<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/arch/riscv/kernel/stacktrace.c, branch v6.14</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>riscv: stacktrace: fix backtracing through exceptions</title>
<updated>2025-01-08T18:45:49+00:00</updated>
<author>
<name>Clément Léger</name>
<email>cleger@rivosinc.com</email>
</author>
<published>2024-12-09T15:57:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=51356ce60e5915a6bd812873186ed54e45c2699d'/>
<id>51356ce60e5915a6bd812873186ed54e45c2699d</id>
<content type='text'>
Prior to commit 5d5fc33ce58e ("riscv: Improve exception and system call
latency"), backtrace through exception worked since ra was filled with
ret_from_exception symbol address and the stacktrace code checked 'pc' to
be equal to that symbol. Now that handle_exception uses regular 'call'
instructions, this isn't working anymore and backtrace stops at
handle_exception(). Since there are multiple call site to C code in the
exception handling path, rather than checking multiple potential return
addresses, add a new symbol at the end of exception handling and check pc
to be in that range.

Fixes: 5d5fc33ce58e ("riscv: Improve exception and system call latency")
Signed-off-by: Clément Léger &lt;cleger@rivosinc.com&gt;
Tested-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Reviewed-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Link: https://lore.kernel.org/r/20241209155714.1239665-1-cleger@rivosinc.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Prior to commit 5d5fc33ce58e ("riscv: Improve exception and system call
latency"), backtrace through exception worked since ra was filled with
ret_from_exception symbol address and the stacktrace code checked 'pc' to
be equal to that symbol. Now that handle_exception uses regular 'call'
instructions, this isn't working anymore and backtrace stops at
handle_exception(). Since there are multiple call site to C code in the
exception handling path, rather than checking multiple potential return
addresses, add a new symbol at the end of exception handling and check pc
to be in that range.

Fixes: 5d5fc33ce58e ("riscv: Improve exception and system call latency")
Signed-off-by: Clément Léger &lt;cleger@rivosinc.com&gt;
Tested-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Reviewed-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Link: https://lore.kernel.org/r/20241209155714.1239665-1-cleger@rivosinc.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: stacktrace: Add USER_STACKTRACE support</title>
<updated>2024-09-15T06:57:16+00:00</updated>
<author>
<name>Jinjie Ruan</name>
<email>ruanjinjie@huawei.com</email>
</author>
<published>2024-07-08T03:28:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1a7483318274d0ec60f160e604c2a1dbce27fc0a'/>
<id>1a7483318274d0ec60f160e604c2a1dbce27fc0a</id>
<content type='text'>
Currently, userstacktrace is unsupported for riscv. So use the
perf_callchain_user() code as blueprint to implement the
arch_stack_walk_user() which add userstacktrace support on riscv.
Meanwhile, we can use arch_stack_walk_user() to simplify the implementation
of perf_callchain_user().

A ftrace test case is shown as below:

	# cd /sys/kernel/debug/tracing
	# echo 1 &gt; options/userstacktrace
	# echo 1 &gt; options/sym-userobj
	# echo 1 &gt; events/sched/sched_process_fork/enable
	# cat trace
	......
	            bash-178     [000] ...1.    97.968395: sched_process_fork: comm=bash pid=178 child_comm=bash child_pid=231
	            bash-178     [000] ...1.    97.970075: &lt;user stack trace&gt;
	 =&gt; /lib/libc.so.6[+0xb5090]

Also a simple perf test is ok as below:

	# perf record -e cpu-clock --call-graph fp top
	# perf report --call-graph

	.....
	[[31m  66.54%[[m     0.00%  top      [kernel.kallsyms]            [k] ret_from_exception
            |
            ---ret_from_exception
               |
               |--[[31m58.97%[[m--do_trap_ecall_u
               |          |
               |          |--[[31m17.34%[[m--__riscv_sys_read
               |          |          ksys_read
               |          |          |
               |          |           --[[31m16.88%[[m--vfs_read
               |          |                     |
               |          |                     |--[[31m10.90%[[m--seq_read

Signed-off-by: Jinjie Ruan &lt;ruanjinjie@huawei.com&gt;
Tested-by: Jinjie Ruan &lt;ruanjinjie@huawei.com&gt;
Cc: Björn Töpel &lt;bjorn@kernel.org&gt;
Link: https://lore.kernel.org/r/20240708032847.2998158-3-ruanjinjie@huawei.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently, userstacktrace is unsupported for riscv. So use the
perf_callchain_user() code as blueprint to implement the
arch_stack_walk_user() which add userstacktrace support on riscv.
Meanwhile, we can use arch_stack_walk_user() to simplify the implementation
of perf_callchain_user().

