 [ffffffc034c43950] __kvm_nvhe_$d.2314 at 55d6f96003a7b120
> >>>
> >>> #4 [ffffffc034c439f0] __kvm_nvhe_$d.2314 at 9ccec46003a80a64
> >>>
> >>> #5 [ffffffc034c43ac0] __kvm_nvhe_$d.2314 at 8cf41e6003a945c4
> >>>
> >>> #6 [ffffffc034c43b10] __kvm_nvhe_$d.2314 at a8f181e00372c818
> >>>
> >>> #7 [ffffffc034c43b40] __kvm_nvhe_$d.2314 at 6dedde600372c0d0
> >>>
> >>> #8 [ffffffc034c43b90] __kvm_nvhe_$d.2314 at 62cc07e00373d0ac
> >>>
> >>> #9 [ffffffc034c43c00] __kvm_nvhe_$d.2314 at 72fb1de00373bedc
> >>>
> >>> ...
> >>>
> >>> PC: 00000073f5294840 LR: 00000070d8f39ba4 SP: 00000070d4afd5d0
> >>>
> >>> X29: 00000070d4afd600 X28: b4000071efcda7f0 X27: 00000070d4afe000
> >>>
> >>> X26: 0000000000000000 X25: 00000070d9616000 X24: 0000000000000000
> >>>
> >>> X23: 0000000000000000 X22: 0000000000000000 X21: 0000000000000000
> >>>
> >>> X20: b40000728fd27520 X19: b40000728fd27550 X18: 000000702daba000
> >>>
> >>> X17: 00000073f5294820 X16: 00000070d940f9d8 X15: 00000000000000bf
> >>>
> >>> X14: 0000000000000000 X13: 00000070d8ad2fac X12: b40000718fce5040
> >>>
> >>> X11: 0000000000000000 X10: 0000000000000070 X9: 0000000000000001
> >>>
> >>> X8: 0000000000000062 X7: 0000000000000020 X6: 0000000000000000
> >>>
> >>> X5: 0000000000000000 X4: 0000000000000000 X3: 0000000000000000
> >>>
> >>> X2: 0000000000000002 X1: 0000000000000080 X0: b40000728fd27550
> >>>
> >>> ORIG_X0: b40000728fd27550 SYSCALLNO: ffffffff PSTATE: 40001000
> >>>
> >>>
> >>> By checking the raw data below, will see the lr (fp+8) data show the
> >>> pointer which already been replaced by PAC prefix.
> >>>
> >>>
> >>> crash> bt -f
> >>>
> >>> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase Backgr"
> >>>
> >>> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>>
> >>> ffffffc034c437f0: ffffffc034c43850 6be732e004cf05a4
> >>>
> >>> ffffffc034c43800: ffffffe006186108 a0ed07e004cf09c4
> >>>
> >>> ffffffc034c43810: ffffff8a1a340000 ffffff8a8d343c00
> >>>
> >>> ffffffc034c43820: ffffff89b3eada00 ffffff8b780db540
> >>>
> >>> ffffffc034c43830: ffffff89b3eada00 0000000000000000
> >>>
> >>> ffffffc034c43840: 0000000000000004 712b828118484a00
> >>>
> >>> #1 [ffffffc034c43850] __kvm_nvhe_$d.2314 at 6be732e004cf05a0
> >>>
> >>> ffffffc034c43850: ffffffc034c438b0 86c54c6004ceff84
> >>>
> >>> ffffffc034c43860: 000000708070f000 ffffffc034c43938
> >>>
> >>> ffffffc034c43870: ffffff88bd822878 ffffff89b3eada00
> >>>
> >>> ...
> >>>
> >>>
> >>> So we check the CONFIG_ARM64_PTR_AUTH and CONFIG_ARM64_PTR_AUTH_KERNEL to
> >>> double check if pac mechanism been enabled on this ramdump.
> >>>
> >>> Then we use vabits to figure it out.
