[PATCH bpf-next 4/4] ftrace: Fix dead loop caused by direct call in ftrace selftest

From: Xu Kuohai
Date: Tue Sep 13 2022 - 02:24:49 EST


From: Xu Kuohai <xukuohai@xxxxxxxxxx>

After direct call is enabled for arm64, ftrace selftest enters a
dead loop:

<trace_selftest_dynamic_test_func>:
00 bti c
01 mov x9, x30 <trace_direct_tramp>:
02 bl <trace_direct_tramp> ----------> ret
|
lr/x30 is 03, return to 03
|
03 mov w0, #0x0 <-----------------------------|
| |
| dead loop! |
| |
04 ret ---- lr/x30 is still 03, go back to 03 ----|

The reason is that when the direct caller trace_direct_tramp() returns
to the patched function trace_selftest_dynamic_test_func(), lr is still
the address after the instrumented instruction in the patched function,
so when the patched function exits, it returns to itself!

To fix this issue, we need to restore lr before trace_direct_tramp()
exits, so use a dedicated trace_direct_tramp() for arm64.

Reported-by: Li Huafei <lihuafei1@xxxxxxxxxx>
Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx>
Acked-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
---
arch/arm64/include/asm/ftrace.h | 4 ++++
kernel/trace/trace_selftest.c | 2 ++
2 files changed, 6 insertions(+)

diff --git a/arch/arm64/include/asm/ftrace.h b/arch/arm64/include/asm/ftrace.h
index b07a3c24f918..15247f73bf54 100644
--- a/arch/arm64/include/asm/ftrace.h
+++ b/arch/arm64/include/asm/ftrace.h
@@ -128,6 +128,10 @@ static inline bool arch_syscall_match_sym_name(const char *sym,
#define ftrace_dummy_tramp ftrace_dummy_tramp
extern void ftrace_dummy_tramp(void);

+#ifdef CONFIG_FTRACE_SELFTEST
+#define trace_direct_tramp ftrace_dummy_tramp
+#endif /* CONFIG_FTRACE_SELFTEST */
+
#endif /* CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS */

#endif /* ifndef __ASSEMBLY__ */
diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
index a2d301f58ced..092239bc373c 100644
--- a/kernel/trace/trace_selftest.c
+++ b/kernel/trace/trace_selftest.c
@@ -785,8 +785,10 @@ static struct fgraph_ops fgraph_ops __initdata = {
};

#ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
+#ifndef trace_direct_tramp
noinline __noclone static void trace_direct_tramp(void) { }
#endif
+#endif

/*
* Pretty much the same than for the function tracer from which the selftest
--
2.30.2