A ftrace test case is shown as below:

	# cd /sys/kernel/debug/tracing
	# echo 1 &gt; options/userstacktrace
	# echo 1 &gt; options/sym-userobj
	# echo 1 &gt; events/sched/sched_process_fork/enable
	# cat trace
	......
	            bash-178     [000] ...1.    97.968395: sched_process_fork: comm=bash pid=178 child_comm=bash child_pid=231
	            bash-178     [000] ...1.    97.970075: &lt;user stack trace&gt;
	 =&gt; /lib/libc.so.6[+0xb5090]

Also a simple perf test is ok as below:

	# perf record -e cpu-clock --call-graph fp top
	# perf report --call-graph

	.....
	[[31m  66.54%[[m     0.00%  top      [kernel.kallsyms]            [k] ret_from_exception
            |
            ---ret_from_exception
               |
               |--[[31m58.97%[[m--do_trap_ecall_u
               |          |
               |          |--[[31m17.34%[[m--__riscv_sys_read
               |          |          ksys_read
               |          |          |
               |          |           --[[31m16.88%[[m--vfs_read
               |          |                     |
               |          |                     |--[[31m10.90%[[m--seq_read

Signed-off-by: Jinjie Ruan &lt;ruanjinjie@huawei.com&gt;
Tested-by: Jinjie Ruan &lt;ruanjinjie@huawei.com&gt;
Cc: Björn Töpel &lt;bjorn@kernel.org&gt;
Link: https://lore.kernel.org/r/20240708032847.2998158-3-ruanjinjie@huawei.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: Improve exception and system call latency</title>
<updated>2024-07-26T12:50:45+00:00</updated>
<author>
<name>Anton Blanchard</name>
<email>antonb@tenstorrent.com</email>
</author>
<published>2024-06-07T06:13:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5d5fc33ce58e81e8738816f5ee59f8e85fd3b404'/>
<id>5d5fc33ce58e81e8738816f5ee59f8e85fd3b404</id>
<content type='text'>
Many CPUs implement return address branch prediction as a stack. The
RISCV architecture refers to this as a return address stack (RAS). If
this gets corrupted then the CPU will mispredict at least one but
potentally many function returns.

There are two issues with the current RISCV exception code:

- We are using the alternate link stack (x5/t0) for the indirect branch
  which makes the hardware think this is a function return. This will
  corrupt the RAS.

- We modify the return address of handle_exception to point to
  ret_from_exception. This will also corrupt the RAS.

Testing the null system call latency before and after the patch:

Visionfive2 (StarFive JH7110 / U74)
baseline: 189.87 ns
patched:  176.76 ns

Lichee pi 4a (T-Head TH1520 / C910)
baseline: 666.58 ns
patched:  636.90 ns

Just over 7% on the U74 and just over 4% on the C910.

Signed-off-by: Anton Blanchard &lt;antonb@tenstorrent.com&gt;
Signed-off-by: Cyril Bur &lt;cyrilbur@tenstorrent.com&gt;
Tested-by: Jisheng Zhang &lt;jszhang@kernel.org&gt;
Reviewed-by: Jisheng Zhang &lt;jszhang@kernel.org&gt;
Link: https://lore.kernel.org/r/20240607061335.2197383-1-cyrilbur@tenstorrent.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Many CPUs implement return address branch prediction as a stack. The
RISCV architecture refers to this as a return address stack (RAS). If
this gets corrupted then the CPU will mispredict at least one but
potentally many function returns.

There are two issues with the current RISCV exception code:

- We are using the alternate link stack (x5/t0) for the indirect branch
  which makes the hardware think this is a function return. This will
  corrupt the RAS.

- We modify the return address of handle_exception to point to
  ret_from_exception. This will also corrupt the RAS.

Testing the null system call latency before and after the patch:

Visionfive2 (StarFive JH7110 / U74)
baseline: 189.87 ns
patched:  176.76 ns

Lichee pi 4a (T-Head TH1520 / C910)
baseline: 666.58 ns
patched:  636.90 ns

Just over 7% on the U74 and just over 4% on the C910.

Signed-off-by: Anton Blanchard &lt;antonb@tenstorrent.com&gt;
Signed-off-by: Cyril Bur &lt;cyrilbur@tenstorrent.com&gt;
Tested-by: Jisheng Zhang &lt;jszhang@kernel.org&gt;
Reviewed-by: Jisheng Zhang &lt;jszhang@kernel.org&gt;
Link: https://lore.kernel.org/r/20240607061335.2197383-1-cyrilbur@tenstorrent.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: stacktrace: fix usage of ftrace_graph_ret_addr()</title>
<updated>2024-07-03T20:10:03+00:00</updated>
<author>
<name>Puranjay Mohan</name>
<email>puranjay@kernel.org</email>
</author>
<published>2024-06-18T14:58:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=393da6cbb2ff89aadc47683a85269f913aa1c139'/>
<id>393da6cbb2ff89aadc47683a85269f913aa1c139</id>
<content type='text'>
ftrace_graph_ret_addr() takes an `idx` integer pointer that is used to
optimize the stack unwinding. Pass it a valid pointer to utilize the
optimizations that might be available in the future.

The commit is making riscv's usage of ftrace_graph_ret_addr() match
x86_64.

Signed-off-by: Puranjay Mohan &lt;puranjay@kernel.org&gt;
Reviewed-by: Steven Rostedt (Google) &lt;rostedt@goodmis.org&gt;
Link: https://lore.kernel.org/r/20240618145820.62112-1-puranjay@kernel.org
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ftrace_graph_ret_addr() takes an `idx` integer pointer that is used to
optimize the stack unwinding. Pass it a valid pointer to utilize the
optimizations that might be available in the future.

The commit is making riscv's usage of ftrace_graph_ret_addr() match
x86_64.