> >>>
> >>> Fix then show the right backtrace below:
> >>>
> >>> crash> bt 16930
> >>>
> >>> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase Backgr"
> >>>
> >>> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>>
> >>> #1 [ffffffc034c43850] __schedule at ffffffe004cf05a0
> >>>
> >>> #2 [ffffffc034c438b0] preempt_schedule_common at ffffffe004ceff80
> >>>
> >>> #3 [ffffffc034c43950] unmap_page_range at ffffffe003a7b120
> >>>
> >>> #4 [ffffffc034c439f0] unmap_vmas at ffffffe003a80a64
> >>>
> >>> #5 [ffffffc034c43ac0] exit_mmap at ffffffe003a945c4
> >>>
> >>> #6 [ffffffc034c43b10] __mmput at ffffffe00372c818
> >>>
> >>> #7 [ffffffc034c43b40] mmput at ffffffe00372c0d0
> >>>
> >>> #8 [ffffffc034c43b90] exit_mm at ffffffe00373d0ac
> >>>
> >>> #9 [ffffffc034c43c00] do_exit at ffffffe00373bedc
> >>>
> >>> PC: 00000073f5294840 LR: 00000070d8f39ba4 SP: 00000070d4afd5d0
> >>>
> >>> X29: 00000070d4afd600 X28: b4000071efcda7f0 X27: 00000070d4afe000
> >>>
> >>> X26: 0000000000000000 X25: 00000070d9616000 X24: 0000000000000000
> >>>
> >>> X23: 0000000000000000 X22: 0000000000000000 X21: 0000000000000000
> >>>
> >>> X20: b40000728fd27520 X19: b40000728fd27550 X18: 000000702daba000
> >>>
> >>> X17: 00000073f5294820 X16: 00000070d940f9d8 X15: 00000000000000bf
> >>>
> >>> X14: 0000000000000000 X13: 00000070d8ad2fac X12: b40000718fce5040
> >>>
> >>> X11: 0000000000000000 X10: 0000000000000070 X9: 0000000000000001
> >>>
> >>> X8: 0000000000000062 X7: 0000000000000020 X6: 0000000000000000
> >>>
> >>> X5: 0000000000000000 X4: 0000000000000000 X3: 0000000000000000
> >>>
> >>> X2: 0000000000000002 X1: 0000000000000080 X0: b40000728fd27550
> >>>
> >>> ORIG_X0: b40000728fd27550 SYSCALLNO: ffffffff PSTATE: 40001000
> >>>
> >>>
> >>> Let's use GENMASK to replace the pac pointer to fix it.
> >>>
> >>> gki related commit as below:
> >>>
> >>>
> >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>>
> >>> Author: Amit Daniel Kachhap <amit.kach...@arm.com>
> >>>
> >>> Date: Fri Mar 13 14:34:58 2020 +0530
> >>>
> >>>
> >>> arm64: mask PAC bits of __builtin_return_address
> >>>
> >>>
> >>> Functions like vmap() record how much memory has been allocated by
> >>> their
> >>>
> >>> callers, and callers are identified using __builtin_return_address().
> >>> Once
> >>>
> >>> the kernel is using pointer-auth the return address will be signed.
> >>> This
> >>>
> >>> means it will not match any kernel symbol, and will vary between
> >>> threads
> >>>
> >>> even for the same caller.
> >>>
> >>>
> >>> The output of /proc/vmallocinfo in this case may look like,
> >>>
> >>> 0x(____ptrval____)-0x(____ptrval____) 20480 0x86e28000100e7c60
> >>> pages=4 vmalloc N0=4
> >>>
> >>> 0x(____ptrval____)-0x(____ptrval____) 20480 0x86e28000100e7c60
> >>> pages=4 vmalloc N0=4
> >>>
> >>> 0x(____ptrval____)-0x(____ptrval____) 20480 0xc5c78000100e7c60
> >>> pages=4 vmalloc N0=4
> >>>
> >>>
> >>> The above three 64bit values should be the same symbol name and not
> >>>
> >>> different LR values.
