[Crash-utility] [PATCH v2] arm64: fix kernel memory map handling for kaslr-enabled kernel

Dave Anderson anderson at redhat.com
Thu May 26 13:44:51 UTC 2016 


----- Original Message -----

> > > > > 3) Backtracing a 'panic'ed task fails:
> > > > >  crash> bt
> > > > >  PID: 999    TASK: ffffffe960081800  CPU: 0   COMMAND: "sh"
> > > > >  bt: WARNING: corrupt prstatus? pstate=0x80000000, but no user frame found
> > > > >  bt: WARNING: cannot determine starting stack frame for task ffffffe960081800
> > > > > 
> > > > >   frame->pc indicates that it is a kernel address, so obviously something
> > > > >   is wrong. I'm diggin into it.
> > > > 
> > > > Can you add a debug statement that displays frame->pc, frame->sp, and frame->fp?
> > > 
> > > I've already identified the cause.
> > > pt_regs->pstate was set mistakenly from "sprsr_el1" in panic().
> > > But I have a difficulty here to fix the problem as we have no direct way
> > > to retrieve a value of the *current* PSTATE.
> >  
> > Interesting.  I don't know what you mean by "sprsr_el1" in panic(), but

> > I just got a report from my github "issues", where the user injected a panic()
> > call into a kernel module and got the same error as above because of the pstate
> > value.  I asked him to put this hack into arm64.c:
> 
> spspr_el1 is a register that holds a value of PSTATE when an exception
> is trapped into EL1. Since panic() is called even in case of software
> bugs, it is not useful anyway.
> Currently I'm trying to save a "faked" current PSTATE into pt_regs->pstate
> and will add this fix in my next kdump patch series (v17).

OK thanks.  Mystery solved.  I think I'll still add the hack-around that prints
the warning message but allows it to continue if the sp, fp and pc appear correct.
It used to do that, but the new behavior was actually a regression that was 
introduced as part of this patch in crash-7.1.5:

    Fix for the "bt" command to properly pull the stack and frame pointer
    registers from the NT_PRSTATUS notes of 32-bit tasks running in
    user-mode on ARM64.  Without the patch, the "bt" command utilizes
    ptregs->sp and ptregs->regs[29] for 32-bit tasks instead of the
    architecturally-mapped ptregs->regs[13] and ptregs->regs[11], which
    yields unpredictable/invalid results, and possibly a segmentation
    violation.
    (drjones at redhat.com)

Thanks,
  Dave

More information about the Crash-utility mailing list