Signed-off-by: Puranjay Mohan &lt;puranjay@kernel.org&gt;
Reviewed-by: Steven Rostedt (Google) &lt;rostedt@goodmis.org&gt;
Link: https://lore.kernel.org/r/20240618145820.62112-1-puranjay@kernel.org
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: stacktrace: convert arch_stack_walk() to noinstr</title>
<updated>2024-06-26T14:37:59+00:00</updated>
<author>
<name>Andy Chiu</name>
<email>andy.chiu@sifive.com</email>
</author>
<published>2024-06-13T07:11:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=23b2188920a25e88d447dd7d819a0b0f62fb4455'/>
<id>23b2188920a25e88d447dd7d819a0b0f62fb4455</id>
<content type='text'>
arch_stack_walk() is called intensively in function_graph when the
kernel is compiled with CONFIG_TRACE_IRQFLAGS. As a result, the kernel
logs a lot of arch_stack_walk and its sub-functions into the ftrace
buffer. However, these functions should not appear on the trace log
because they are part of the ftrace itself. This patch references what
arm64 does for the smae function. So it further prevent the re-enter
kprobe issue, which is also possible on riscv.

Related-to: commit 0fbcd8abf337 ("arm64: Prohibit instrumentation on arch_stack_walk()")
Fixes: 680341382da5 ("riscv: add CALLER_ADDRx support")
Signed-off-by: Andy Chiu &lt;andy.chiu@sifive.com&gt;
Reviewed-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Link: https://lore.kernel.org/r/20240613-dev-andyc-dyn-ftrace-v4-v1-1-1a538e12c01e@sifive.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
arch_stack_walk() is called intensively in function_graph when the
kernel is compiled with CONFIG_TRACE_IRQFLAGS. As a result, the kernel
logs a lot of arch_stack_walk and its sub-functions into the ftrace
buffer. However, these functions should not appear on the trace log
because they are part of the ftrace itself. This patch references what
arm64 does for the smae function. So it further prevent the re-enter
kprobe issue, which is also possible on riscv.

Related-to: commit 0fbcd8abf337 ("arm64: Prohibit instrumentation on arch_stack_walk()")
Fixes: 680341382da5 ("riscv: add CALLER_ADDRx support")
Signed-off-by: Andy Chiu &lt;andy.chiu@sifive.com&gt;
Reviewed-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Link: https://lore.kernel.org/r/20240613-dev-andyc-dyn-ftrace-v4-v1-1-1a538e12c01e@sifive.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: stacktrace: fixed walk_stackframe()</title>
<updated>2024-05-22T23:12:49+00:00</updated>
<author>
<name>Matthew Bystrin</name>
<email>dev.mbstr@gmail.com</email>
</author>
<published>2024-05-21T19:13:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a2a4d4a6a0bf5eba66f8b0b32502cc20d82715a0'/>
<id>a2a4d4a6a0bf5eba66f8b0b32502cc20d82715a0</id>
<content type='text'>
If the load access fault occures in a leaf function (with
CONFIG_FRAME_POINTER=y), when wrong stack trace will be displayed:

[&lt;ffffffff804853c2&gt;] regmap_mmio_read32le+0xe/0x1c
---[ end trace 0000000000000000 ]---

Registers dump:
    ra     0xffffffff80485758 &lt;regmap_mmio_read+36&gt;
    sp     0xffffffc80200b9a0
    fp     0xffffffc80200b9b0
    pc     0xffffffff804853ba &lt;regmap_mmio_read32le+6&gt;

Stack dump:
    0xffffffc80200b9a0:  0xffffffc80200b9e0  0xffffffc80200b9e0
    0xffffffc80200b9b0:  0xffffffff8116d7e8  0x0000000000000100
    0xffffffc80200b9c0:  0xffffffd8055b9400  0xffffffd8055b9400
    0xffffffc80200b9d0:  0xffffffc80200b9f0  0xffffffff8047c526
    0xffffffc80200b9e0:  0xffffffc80200ba30  0xffffffff8047fe9a

The assembler dump of the function preambula:
    add     sp,sp,-16
    sd      s0,8(sp)
    add     s0,sp,16

In the fist stack frame, where ra is not stored on the stack we can
observe:

        0(sp)                  8(sp)
        .---------------------------------------------.
    sp-&gt;|       frame-&gt;fp      | frame-&gt;ra (saved fp) |
        |---------------------------------------------|
    fp-&gt;|         ....         |         ....         |
        |---------------------------------------------|
        |                      |                      |

and in the code check is performed:
	if (regs &amp;&amp; (regs-&gt;epc == pc) &amp;&amp; (frame-&gt;fp &amp; 0x7))

I see no reason to check frame-&gt;fp value at all, because it is can be
uninitialized value on the stack. A better way is to check frame-&gt;ra to
be an address on the stack. After the stacktrace shows as expect:

[&lt;ffffffff804853c2&gt;] regmap_mmio_read32le+0xe/0x1c
[&lt;ffffffff80485758&gt;] regmap_mmio_read+0x24/0x52
[&lt;ffffffff8047c526&gt;] _regmap_bus_reg_read+0x1a/0x22
[&lt;ffffffff8047fe9a&gt;] _regmap_read+0x5c/0xea
[&lt;ffffffff80480376&gt;] _regmap_update_bits+0x76/0xc0
...
---[ end trace 0000000000000000 ]---
As pointed by Samuel Holland it is incorrect to remove check of the stackframe
entirely.