> >>>
> >>>
> >>> Use the pre-processor to add logic to clear the PAC to
> >>>
> >>> __builtin_return_address() callers. This patch adds a new file
> >>>
> >>> asm/compiler.h and is transitively included via
> >>> include/compiler_types.h on
> >>>
> >>> the compiler command line so it is guaranteed to be loaded and the
> >>> users of
> >>>
> >>> this macro will not find a wrong version.
> >>>
> >>>
> >>> Helper macros ptrauth_kernel_pac_mask/ptrauth_clear_pac are created
> >>> for
> >>>
> >>> this purpose and added in this file. Existing macro
> >>> ptrauth_user_pac_mask
> >>>
> >>> moved from asm/pointer_auth.h.
> >>>
> >>>
> >>> Signed-off-by: Amit Daniel Kachhap <amit.kach...@arm.com>
> >>>
> >>> Reviewed-by: James Morse <james.mo...@arm.com>
> >>>
> >>> Signed-off-by: Catalin Marinas <catalin.mari...@arm.com>
> >>>
> >>>
> >>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> >>>
> >>> index 87e2cbb76930..115ceea0293e 100644
> >>>
> >>> --- a/arch/arm64/Kconfig
> >>>
> >>> +++ b/arch/arm64/Kconfig
> >>>
> >>> @@ -118,6 +118,7 @@ config ARM64
> >>>
> >>> select HAVE_ALIGNED_STRUCT_PAGE if SLUB
> >>>
> >>> select HAVE_ARCH_AUDITSYSCALL
> >>>
> >>> select HAVE_ARCH_BITREVERSE
> >>>
> >>> + select HAVE_ARCH_COMPILER_H
> >>>
> >>> select HAVE_ARCH_HUGE_VMAP
> >>>
> >>> select HAVE_ARCH_JUMP_LABEL
> >>>
> >>> select HAVE_ARCH_JUMP_LABEL_RELATIVE
> >>>
> >>> diff --git a/arch/arm64/include/asm/compiler.h
> >>> b/arch/arm64/include/asm/compiler.h
> >>>
> >>> new file mode 100644
> >>>
> >>> index 000000000000..eece20d2c55f
> >>>
> >>> --- /dev/null
> >>>
> >>> +++ b/arch/arm64/include/asm/compiler.h
> >>>
> >>> @@ -0,0 +1,24 @@
> >>>
> >>> +/* SPDX-License-Identifier: GPL-2.0 */
> >>>
> >>> +#ifndef __ASM_COMPILER_H
> >>>
> >>> +#define __ASM_COMPILER_H
> >>>
> >>> +
> >>>
> >>> +#if defined(CONFIG_ARM64_PTR_AUTH)
> >>>
> >>> +
> >>>
> >>> +/*
> >>>
> >>> + * The EL0/EL1 pointer bits used by a pointer authentication code.
> >>>
> >>> + * This is dependent on TBI0/TBI1 being enabled, or bits 63:56 would
> >>> also apply.
> >>>
> >>> + */
> >>>
> >>> +#define ptrauth_user_pac_mask() GENMASK_ULL(54,
> >>> vabits_actual)
> >>>
> >>> +#define ptrauth_kernel_pac_mask() GENMASK_ULL(63, vabits_actual)
> >>>
> >>> +
> >>>
> >>> +/* Valid for EL0 TTBR0 and EL1 TTBR1 instruction pointers */
> >>>
> >>> +#define ptrauth_clear_pac(ptr) \
> >>>
> >>> + ((ptr & BIT_ULL(55)) ? (ptr | ptrauth_kernel_pac_mask()) : \
> >>>
> >>> + (ptr & ~ptrauth_user_pac_mask()))
> >>>
> >>> +
> >>>
> >>> +#define __builtin_return_address(val) \
> >>>
> >>> + (void *)(ptrauth_clear_pac((unsigned
> >>> long)__builtin_return_address(val)))
> >>>
> >>> +
> >>>
> >>> +#endif /* CONFIG_ARM64_PTR_AUTH */
> >>>
> >>> +
> >>>
> >>> +#endif /* __ASM_COMPILER_H */
> >>>
> >>> diff --git a/arch/arm64/include/asm/pointer_auth.h
> >>> b/arch/arm64/include/asm/pointer_auth.h
> >>>
> >>> index 833d3f948de0..70c47156e54b 100644
> >>>
> >>> --- a/arch/arm64/include/asm/pointer_auth.h
> >>>
> >>> +++ b/arch/arm64/include/asm/pointer_auth.h
> >>>
> >>> @@ -68,16 +68,9 @@ static __always_inline void
> >>> ptrauth_keys_switch_kernel(struct ptrauth_keys_kerne
> >>>
> >>>
> >>> extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned
> >>> long arg);
> >>>
> >>>
> >>> -/*
> >>>
> >>> - * The EL0 pointer bits used by a pointer authentication code.
