229a0ddee1
[ 5221.974084] Unable to handle kernel paging request at virtual address 0xfffff000, pc: 0x8002c18e [ 5221.985929] Oops: 00000000 [ 5221.989488] [ 5221.989488] CURRENT PROCESS: [ 5221.989488] [ 5221.992877] COMM=callchain_test PID=11962 [ 5221.995213] TEXT=00008000-000087e0 DATA=00009f1c-0000a018 BSS=0000a018-0000b000 [ 5221.999037] USER-STACK=7fc18e20 KERNEL-STACK=be204680 [ 5221.999037] [ 5222.003292] PC: 0x8002c18e (perf_callchain_kernel+0x3e/0xd4) [ 5222.007957] LR: 0x8002c198 (perf_callchain_kernel+0x48/0xd4) [ 5222.074873] Call Trace: [ 5222.074873] [<800a248e>] get_perf_callchain+0x20a/0x29c [ 5222.074873] [<8009d964>] perf_callchain+0x64/0x80 [ 5222.074873] [<8009dc1c>] perf_prepare_sample+0x29c/0x4b8 [ 5222.074873] [<8009de6e>] perf_event_output_forward+0x36/0x98 [ 5222.074873] [<800497e0>] search_exception_tables+0x20/0x44 [ 5222.074873] [<8002cbb6>] do_page_fault+0x92/0x378 [ 5222.074873] [<80098608>] __perf_event_overflow+0x54/0xdc [ 5222.074873] [<80098778>] perf_swevent_hrtimer+0xe8/0x164 [ 5222.074873] [<8002ddd0>] update_mmu_cache+0x0/0xd8 [ 5222.074873] [<8002c014>] user_backtrace+0x58/0xc4 [ 5222.074873] [<8002c0b4>] perf_callchain_user+0x34/0xd0 [ 5222.074873] [<800a2442>] get_perf_callchain+0x1be/0x29c [ 5222.074873] [<8009d964>] perf_callchain+0x64/0x80 [ 5222.074873] [<8009d834>] perf_output_sample+0x78c/0x858 [ 5222.074873] [<8009dc1c>] perf_prepare_sample+0x29c/0x4b8 [ 5222.074873] [<8009de94>] perf_event_output_forward+0x5c/0x98 [ 5222.097846] [ 5222.097846] [<800a0300>] perf_event_exit_task+0x58/0x43c [ 5222.097846] [<8006c874>] hrtimer_interrupt+0x104/0x2ec [ 5222.097846] [<800a0300>] perf_event_exit_task+0x58/0x43c [ 5222.097846] [<80437bb6>] dw_apb_clockevent_irq+0x2a/0x4c [ 5222.097846] [<8006c770>] hrtimer_interrupt+0x0/0x2ec [ 5222.097846] [<8005f2e4>] __handle_irq_event_percpu+0xac/0x19c [ 5222.097846] [<80437bb6>] dw_apb_clockevent_irq+0x2a/0x4c [ 5222.097846] [<8005f408>] handle_irq_event_percpu+0x34/0x88 [ 5222.097846] [<8005f480>] handle_irq_event+0x24/0x64 [ 5222.097846] [<8006218c>] handle_level_irq+0x68/0xdc [ 5222.097846] [<8005ec76>] __handle_domain_irq+0x56/0xa8 [ 5222.097846] [<80450e90>] ck_irq_handler+0xac/0xe4 [ 5222.097846] [<80029012>] csky_do_IRQ+0x12/0x24 [ 5222.097846] [<8002a3a0>] csky_irq+0x70/0x80 [ 5222.097846] [<800ca612>] alloc_set_pte+0xd2/0x238 [ 5222.097846] [<8002ddd0>] update_mmu_cache+0x0/0xd8 [ 5222.097846] [<800a0340>] perf_event_exit_task+0x98/0x43c The original fp check doesn't base on the real kernal stack region. Invalid fp address may cause kernel panic. Signed-off-by: Mao Han <han_mao@linux.alibaba.com> Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
125 lines
3.1 KiB
C
125 lines
3.1 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
// Copyright (C) 2019 Hangzhou C-SKY Microsystems co.,ltd.