Changes since v2 [2]:
 - Add accidentally forgotten curly brace

Changes since v1 [1]:
 - Instead of just dropping frame-&gt;fp check, replace it with validation of
   frame-&gt;ra, which should be a stack address.
 - Move frame pointer validation into the separate function.

[1] https://lore.kernel.org/linux-riscv/20240426072701.6463-1-dev.mbstr@gmail.com/
[2] https://lore.kernel.org/linux-riscv/20240521131314.48895-1-dev.mbstr@gmail.com/

Fixes: f766f77a74f5 ("riscv/stacktrace: Fix stack output without ra on the stack top")
Signed-off-by: Matthew Bystrin &lt;dev.mbstr@gmail.com&gt;
Reviewed-by: Samuel Holland &lt;samuel.holland@sifive.com&gt;
Link: https://lore.kernel.org/r/20240521191727.62012-1-dev.mbstr@gmail.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If the load access fault occures in a leaf function (with
CONFIG_FRAME_POINTER=y), when wrong stack trace will be displayed:

[&lt;ffffffff804853c2&gt;] regmap_mmio_read32le+0xe/0x1c
---[ end trace 0000000000000000 ]---

Registers dump:
    ra     0xffffffff80485758 &lt;regmap_mmio_read+36&gt;
    sp     0xffffffc80200b9a0
    fp     0xffffffc80200b9b0
    pc     0xffffffff804853ba &lt;regmap_mmio_read32le+6&gt;

Stack dump:
    0xffffffc80200b9a0:  0xffffffc80200b9e0  0xffffffc80200b9e0
    0xffffffc80200b9b0:  0xffffffff8116d7e8  0x0000000000000100
    0xffffffc80200b9c0:  0xffffffd8055b9400  0xffffffd8055b9400
    0xffffffc80200b9d0:  0xffffffc80200b9f0  0xffffffff8047c526
    0xffffffc80200b9e0:  0xffffffc80200ba30  0xffffffff8047fe9a

The assembler dump of the function preambula:
    add     sp,sp,-16
    sd      s0,8(sp)
    add     s0,sp,16

In the fist stack frame, where ra is not stored on the stack we can
observe:

        0(sp)                  8(sp)
        .---------------------------------------------.
    sp-&gt;|       frame-&gt;fp      | frame-&gt;ra (saved fp) |
        |---------------------------------------------|
    fp-&gt;|         ....         |         ....         |
        |---------------------------------------------|
        |                      |                      |

and in the code check is performed:
	if (regs &amp;&amp; (regs-&gt;epc == pc) &amp;&amp; (frame-&gt;fp &amp; 0x7))

I see no reason to check frame-&gt;fp value at all, because it is can be
uninitialized value on the stack. A better way is to check frame-&gt;ra to
be an address on the stack. After the stacktrace shows as expect:

[&lt;ffffffff804853c2&gt;] regmap_mmio_read32le+0xe/0x1c
[&lt;ffffffff80485758&gt;] regmap_mmio_read+0x24/0x52
[&lt;ffffffff8047c526&gt;] _regmap_bus_reg_read+0x1a/0x22
[&lt;ffffffff8047fe9a&gt;] _regmap_read+0x5c/0xea
[&lt;ffffffff80480376&gt;] _regmap_update_bits+0x76/0xc0
...
---[ end trace 0000000000000000 ]---
As pointed by Samuel Holland it is incorrect to remove check of the stackframe
entirely.

Changes since v2 [2]:
 - Add accidentally forgotten curly brace

Changes since v1 [1]:
 - Instead of just dropping frame-&gt;fp check, replace it with validation of
   frame-&gt;ra, which should be a stack address.
 - Move frame pointer validation into the separate function.

[1] https://lore.kernel.org/linux-riscv/20240426072701.6463-1-dev.mbstr@gmail.com/
[2] https://lore.kernel.org/linux-riscv/20240521131314.48895-1-dev.mbstr@gmail.com/

Fixes: f766f77a74f5 ("riscv/stacktrace: Fix stack output without ra on the stack top")
Signed-off-by: Matthew Bystrin &lt;dev.mbstr@gmail.com&gt;
Reviewed-by: Samuel Holland &lt;samuel.holland@sifive.com&gt;
Link: https://lore.kernel.org/r/20240521191727.62012-1-dev.mbstr@gmail.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode</title>
<updated>2023-03-09T22:50:35+00:00</updated>
<author>
<name>Alexandre Ghiti</name>
<email>alexghiti@rivosinc.com</email>
</author>
<published>2023-03-08T09:16:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=76950340cf03b149412fe0d5f0810e52ac1df8cb'/>
<id>76950340cf03b149412fe0d5f0810e52ac1df8cb</id>
<content type='text'>
When CONFIG_FRAME_POINTER is unset, the stack unwinding function
walk_stackframe randomly reads the stack and then, when KASAN is enabled,
it can lead to the following backtrace:

