87676cfca1
Commit 7e9f5e6629f6 ("arm64: vdso: Add --eh-frame-hdr to ldflags") results
in a .eh_frame_hdr section for the vDSO, which in turn causes the libgcc
unwinder to unwind out of signal handlers using the .eh_frame information
populated by our .cfi directives. In conjunction with a4eb355a3fda
("arm64: vdso: Fix CFI directives in sigreturn trampoline"), this has
been shown to cause segmentation faults originating from within the
unwinder during thread cancellation:
| Thread 14 "virtio-net-rx" received signal SIGSEGV, Segmentation fault.
| 0x0000000000435e24 in uw_frame_state_for ()
| (gdb) bt
| #0 0x0000000000435e24 in uw_frame_state_for ()
| #1 0x0000000000436e88 in _Unwind_ForcedUnwind_Phase2 ()
| #2 0x00000000004374d8 in _Unwind_ForcedUnwind ()
| #3 0x0000000000428400 in __pthread_unwind (buf=<optimized out>) at unwind.c:121
| #4 0x0000000000429808 in __do_cancel () at ./pthreadP.h:304
| #5 sigcancel_handler (sig=32, si=0xffff33c743f0, ctx=<optimized out>) at nptl-init.c:200
| #6 sigcancel_handler (sig=<optimized out>, si=0xffff33c743f0, ctx=<optimized out>) at nptl-init.c:165
| #7 <signal handler called>
| #8 futex_wait_cancelable (private=0, expected=0, futex_word=0x3890b708) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
After considerable bashing of heads, it appears that our CFI directives
for unwinding out of the sigreturn trampoline are only processed by libgcc
when both a .eh_frame_hdr section is present *and* the mysterious NOP is
covered by an entry in .eh_frame. With both of these now in place, it has
highlighted that our CFI directives are not comprehensive enough to
restore the stack pointer of the interrupted context. This results in libgcc
falling back to an arm64-specific unwinder after computing a bogus PC value
from the unwind tables. The unwinder promptly dereferences this bogus address
in an attempt to see if the pointed-to instruction sequence looks like
the sigreturn trampoline.
Restore the old unwind behaviour, which relied solely on heuristics in
the unwinder, by removing the .eh_frame_hdr section from the vDSO and
commenting out the insufficient CFI directives for now. Add comments to
explain the current, miserable state of affairs.
Cc: Tamas Zsoldos <tamas.zsoldos@arm.com>
Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Daniel Kiss <daniel.kiss@arm.com>
Acked-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
92 lines
2.8 KiB
Makefile
92 lines
2.8 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Building a vDSO image for AArch64.
|
|
#
|
|
# Author: Will Deacon <will.deacon@arm.com>
|
|
# Heavily based on the vDSO Makefiles for other archs.
|
|
#
|
|
|
|
# Absolute relocation type $(ARCH_REL_TYPE_ABS) needs to be defined before
|
|
# the inclusion of generic Makefile.
|
|
ARCH_REL_TYPE_ABS := R_AARCH64_JUMP_SLOT|R_AARCH64_GLOB_DAT|R_AARCH64_ABS64
|
|
include $(srctree)/lib/vdso/Makefile
|
|
|
|
obj-vdso := vgettimeofday.o note.o sigreturn.o
|
|
|
|
# Build rules
|
|
targets := $(obj-vdso) vdso.so vdso.so.dbg
|
|
obj-vdso := $(addprefix $(obj)/, $(obj-vdso))
|
|
|
|
btildflags-$(CONFIG_ARM64_BTI_KERNEL) += -z force-bti
|
|
|
|
# -Bsymbolic has been added for consistency with arm, the compat vDSO and
|
|
# potential future proofing if we end up with internal calls to the exported
|
|
# routines, as x86 does (see 6f121e548f83 ("x86, vdso: Reimplement vdso.so
|
|
# preparation in build-time C")).
|
|
ldflags-y := -shared -nostdlib -soname=linux-vdso.so.1 --hash-style=sysv \
|
|
-Bsymbolic --no-eh-frame-hdr --build-id -n $(btildflags-y) -T
|
|
|
|
ccflags-y := -fno-common -fno-builtin -fno-stack-protector -ffixed-x18
|
|
ccflags-y += -DDISABLE_BRANCH_PROFILING
|
|
|
|
CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS)
|
|
KBUILD_CFLAGS += $(DISABLE_LTO)
|
|
KASAN_SANITIZE := n
|
|
UBSAN_SANITIZE := n
|
|
OBJECT_FILES_NON_STANDARD := y
|
|
KCOV_INSTRUMENT := n
|
|
|
|
CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables
|
|
|
|
ifneq ($(c-gettimeofday-y),)
|
|
CFLAGS_vgettimeofday.o += -include $(c-gettimeofday-y)
|
|
endif
|
|
|
|
# Clang versions less than 8 do not support -mcmodel=tiny
|
|
ifeq ($(CONFIG_CC_IS_CLANG), y)
|
|
ifeq ($(shell test $(CONFIG_CLANG_VERSION) -lt 80000; echo $$?),0)
|
|
CFLAGS_REMOVE_vgettimeofday.o += -mcmodel=tiny
|
|
endif
|
|
endif
|
|
|
|
# Disable gcov profiling for VDSO code
|
|
GCOV_PROFILE := n
|
|
|
|
obj-y += vdso.o
|
|
extra-y += vdso.lds
|
|
CPPFLAGS_vdso.lds += -P -C -U$(ARCH)
|
|
|
|
# Force dependency (incbin is bad)
|
|
$(obj)/vdso.o : $(obj)/vdso.so
|
|
|
|
# Link rule for the .so file, .lds has to be first
|
|
$(obj)/vdso.so.dbg: $(obj)/vdso.lds $(obj-vdso) FORCE
|
|
$(call if_changed,vdsold_and_vdso_check)
|
|
|
|
# Strip rule for the .so file
|
|
$(obj)/%.so: OBJCOPYFLAGS := -S
|
|
$(obj)/%.so: $(obj)/%.so.dbg FORCE
|
|
$(call if_changed,objcopy)
|
|
|
|
# Generate VDSO offsets using helper script
|
|
gen-vdsosym := $(srctree)/$(src)/gen_vdso_offsets.sh
|
|
quiet_cmd_vdsosym = VDSOSYM $@
|
|
cmd_vdsosym = $(NM) $< | $(gen-vdsosym) | LC_ALL=C sort > $@
|
|
|
|
include/generated/vdso-offsets.h: $(obj)/vdso.so.dbg FORCE
|
|
$(call if_changed,vdsosym)
|
|
|
|
# Actual build commands
|
|
quiet_cmd_vdsold_and_vdso_check = LD $@
|
|
cmd_vdsold_and_vdso_check = $(cmd_ld); $(cmd_vdso_check)
|
|
|
|
# Install commands for the unstripped file
|
|
quiet_cmd_vdso_install = INSTALL $@
|
|
cmd_vdso_install = cp $(obj)/$@.dbg $(MODLIB)/vdso/$@
|
|
|
|
vdso.so: $(obj)/vdso.so.dbg
|
|
@mkdir -p $(MODLIB)/vdso
|
|
$(call cmd,vdso_install)
|
|
|
|
vdso_install: vdso.so
|