> >>>
> >>> - * This is dependent on TBI0 being enabled, or bits 63:56 would also
> >>> apply.
> >>>
> >>> - */
> >>>
> >>> -#define ptrauth_user_pac_mask() GENMASK(54, vabits_actual)
> >>>
> >>> -
> >>>
> >>> -/* Only valid for EL0 TTBR0 instruction pointers */
> >>>
> >>> static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
> >>>
> >>> {
> >>>
> >>> - return ptr & ~ptrauth_user_pac_mask();
> >>>
> >>> + return ptrauth_clear_pac(ptr);
> >>>
> >>> }
> >>>
> >>>
> >>> #define ptrauth_thread_init_user(tsk)
> >>>
> >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>>
> >>>
> >>> Signed-off-by: bevis_chen <bevis_c...@asus.com>
> >>>
> >>> ---
> >>>
> >>> arm64.c | 33 +++++++++++++++++++++++++++++++++
> >>>
> >>> 1 file changed, 33 insertions(+)
> >>>
> >>>
> >>> diff --git a/arm64.c b/arm64.c
> >>>
> >>> index b3040d7..d8ce98f 100644
> >>>
> >>> --- a/arm64.c
> >>>
> >>> +++ b/arm64.c
> >>>
> >>> @@ -92,6 +92,7 @@ static void arm64_get_crash_notes(void);
> >>>
> >>> static void arm64_calc_VA_BITS(void);
> >>>
> >>> static int arm64_is_uvaddr(ulong, struct task_context *);
> >>>
> >>> static void arm64_calc_KERNELPACMASK(void);
> >>>
> >>> +static void arm64_recalc_KERNELPACMASK(void);
> >>>
> >>> static int arm64_get_vmcoreinfo(unsigned long *vaddr, const char *label,
> >>> int base);
> >>>
> >>>
> >>> struct kernel_range {
> >>>
> >>> @@ -581,6 +582,18 @@ arm64_init(int when)
> >>>
> >>> if (!machdep->hz)
> >>>
> >>> machdep->hz = 100;
> >>>
> >>>
> >>> + /*
> >>>
> >>> + * In the case of using ramdump rather than vmcore,
> >>>
> >>> + * Will fail to parse out KERNELPAC.
> >>>
> >>> + * So let's try again from kconfig to ensure if PAC
> >>> enabled.
> >>>
> >>> + * If yes, then we use vabits to figure it out.
