Re: [PATCH v3 7/8] sframe: Introduce in-kernel SFRAME_VALIDATION.

[Dylan Hatch]

On Thu, Apr 16, 2026 at 8:04 AM Jens Remus <jremus@xxxxxxxxxxxxx> wrote:
>
> Hello Dylan!
>
> On 4/6/2026 8:49 PM, Dylan Hatch wrote:
> > Generalize the __safe* helpers to support a non-user-access code path.
> > Allow for kernel FDE read failures due to the presence of .rodata.text.
> > This section contains code that can't be executed by the kernel
> > direclty, and thus lies ouside the normal kernel-text bounds.
>
> Nits: s/direclty/directly/ s/ouside/outside/
>
> Could you please explain the issue?  How/why does .sframe for
> .rodata.text pose an issue for .sframe verification?

__read_fde checks that the fde_addr it extracts is within the bounds
of sec->text_start and sec->text_end. In the case of the vmlinux
.sframe section, this is _stext and _etext. However on arm64, there is
an .rodata.text section that lies outside this range. From
arch/arm64/kernel/vmlinux.lds.S:

        /* code sections that are never executed via the kernel mapping */
        .rodata.text : {
                TRAMP_TEXT
                HIBERNATE_TEXT
                KEXEC_TEXT
                IDMAP_TEXT
                . = ALIGN(PAGE_SIZE);
        }

So __read_fde fails for functions in this section. Under normal SFrame
usage for unwinding, we should never need to look up a PC value in
these functions because they will never be executed by the kernel.
However, we still hit this error when validating all FDEs.

I think ideally we might prevent sframe data from being generated for
this code (maybe from the linker script somehow?), but I don't know of
a simple way to do this. Alternatively, we can check for FDEs located
in .rodata.text during validation, but this seems to only be present
in arm64, so maybe we would need an arch-specific hook to do this? I'm
open to suggestions.

>
> > Signed-off-by: Dylan Hatch <dylanbhatch@xxxxxxxxxx>
>
> > diff --git a/kernel/unwind/sframe.c b/kernel/unwind/sframe.c
>
> > @@ -690,6 +699,13 @@ static int sframe_validate_section(struct sframe_section *sec)
> >               int ret;
> >
> >               ret = safe_read_fde(sec, i, &fde);
> > +             /*
> > +              * Code in .rodata.text is not considered part of normal kernel
> > +              * text, but there is no easy way to prevent sframe data from
> > +              * being generated for it.
> > +              */
> > +             if (ret && sec->sec_type == SFRAME_KERNEL)
> > +                     continue;
> >               if (ret)
> >                       return ret;
> >
> Thanks and regards,
> Jens
> --
> Jens Remus
> Linux on Z Development (D3303)
> jremus@xxxxxxxxxx / jremus@xxxxxxxxxxxxx
>
> IBM Deutschland Research & Development GmbH; Vorsitzender des Aufsichtsrats: Wolfgang Wendt; Geschäftsführung: David Faller; Sitz der Gesellschaft: Ehningen; Registergericht: Amtsgericht Stuttgart, HRB 243294
> IBM Data Privacy Statement: https://www.ibm.com/privacy/
>

Thanks,
Dylan