[    0.000000] ==================================================================
[    0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a
[    0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0
[    0.000000]
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43
[    0.000000] Hardware name: riscv-virtio,qemu (DT)
[    0.000000] Call Trace:
[    0.000000] [&lt;ffffffff80007ba8&gt;] walk_stackframe+0x0/0x11a
[    0.000000] [&lt;ffffffff80099ecc&gt;] init_param_lock+0x26/0x2a
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff80c49c80&gt;] dump_stack_lvl+0x22/0x36
[    0.000000] [&lt;ffffffff80c3783e&gt;] print_report+0x198/0x4a8
[    0.000000] [&lt;ffffffff80099ecc&gt;] init_param_lock+0x26/0x2a
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff8015f68a&gt;] kasan_report+0x9a/0xc8
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff8006e99c&gt;] desc_make_final+0x80/0x84
[    0.000000] [&lt;ffffffff8009a04e&gt;] stack_trace_save+0x88/0xa6
[    0.000000] [&lt;ffffffff80099fc2&gt;] filter_irq_stacks+0x72/0x76
[    0.000000] [&lt;ffffffff8006b95e&gt;] devkmsg_read+0x32a/0x32e
[    0.000000] [&lt;ffffffff8015ec16&gt;] kasan_save_stack+0x28/0x52
[    0.000000] [&lt;ffffffff8006e998&gt;] desc_make_final+0x7c/0x84
[    0.000000] [&lt;ffffffff8009a04a&gt;] stack_trace_save+0x84/0xa6
[    0.000000] [&lt;ffffffff8015ec52&gt;] kasan_set_track+0x12/0x20
[    0.000000] [&lt;ffffffff8015f22e&gt;] __kasan_slab_alloc+0x58/0x5e
[    0.000000] [&lt;ffffffff8015e7ea&gt;] __kmem_cache_create+0x21e/0x39a
[    0.000000] [&lt;ffffffff80e133ac&gt;] create_boot_cache+0x70/0x9c
[    0.000000] [&lt;ffffffff80e17ab2&gt;] kmem_cache_init+0x6c/0x11e
[    0.000000] [&lt;ffffffff80e00fd6&gt;] mm_init+0xd8/0xfe
[    0.000000] [&lt;ffffffff80e011d8&gt;] start_kernel+0x190/0x3ca
[    0.000000]
[    0.000000] The buggy address belongs to stack of task swapper/0
[    0.000000]  and is located at offset 0 in frame:
[    0.000000]  stack_trace_save+0x0/0xa6
[    0.000000]
[    0.000000] This frame has 1 object:
[    0.000000]  [32, 56) 'c'
[    0.000000]
[    0.000000] The buggy address belongs to the physical page:
[    0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07
[    0.000000] flags: 0x1000(reserved|zone=0)
[    0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000
[    0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff
[    0.000000] page dumped because: kasan: bad access detected
[    0.000000]
[    0.000000] Memory state around the buggy address:
[    0.000000]  ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000]  ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000] &gt;ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3
[    0.000000]                                            ^
[    0.000000]  ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000]  ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000] ==================================================================

Fix that by using READ_ONCE_NOCHECK when reading the stack in imprecise
mode.

Fixes: 5d8544e2d007 ("RISC-V: Generic library routines and assembly")
Reported-by: Chathura Rajapaksha &lt;chathura.abeyrathne.lk@gmail.com&gt;
Link: https://lore.kernel.org/all/CAD7mqryDQCYyJ1gAmtMm8SASMWAQ4i103ptTb0f6Oda=tPY2=A@mail.gmail.com/
Suggested-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Signed-off-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Link: https://lore.kernel.org/r/20230308091639.602024-1-alexghiti@rivosinc.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When CONFIG_FRAME_POINTER is unset, the stack unwinding function
walk_stackframe randomly reads the stack and then, when KASAN is enabled,
it can lead to the following backtrace:

[    0.000000] ==================================================================
[    0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a
[    0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0
[    0.000000]
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43
[    0.000000] Hardware name: riscv-virtio,qemu (DT)
[    0.000000] Call Trace:
[    0.000000] [&lt;ffffffff80007ba8&gt;] walk_stackframe+0x0/0x11a
[    0.000000] [&lt;ffffffff80099ecc&gt;] init_param_lock+0x26/0x2a
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff80c49c80&gt;] dump_stack_lvl+0x22/0x36
[    0.000000] [&lt;ffffffff80c3783e&gt;] print_report+0x198/0x4a8
[    0.000000] [&lt;ffffffff80099ecc&gt;] init_param_lock+0x26/0x2a
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff8015f68a&gt;] kasan_report+0x9a/0xc8
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff80007c4a&gt;] walk_stackframe+0xa2/0x11a
[    0.000000] [&lt;ffffffff8006e99c&gt;] desc_make_final+0x80/0x84
[    0.000000] [&lt;ffffffff8009a04e&gt;] stack_trace_save+0x88/0xa6
[    0.000000] [&lt;ffffffff80099fc2&gt;] filter_irq_stacks+0x72/0x76
[    0.000000] [&lt;ffffffff8006b95e&gt;] devkmsg_read+0x32a/0x32e
[    0.000000] [&lt;ffffffff8015ec16&gt;] kasan_save_stack+0x28/0x52
[    0.000000] [&lt;ffffffff8006e998&gt;] desc_make_final+0x7c/0x84
[    0.000000] [&lt;ffffffff8009a04a&gt;] stack_trace_save+0x84/0xa6
[    0.000000] [&lt;ffffffff8015ec52&gt;] kasan_set_track+0x12/0x20
[    0.000000] [&lt;ffffffff8015f22e&gt;] __kasan_slab_alloc+0x58/0x5e
[    0.000000] [&lt;ffffffff8015e7ea&gt;] __kmem_cache_create+0x21e/0x39a
[    0.000000] [&lt;ffffffff80e133ac&gt;] create_boot_cache+0x70/0x9c
[    0.000000] [&lt;ffffffff80e17ab2&gt;] kmem_cache_init+0x6c/0x11e
[    0.000000] [&lt;ffffffff80e00fd6&gt;] mm_init+0xd8/0xfe
[    0.000000] [&lt;ffffffff80e011d8&gt;] start_kernel+0x190/0x3ca
[    0.000000]
[    0.000000] The buggy address belongs to stack of task swapper/0
[    0.000000]  and is located at offset 0 in frame:
[    0.000000]  stack_trace_save+0x0/0xa6
[    0.000000]
[    0.000000] This frame has 1 object:
[    0.000000]  [32, 56) 'c'
[    0.000000]
[    0.000000] The buggy address belongs to the physical page:
[    0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07
[    0.000000] flags: 0x1000(reserved|zone=0)
[    0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000
[    0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff
[    0.000000] page dumped because: kasan: bad access detected
[    0.000000]
[    0.000000] Memory state around the buggy address:
[    0.000000]  ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000]  ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000] &gt;ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3
[    0.000000]                                            ^
[    0.000000]  ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000]  ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000] ==================================================================