> >>>
> >>> + * gki related commit url:
> >>>
> >>> + *
> >>> https://lore.kernel.org/all/20230412160134.306148-4-mark.rutl...@arm.com/
> >>>
> >>> + */
> >>>
> >>> + if(!machdep->machspec->CONFIG_ARM64_KERNELPACMASK)
> >>>
> >>> + arm64_recalc_KERNELPACMASK();
> >>>
> >>> +
> >>>
> >>> +
> >>>
> >>> arm64_irq_stack_init();
> >>>
> >>> arm64_overflow_stack_init();
> >>>
> >>> arm64_stackframe_init();
> >>>
> >>> @@ -4921,6 +4934,26 @@ static void arm64_calc_KERNELPACMASK(void)
> >>>
> >>> }
> >>>
> >>> }
> >>>
> >>>
> >>> +
> >>>
> >>> +#define GENMASK_UL(h, l) \
> >>>
> >>> + (((~0UL) << (l)) & (~0UL >> (BITS_PER_LONG - 1 - (h))))
> >>>
> >>> +
> >>>
> >>> +static void arm64_recalc_KERNELPACMASK(void){
> >>>
> >>> + if (kt->ikconfig_flags & IKCONFIG_AVAIL){
> >>>
> >>> + /* arm64: check pac already enabled yet.*/
> >>>
> >>> + if ((get_kernel_config("CONFIG_ARM64_PTR_AUTH", NULL) ==
> >>> IKCONFIG_Y)
> >>>
> >>> + &&
> >>> (get_kernel_config("CONFIG_ARM64_PTR_AUTH_KERNEL", NULL) == IKCONFIG_Y)){
> >>>
> >>> + if (machdep->machspec->VA_BITS_ACTUAL){
> >>>
> >>> +
> >>> machdep->machspec->CONFIG_ARM64_KERNELPACMASK =
> >>>
> >>> + GENMASK_UL(63,
> >>> machdep->machspec->VA_BITS_ACTUAL);
> >>>
> >>> + if (CRASHDEBUG(1))
> >>>
> >>> + fprintf(fp,
> >>> "CONFIG_ARM64_KERNELPACMASK: %lx\n",
> >>>
> >>> +
> >>> machdep->machspec->CONFIG_ARM64_KERNELPACMASK);
> >>>
> >>> + }
> >>>
> >>> + }
> >>>
> >>> + }
> >>>
> >>> +}
> >>>
> >>> +
> >>>
> >>> #endif /* ARM64 */
> >>>
> >>>
> >>>
> >>> --
> >>>
> >>> 2.27.0
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> At 2024-07-12 16:08:54, "Lianbo Jiang" <liji...@redhat.com> wrote:
> >>> >Hi, bevis_chen
> >>> >
> >>> >Thank you for the v2.
> >>> >
> >>> >On 7/11/24 6:42 AM, devel-requ...@lists.crash-utility.osci.io wrote:
> >>> >> Date: Wed, 10 Jul 2024 14:19:01 -0000
> >>> >> From:cb12...@126.com
> >>> >> Subject: [Crash-utility] Re: arm64: Fix bt command show wrong
> >>> >> stacktrace on ramdump source
> >>> >> To:devel@lists.crash-utility.osci.io
> >>> >> Message-ID:<20240710141901.30295.7...@lists.crash-utility.osci.io>
> >>> >> Content-Type: text/plain; charset="utf-8"
> >>> >>
> >>> >> >From dd6b187ac15a237cefe863c4e5b432cf13b9883a Mon Sep 17 00:00:00 2001
> >>> >> From: bevis_chen<bevis_c...@asus.com>
> >>> >> Date: Wed, 3 Jul 2024 15:05:44 +0800
> >>> >> Subject: [PATCH] arm64: Fix bt command show wrong stacktrace on ramdump
> >>> >> source
> >>> >>
> >>> >> If we use crash to parse ramdump(Qcom phone device) rathen than vmcore.
> >>> >> Start command should be like: crash vmlinux --kaslr=xxx
> >>> >> DDRCS0_0.BIN@0x0000000080000000,... --machdep vabits_actual=39
> >>> >> Then We will see bt command show misleading backtrace information
> >>> >> below:
> >>> >>
> >>> >> crash> bt 16930
> >>> >> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase
> >>> >> Backgr"
> >>> >> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>> >> #1 [ffffffc034c43850] __kvm_nvhe_$d.2314 at 6be732e004cf05a0
> >>> >> #2 [ffffffc034c438b0] __kvm_nvhe_$d.2314 at 86c54c6004ceff80
> >>> >> #3 [ffffffc034c43950] __kvm_nvhe_$d.2314 at 55d6f96003a7b120
> >>> >> #4 [ffffffc034c439f0] __kvm_nvhe_$d.2314 at 9ccec46003a80a64
> >>> >> #5 [ffffffc034c43ac0] __kvm_nvhe_$d.2314 at 8cf41e6003a945c4
> >>> >> #6 [ffffffc034c43b10] __kvm_nvhe_$d.2314 at a8f181e00372c818
> >>> >> #7 [ffffffc034c43b40] __kvm_nvhe_$d.2314 at 6dedde600372c0d0
> >>> >> #8 [ffffffc034c43b90] __kvm_nvhe_$d.2314 at 62cc07e00373d0ac
> >>> >> #9 [ffffffc034c43c00] __kvm_nvhe_$d.2314 at 72fb1de00373bedc
> >>> >> ...
