On 4/28/2026 8:36 PM, Dylan Hatch wrote:
> Generalize the __safe* helpers to support a non-user-access code path.
>
> This requires arch-specific function address validation. This is because
> arm64 vmlinux keeps .exit.text (normally discarded), and .rodata.text
> sections both of which lie outside the bounds of the normal .text.
> .rodata.text contains code that is never executed by the kernel mapping,
> but for which the toolchain nonetheless generates sframe data, and needs
> to be considered valid for a PC lookup.
>
> Additionally .init.text lies outside .text for all arches and must be
> accounted for as well.
> diff --git a/arch/arm64/include/asm/unwind_sframe.h
> b/arch/arm64/include/asm/unwind_sframe.h
> @@ -2,7 +2,54 @@
> #ifndef _ASM_ARM64_UNWIND_SFRAME_H
> #define _ASM_ARM64_UNWIND_SFRAME_H
>
> +#include <linux/module.h>
> +#include <linux/sframe.h>
> +#include <asm/sections.h>
> +
> #define SFRAME_REG_SP 31
> #define SFRAME_REG_FP 29
>
> +static inline bool sframe_func_start_addr_valid(struct sframe_section *sec,
> + unsigned long func_addr)
> +{
> + /* Common case for unwinding */
> + if (sec->text_start <= func_addr && func_addr < sec->text_end)
> + return true;
> +
> + if (sec->sec_type != SFRAME_KERNEL)
> + return false;
> +
> + /*
> + * Account for vmlinux and module code outside the normal .text section.
> + * The toolchain still generates sframe data for these functions, so
> + * sframe lookups on them should be allowed.
> + */
> + if (sec == &kernel_sfsec) {
> + if (is_kernel_inittext(func_addr))
> + return true;
> +
> + /* .exit.text is retained in vmlinux on arm64. */
> + if (func_addr >= (unsigned long)__exittext_begin &&
> + func_addr < (unsigned long)__exittext_end)
> + return true;
> +
> +
Nit: Superfluous empty line (2 instead of 1).
> + /*
> + * .rodata.text is never executed from the kernel mapping, but
> + * still has sframe data
> + */
> + if (func_addr >= (unsigned long)_srodatatext &&
> + func_addr < (unsigned long)_erodatatext)
> + return true;
> + } else {
> + struct module *mod = container_of(sec, struct module,
> + arch.sframe_sec);
This currently does not work properly when sframe_validate_section() is
called from sframe_module_init(), which operates on a temporary struct
sframe_section section, that is not (yet) the one in struct module. See
my feedback to the respective patch for how to resolve.
> + if (within_module_mem_type(func_addr, mod, MOD_INIT_TEXT))
> + return true;
> + }
> +
> + return false;
> +}
> +#define sframe_func_start_addr_valid sframe_func_start_addr_valid
> +
> #endif /* _ASM_ARM64_UNWIND_SFRAME_H */
Regards,
Jens
--
Jens Remus
Linux on Z Development (D3303)
[email protected] / [email protected]
IBM Deutschland Research & Development GmbH; Vorsitzender des Aufsichtsrats:
Wolfgang Wendt; Geschäftsführung: David Faller; Sitz der Gesellschaft:
Ehningen; Registergericht: Amtsgericht Stuttgart, HRB 243294
IBM Data Privacy Statement: https://www.ibm.com/privacy/