Fix that by using READ_ONCE_NOCHECK when reading the stack in imprecise
mode.

Fixes: 5d8544e2d007 ("RISC-V: Generic library routines and assembly")
Reported-by: Chathura Rajapaksha &lt;chathura.abeyrathne.lk@gmail.com&gt;
Link: https://lore.kernel.org/all/CAD7mqryDQCYyJ1gAmtMm8SASMWAQ4i103ptTb0f6Oda=tPY2=A@mail.gmail.com/
Suggested-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Signed-off-by: Alexandre Ghiti &lt;alexghiti@rivosinc.com&gt;
Link: https://lore.kernel.org/r/20230308091639.602024-1-alexghiti@rivosinc.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: stacktrace: Fix missing the first frame</title>
<updated>2023-02-03T03:33:05+00:00</updated>
<author>
<name>Liu Shixin</name>
<email>liushixin2@huawei.com</email>
</author>
<published>2022-12-07T02:50:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=cb80242cc679d6397e77d8a964deeb3ff218d2b5'/>
<id>cb80242cc679d6397e77d8a964deeb3ff218d2b5</id>
<content type='text'>
When running kfence_test, I found some testcases failed like this:

 # test_out_of_bounds_read: EXPECTATION FAILED at mm/kfence/kfence_test.c:346
 Expected report_matches(&amp;expect) to be true, but is false
 not ok 1 - test_out_of_bounds_read

The corresponding call-trace is:

 BUG: KFENCE: out-of-bounds read in kunit_try_run_case+0x38/0x84

 Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#10):
  kunit_try_run_case+0x38/0x84
  kunit_generic_run_threadfn_adapter+0x12/0x1e
  kthread+0xc8/0xde
  ret_from_exception+0x0/0xc

The kfence_test using the first frame of call trace to check whether the
testcase is succeed or not. Commit 6a00ef449370 ("riscv: eliminate
unreliable __builtin_frame_address(1)") skip first frame for all
case, which results the kfence_test failed. Indeed, we only need to skip
the first frame for case (task==NULL || task==current).

With this patch, the call-trace will be:

 BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x88/0x19e

 Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#7):
  test_out_of_bounds_read+0x88/0x19e
  kunit_try_run_case+0x38/0x84
  kunit_generic_run_threadfn_adapter+0x12/0x1e
  kthread+0xc8/0xde
  ret_from_exception+0x0/0xc

Fixes: 6a00ef449370 ("riscv: eliminate unreliable __builtin_frame_address(1)")
Signed-off-by: Liu Shixin &lt;liushixin2@huawei.com&gt;
Tested-by: Samuel Holland &lt;samuel@sholland.org&gt;
Link: https://lore.kernel.org/r/20221207025038.1022045-1-liushixin2@huawei.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When running kfence_test, I found some testcases failed like this:

 # test_out_of_bounds_read: EXPECTATION FAILED at mm/kfence/kfence_test.c:346
 Expected report_matches(&amp;expect) to be true, but is false
 not ok 1 - test_out_of_bounds_read

The corresponding call-trace is:

 BUG: KFENCE: out-of-bounds read in kunit_try_run_case+0x38/0x84

 Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#10):
  kunit_try_run_case+0x38/0x84
  kunit_generic_run_threadfn_adapter+0x12/0x1e
  kthread+0xc8/0xde
  ret_from_exception+0x0/0xc

The kfence_test using the first frame of call trace to check whether the
testcase is succeed or not. Commit 6a00ef449370 ("riscv: eliminate
unreliable __builtin_frame_address(1)") skip first frame for all
case, which results the kfence_test failed. Indeed, we only need to skip
the first frame for case (task==NULL || task==current).