> >>> >> PC: 00000073f5294840 LR: 00000070d8f39ba4 SP:
> >>> >> 00000070d4afd5d0
> >>> >> X29: 00000070d4afd600 X28: b4000071efcda7f0 X27:
> >>> >> 00000070d4afe000
> >>> >> X26: 0000000000000000 X25: 00000070d9616000 X24:
> >>> >> 0000000000000000
> >>> >> X23: 0000000000000000 X22: 0000000000000000 X21:
> >>> >> 0000000000000000
> >>> >> X20: b40000728fd27520 X19: b40000728fd27550 X18:
> >>> >> 000000702daba000
> >>> >> X17: 00000073f5294820 X16: 00000070d940f9d8 X15:
> >>> >> 00000000000000bf
> >>> >> X14: 0000000000000000 X13: 00000070d8ad2fac X12:
> >>> >> b40000718fce5040
> >>> >> X11: 0000000000000000 X10: 0000000000000070 X9:
> >>> >> 0000000000000001
> >>> >> X8: 0000000000000062 X7: 0000000000000020 X6:
> >>> >> 0000000000000000
> >>> >> X5: 0000000000000000 X4: 0000000000000000 X3:
> >>> >> 0000000000000000
> >>> >> X2: 0000000000000002 X1: 0000000000000080 X0:
> >>> >> b40000728fd27550
> >>> >> ORIG_X0: b40000728fd27550 SYSCALLNO: ffffffff PSTATE: 40001000
> >>> >>
> >>> >> By checking the raw data below, will see the lr (fp+8) data show the
> >>> >> pointer which already been replaced by PAC prefix.
> >>> >>
> >>> >> crash> bt -f
> >>> >> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase
> >>> >> Backgr"
> >>> >> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>> >> ffffffc034c437f0: ffffffc034c43850 6be732e004cf05a4
> >>> >> ffffffc034c43800: ffffffe006186108 a0ed07e004cf09c4
> >>> >> ffffffc034c43810: ffffff8a1a340000 ffffff8a8d343c00
> >>> >> ffffffc034c43820: ffffff89b3eada00 ffffff8b780db540
> >>> >> ffffffc034c43830: ffffff89b3eada00 0000000000000000
> >>> >> ffffffc034c43840: 0000000000000004 712b828118484a00
> >>> >> #1 [ffffffc034c43850] __kvm_nvhe_$d.2314 at 6be732e004cf05a0
> >>> >> ffffffc034c43850: ffffffc034c438b0 86c54c6004ceff84
> >>> >> ffffffc034c43860: 000000708070f000 ffffffc034c43938
> >>> >> ffffffc034c43870: ffffff88bd822878 ffffff89b3eada00
> >>> >> ...
> >>> >>
> >>> >> So we check the CONFIG_ARM64_PTR_AUTH and CONFIG_ARM64_PTR_AUTH_KERNEL
> >>> >> to double check if pac mechanism been enabled on this ramdump.
> >>> >> Then we use vabits to figure it out.