|
|
|
|
#include <linux/perf_event.h>
|
|
#include <linux/uaccess.h>
|
|
|
|
/* Kernel callchain */
|
|
struct stackframe {
|
|
unsigned long fp;
|
|
unsigned long lr;
|
|
};
|
|
|
|
static int unwind_frame_kernel(struct stackframe *frame)
|
|
{
|
|
unsigned long low = (unsigned long)task_stack_page(current);
|
|
unsigned long high = low + THREAD_SIZE;
|
|
|
|
if (unlikely(frame->fp < low || frame->fp > high))
|
|
return -EPERM;
|
|
|
|
if (kstack_end((void *)frame->fp) || frame->fp & 0x3)
|
|
return -EPERM;
|
|
|
|
*frame = *(struct stackframe *)frame->fp;
|
|
|
|
if (__kernel_text_address(frame->lr)) {
|
|
int graph = 0;
|
|
|
|
frame->lr = ftrace_graph_ret_addr(NULL, &graph, frame->lr,
|
|
NULL);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static void notrace walk_stackframe(struct stackframe *fr,
|
|
struct perf_callchain_entry_ctx *entry)
|
|
{
|
|
do {
|
|
perf_callchain_store(entry, fr->lr);
|
|
} while (unwind_frame_kernel(fr) >= 0);
|
|
}
|
|
|
|
/*
|
|
* Get the return address for a single stackframe and return a pointer to the
|
|
* next frame tail.
|
|
*/
|
|
static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
|
|
unsigned long fp, unsigned long reg_lr)
|
|
{
|
|
struct stackframe buftail;
|
|
unsigned long lr = 0;
|
|
unsigned long *user_frame_tail = (unsigned long *)fp;
|
|
|
|
/* Check accessibility of one struct frame_tail beyond */
|
|
if (!access_ok(user_frame_tail, sizeof(buftail)))
|
|
return 0;
|
|
if (__copy_from_user_inatomic(&buftail, user_frame_tail,
|
|
sizeof(buftail)))
|
|
return 0;
|
|
|
|
if (reg_lr != 0)
|
|
lr = reg_lr;
|
|
else
|
|
lr = buftail.lr;
|
|
|
|
fp = buftail.fp;
|
|
perf_callchain_store(entry, lr);
|
|
|
|
return fp;
|
|
}
|
|
|
|
/*
|
|
* This will be called when the target is in user mode
|
|
* This function will only be called when we use
|
|
* "PERF_SAMPLE_CALLCHAIN" in
|
|
* kernel/events/core.c:perf_prepare_sample()
|
|
*
|
|
* How to trigger perf_callchain_[user/kernel] :
|
|
* $ perf record -e cpu-clock --call-graph fp ./program
|
|
* $ perf report --call-graph
|
|
*
|
|
* On C-SKY platform, the program being sampled and the C library
|
|
* need to be compiled with * -mbacktrace, otherwise the user
|
|
* stack will not contain function frame.
|
|
*/
|
|
void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
|
|
struct pt_regs *regs)
|
|
{
|
|
unsigned long fp = 0;
|
|
|
|
/* C-SKY does not support virtualization. */
|
|
if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
|
|
return;
|
|
|
|
fp = regs->regs[4];
|
|
perf_callchain_store(entry, regs->pc);
|
|
|
|
/*
|
|
* While backtrace from leaf function, lr is normally
|
|
* not saved inside frame on C-SKY, so get lr from pt_regs
|
|
* at the sample point. However, lr value can be incorrect if
|
|
* lr is used as temp register
|
|
*/
|
|
fp = user_backtrace(entry, fp, regs->lr);
|
|
|
|
while (fp && !(fp & 0x3) && entry->nr < entry->max_stack)
|
|
fp = user_backtrace(entry, fp, 0);
|
|
}
|
|
|
|
void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
|
|
struct pt_regs *regs)
|
|
{
|
|
struct stackframe fr;
|
|
|
|
/* C-SKY does not support virtualization. */
|
|
if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
|
|
pr_warn("C-SKY does not support perf in guest mode!");
|
|
return;
|
|
}
|
|
|
|
fr.fp = regs->regs[4];
|
|
fr.lr = regs->lr;
|
|
walk_stackframe(&fr, entry);
|
|
}
|