With this patch, the call-trace will be:

 BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x88/0x19e

 Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#7):
  test_out_of_bounds_read+0x88/0x19e
  kunit_try_run_case+0x38/0x84
  kunit_generic_run_threadfn_adapter+0x12/0x1e
  kthread+0xc8/0xde
  ret_from_exception+0x0/0xc

Fixes: 6a00ef449370 ("riscv: eliminate unreliable __builtin_frame_address(1)")
Signed-off-by: Liu Shixin &lt;liushixin2@huawei.com&gt;
Tested-by: Samuel Holland &lt;samuel@sholland.org&gt;
Link: https://lore.kernel.org/r/20221207025038.1022045-1-liushixin2@huawei.com
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: stacktrace: Make walk_stackframe cross pt_regs frame</title>
<updated>2022-12-06T02:13:34+00:00</updated>
<author>
<name>Guo Ren</name>
<email>guoren@linux.alibaba.com</email>
</author>
<published>2022-11-09T06:49:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7ecdadf7f8c659524f6b2aebf6be7bf619764d90'/>
<id>7ecdadf7f8c659524f6b2aebf6be7bf619764d90</id>
<content type='text'>
The current walk_stackframe with FRAME_POINTER would stop unwinding at
ret_from_exception:
  BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1518
  in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 1, name: init
  CPU: 0 PID: 1 Comm: init Not tainted 5.10.113-00021-g15c15974895c-dirty #192
  Call Trace:
  [&lt;ffffffe0002038c8&gt;] walk_stackframe+0x0/0xee
  [&lt;ffffffe000aecf48&gt;] show_stack+0x32/0x4a
  [&lt;ffffffe000af1618&gt;] dump_stack_lvl+0x72/0x8e
  [&lt;ffffffe000af1648&gt;] dump_stack+0x14/0x1c
  [&lt;ffffffe000239ad2&gt;] ___might_sleep+0x12e/0x138
  [&lt;ffffffe000239aec&gt;] __might_sleep+0x10/0x18
  [&lt;ffffffe000afe3fe&gt;] down_read+0x22/0xa4
  [&lt;ffffffe000207588&gt;] do_page_fault+0xb0/0x2fe
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc

The optimization would help walk_stackframe cross the pt_regs frame and
get more backtrace of debug info:
  BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1518
  in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 1, name: init
  CPU: 0 PID: 1 Comm: init Not tainted 5.10.113-00021-g15c15974895c-dirty #192
  Call Trace:
  [&lt;ffffffe0002038c8&gt;] walk_stackframe+0x0/0xee
  [&lt;ffffffe000aecf48&gt;] show_stack+0x32/0x4a
  [&lt;ffffffe000af1618&gt;] dump_stack_lvl+0x72/0x8e
  [&lt;ffffffe000af1648&gt;] dump_stack+0x14/0x1c
  [&lt;ffffffe000239ad2&gt;] ___might_sleep+0x12e/0x138
  [&lt;ffffffe000239aec&gt;] __might_sleep+0x10/0x18
  [&lt;ffffffe000afe3fe&gt;] down_read+0x22/0xa4
  [&lt;ffffffe000207588&gt;] do_page_fault+0xb0/0x2fe
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc
  [&lt;ffffffe000613c06&gt;] riscv_intc_irq+0x1a/0x72
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc
  [&lt;ffffffe00033f44a&gt;] vma_link+0x54/0x160
  [&lt;ffffffe000341d7a&gt;] mmap_region+0x2cc/0x4d0
  [&lt;ffffffe000342256&gt;] do_mmap+0x2d8/0x3ac
  [&lt;ffffffe000326318&gt;] vm_mmap_pgoff+0x70/0xb8
  [&lt;ffffffe00032638a&gt;] vm_mmap+0x2a/0x36
  [&lt;ffffffe0003cfdde&gt;] elf_map+0x72/0x84
  [&lt;ffffffe0003d05f8&gt;] load_elf_binary+0x69a/0xec8
  [&lt;ffffffe000376240&gt;] bprm_execve+0x246/0x53a
  [&lt;ffffffe00037786c&gt;] kernel_execve+0xe8/0x124
  [&lt;ffffffe000aecdf2&gt;] run_init_process+0xfa/0x10c
  [&lt;ffffffe000aece16&gt;] try_to_run_init_process+0x12/0x3c
  [&lt;ffffffe000afa920&gt;] kernel_init+0xb4/0xf8
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc

Here is the error injection test code for the above output:
 drivers/irqchip/irq-riscv-intc.c:
 static asmlinkage void riscv_intc_irq(struct pt_regs *regs)
 {
        unsigned long cause = regs-&gt;cause &amp; ~CAUSE_IRQ_FLAG;
+       u32 tmp; __get_user(tmp, (u32 *)0);