> >>> >> Fix then show the right backtrace below:
> >>> >> crash> bt 16930
> >>> >> PID: 16930 TASK: ffffff89b3eada00 CPU: 2 COMMAND: "Firebase
> >>> >> Backgr"
> >>> >> #0 [ffffffc034c437f0] __switch_to at ffffffe0036832d4
> >>> >> #1 [ffffffc034c43850] __schedule at ffffffe004cf05a0
> >>> >> #2 [ffffffc034c438b0] preempt_schedule_common at ffffffe004ceff80
> >>> >> #3 [ffffffc034c43950] unmap_page_range at ffffffe003a7b120
> >>> >> #4 [ffffffc034c439f0] unmap_vmas at ffffffe003a80a64
> >>> >> #5 [ffffffc034c43ac0] exit_mmap at ffffffe003a945c4
> >>> >> #6 [ffffffc034c43b10] __mmput at ffffffe00372c818
> >>> >> #7 [ffffffc034c43b40] mmput at ffffffe00372c0d0
> >>> >> #8 [ffffffc034c43b90] exit_mm at ffffffe00373d0ac
> >>> >> #9 [ffffffc034c43c00] do_exit at ffffffe00373bedc
> >>> >> PC: 00000073f5294840 LR: 00000070d8f39ba4 SP:
> >>> >> 00000070d4afd5d0
> >>> >> X29: 00000070d4afd600 X28: b4000071efcda7f0 X27:
> >>> >> 00000070d4afe000
> >>> >> X26: 0000000000000000 X25: 00000070d9616000 X24:
> >>> >> 0000000000000000
> >>> >> X23: 0000000000000000 X22: 0000000000000000 X21:
> >>> >> 0000000000000000
> >>> >> X20: b40000728fd27520 X19: b40000728fd27550 X18:
> >>> >> 000000702daba000
> >>> >> X17: 00000073f5294820 X16: 00000070d940f9d8 X15:
> >>> >> 00000000000000bf
> >>> >> X14: 0000000000000000 X13: 00000070d8ad2fac X12:
> >>> >> b40000718fce5040
> >>> >> X11: 0000000000000000 X10: 0000000000000070 X9:
> >>> >> 0000000000000001
> >>> >> X8: 0000000000000062 X7: 0000000000000020 X6:
> >>> >> 0000000000000000
> >>> >> X5: 0000000000000000 X4: 0000000000000000 X3:
> >>> >> 0000000000000000
> >>> >> X2: 0000000000000002 X1: 0000000000000080 X0:
> >>> >> b40000728fd27550
> >>> >> ORIG_X0: b40000728fd27550 SYSCALLNO: ffffffff PSTATE: 40001000
> >>> >>
> >>> >> Let's use GENMASK to replace the pac pointer to fix it.
> >>> >> gki related commit url here:
> >>> >> https://lore.kernel.org/all/20230412160134.306148-4-mark.rutl...@arm.com/
> >>> >
> >>> >Can you help to add the kernel commit to patch log?
> >>> >
> >>> >de1702f65feb ("arm64: move PAC masks to <asm/pointer_auth.h>")
> >>> >
> >>> >
> >>> >> Signed-off-by: bevis_chen<bevis_c...@asus.com>
> >>> >> ---
> >>> >> arm64.c | 33 +++++++++++++++++++++++++++++++++
> >>> >> 1 file changed, 33 insertions(+)
> >>> >>
> >>> >> diff --git a/arm64.c b/arm64.c
> >>> >> index b3040d7..d8ce98f 100644
> >>> >> --- a/arm64.c
> >>> >> +++ b/arm64.c
> >>> >> @@ -92,6 +92,7 @@ static void arm64_get_crash_notes(void);
> >>> >> static void arm64_calc_VA_BITS(void);
> >>> >> static int arm64_is_uvaddr(ulong, struct task_context *);
> >>> >> static void arm64_calc_KERNELPACMASK(void);
> >>> >> +static void arm64_recalc_KERNELPACMASK(void);
> >>> >> static int arm64_get_vmcoreinfo(unsigned long *vaddr, const char
> >>> >> *label, int base);
> >>> >>
> >>> >> struct kernel_range {
> >>> >> @@ -581,6 +582,18 @@ arm64_init(int when)
> >>> >> if (!machdep->hz)
> >>> >> machdep->hz = 100;
> >>> >>
> >>> >> + /*
> >>> >> + * In the case of using ramdump rather than vmcore,
> >>> >> + * Will fail to parse out KERNELPAC.