Signed-off-by: Guo Ren &lt;guoren@linux.alibaba.com&gt;
Signed-off-by: Guo Ren &lt;guoren@kernel.org&gt;
Link: https://lore.kernel.org/r/20221109064937.3643993-3-guoren@kernel.org
[Palmer: use SYM_CODE_*]
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The current walk_stackframe with FRAME_POINTER would stop unwinding at
ret_from_exception:
  BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1518
  in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 1, name: init
  CPU: 0 PID: 1 Comm: init Not tainted 5.10.113-00021-g15c15974895c-dirty #192
  Call Trace:
  [&lt;ffffffe0002038c8&gt;] walk_stackframe+0x0/0xee
  [&lt;ffffffe000aecf48&gt;] show_stack+0x32/0x4a
  [&lt;ffffffe000af1618&gt;] dump_stack_lvl+0x72/0x8e
  [&lt;ffffffe000af1648&gt;] dump_stack+0x14/0x1c
  [&lt;ffffffe000239ad2&gt;] ___might_sleep+0x12e/0x138
  [&lt;ffffffe000239aec&gt;] __might_sleep+0x10/0x18
  [&lt;ffffffe000afe3fe&gt;] down_read+0x22/0xa4
  [&lt;ffffffe000207588&gt;] do_page_fault+0xb0/0x2fe
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc

The optimization would help walk_stackframe cross the pt_regs frame and
get more backtrace of debug info:
  BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1518
  in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 1, name: init
  CPU: 0 PID: 1 Comm: init Not tainted 5.10.113-00021-g15c15974895c-dirty #192
  Call Trace:
  [&lt;ffffffe0002038c8&gt;] walk_stackframe+0x0/0xee
  [&lt;ffffffe000aecf48&gt;] show_stack+0x32/0x4a
  [&lt;ffffffe000af1618&gt;] dump_stack_lvl+0x72/0x8e
  [&lt;ffffffe000af1648&gt;] dump_stack+0x14/0x1c
  [&lt;ffffffe000239ad2&gt;] ___might_sleep+0x12e/0x138
  [&lt;ffffffe000239aec&gt;] __might_sleep+0x10/0x18
  [&lt;ffffffe000afe3fe&gt;] down_read+0x22/0xa4
  [&lt;ffffffe000207588&gt;] do_page_fault+0xb0/0x2fe
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc
  [&lt;ffffffe000613c06&gt;] riscv_intc_irq+0x1a/0x72
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc
  [&lt;ffffffe00033f44a&gt;] vma_link+0x54/0x160
  [&lt;ffffffe000341d7a&gt;] mmap_region+0x2cc/0x4d0
  [&lt;ffffffe000342256&gt;] do_mmap+0x2d8/0x3ac
  [&lt;ffffffe000326318&gt;] vm_mmap_pgoff+0x70/0xb8
  [&lt;ffffffe00032638a&gt;] vm_mmap+0x2a/0x36
  [&lt;ffffffe0003cfdde&gt;] elf_map+0x72/0x84
  [&lt;ffffffe0003d05f8&gt;] load_elf_binary+0x69a/0xec8
  [&lt;ffffffe000376240&gt;] bprm_execve+0x246/0x53a
  [&lt;ffffffe00037786c&gt;] kernel_execve+0xe8/0x124
  [&lt;ffffffe000aecdf2&gt;] run_init_process+0xfa/0x10c
  [&lt;ffffffe000aece16&gt;] try_to_run_init_process+0x12/0x3c
  [&lt;ffffffe000afa920&gt;] kernel_init+0xb4/0xf8
  [&lt;ffffffe000201b80&gt;] ret_from_exception+0x0/0xc

Here is the error injection test code for the above output:
 drivers/irqchip/irq-riscv-intc.c:
 static asmlinkage void riscv_intc_irq(struct pt_regs *regs)
 {
        unsigned long cause = regs-&gt;cause &amp; ~CAUSE_IRQ_FLAG;
+       u32 tmp; __get_user(tmp, (u32 *)0);

Signed-off-by: Guo Ren &lt;guoren@linux.alibaba.com&gt;
Signed-off-by: Guo Ren &lt;guoren@kernel.org&gt;
Link: https://lore.kernel.org/r/20221109064937.3643993-3-guoren@kernel.org
[Palmer: use SYM_CODE_*]
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument</title>
<updated>2022-12-06T00:58:01+00:00</updated>
<author>
<name>Guo Ren</name>
<email>guoren@linux.alibaba.com</email>
</author>
<published>2022-11-09T06:49:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5c3022e4a616d800cf5f4c3a981d7992179e44a1'/>
<id>5c3022e4a616d800cf5f4c3a981d7992179e44a1</id>
<content type='text'>
The 'retp' is a pointer to the return address on the stack, so we
must pass the current return address pointer as the 'retp'
argument to ftrace_push_return_trace(). Not parent function's
return address on the stack.

Fixes: b785ec129bd9 ("riscv/ftrace: Add HAVE_FUNCTION_GRAPH_RET_ADDR_PTR support")
Signed-off-by: Guo Ren &lt;guoren@linux.alibaba.com&gt;
Signed-off-by: Guo Ren &lt;guoren@kernel.org&gt;
Link: https://lore.kernel.org/r/20221109064937.3643993-2-guoren@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The 'retp' is a pointer to the return address on the stack, so we
must pass the current return address pointer as the 'retp'
argument to ftrace_push_return_trace(). Not parent function's
return address on the stack.

Fixes: b785ec129bd9 ("riscv/ftrace: Add HAVE_FUNCTION_GRAPH_RET_ADDR_PTR support")
Signed-off-by: Guo Ren &lt;guoren@linux.alibaba.com&gt;
Signed-off-by: Guo Ren &lt;guoren@kernel.org&gt;
Link: https://lore.kernel.org/r/20221109064937.3643993-2-guoren@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt &lt;palmer@rivosinc.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