> >>> >> + * So let's try again from kconfig to ensure if PAC
> >>> >> enabled.
> >>> >> + * If yes, then we use vabits to figure it out.
> >>> >> + * gki related commit url:
> >>> >> +
> >>> >> *https://lore.kernel.org/all/20230412160134.306148-4-mark.rutl...@arm.com/
> >>> >> + */
> >>> >> + if(!machdep->machspec->CONFIG_ARM64_KERNELPACMASK)
> >>> >> + arm64_recalc_KERNELPACMASK();
> >>> >> +
> >>> >> +
> >>> >> arm64_irq_stack_init();
> >>> >> arm64_overflow_stack_init();
> >>> >> arm64_stackframe_init();
> >>> >> @@ -4921,6 +4934,26 @@ static void arm64_calc_KERNELPACMASK(void)
> >>> >> }
> >>> >> }
> >>> >>
> >>> >> +
> >>> >> +#define GENMASK_UL(h, l) \
> >>> >> + (((~0UL) << (l)) & (~0UL >> (BITS_PER_LONG - 1 - (h))))
> >>> >> +
> >>> >
> >>> >BTW: I saw a similar version implemented in the kernel, can you help
> >>> >double check if that is intentional?
> >>> >
> >>> >#define __GENMASK(h, l) \
> >>> > (((~_UL(0)) - (_UL(1) << (l)) + 1) & \
> >>> > (~_UL(0) >> (__BITS_PER_LONG - 1 - (h))))
> >>> >
> >>> >
> >>> >Thanks
> >>> >
> >>> >Lianbo
> >>> >
> >>> >> +static void arm64_recalc_KERNELPACMASK(void){
> >>> >> + if (kt->ikconfig_flags & IKCONFIG_AVAIL){
> >>> >> + /* arm64: check pac already enabled yet.*/
> >>> >> + if ((get_kernel_config("CONFIG_ARM64_PTR_AUTH", NULL)
> >>> >> == IKCONFIG_Y)
> >>> >> + &&
> >>> >> (get_kernel_config("CONFIG_ARM64_PTR_AUTH_KERNEL", NULL) ==
> >>> >> IKCONFIG_Y)){
> >>> >> + if (machdep->machspec->VA_BITS_ACTUAL){
> >>> >> +
> >>> >> machdep->machspec->CONFIG_ARM64_KERNELPACMASK =
> >>> >> + GENMASK_UL(63,
> >>> >> machdep->machspec->VA_BITS_ACTUAL);
> >>> >> + if (CRASHDEBUG(1))
> >>> >> + fprintf(fp,
> >>> >> "CONFIG_ARM64_KERNELPACMASK: %lx\n",
> >>> >> +
> >>> >> machdep->machspec->CONFIG_ARM64_KERNELPACMASK);
> >>> >> + }
> >>> >> + }
> >>> >> + }
> >>> >> +}
> >>> >> +
> >>> >> #endif /* ARM64 */
> >>> >>
> >>> >>
> >>> >> --
> >>> >> 2.27.0
> >>> >--
> >>> >Crash-utility mailing list -- devel@lists.crash-utility.osci.io
> >>> >To unsubscribe send an email to devel-le...@lists.crash-utility.osci.io
> >>> >https://${domain_name}/admin/lists/devel.lists.crash-utility.osci.io/
> >>> >Contribution Guidelines: https://github.com/crash-utility/crash/wiki
>
>
--
Crash-utility mailing list -- devel@lists.crash-utility.osci.io
To unsubscribe send an email to devel-le...@lists.crash-utility.osci.io
https://${domain_name}/admin/lists/devel.lists.crash-utility.osci.io/
Contribution Guidelines: https://github.com/crash-utility/crash/wiki
