s390/entry: Add CFI statements to pgm_check_handler

iii-i · iii-i · commit 3046003eb996 · 2025-10-22T22:16:13.000+02:00
When debugging kernel crashes using GDB, it is helpful to be able to obtain a backtrace after pgm_check_handler(). Currently this does not work, because pgm_check_handler() lacks CFI. Add missing CFI statements. Old PSW should be obtained from lowcore, which is not addressed relative to CFA. GNU assembler does not have directives for this, so synthesize a DW_OP_const8u expression using .cfi_escape. Make use of uleb128() and data8() directives introduced in binutils 2.45 for this; add a fallback in case they are not available. Introduce CFI_OFFSET_MULTIPLE() and CFI_RESTORE_MULTIPLE() macros for describing the effects of STMG and LMG. Unfortunately .cfi_offset and .cfi_restore do not work with variables like .Lreg, so synthesize the respective instructions using .cfi_escape. With this unwinding begins to work. For example, manually corrupting do_execveat_common()'s filename and setting a breakpoint on __do_pgm_check() produces the following backtrace: Thread 8 hit Breakpoint 3, __do_pgm_check (regs=0x37fe0a23b18) at ./arch/s390/include/asm/lowcore.h:224 224 asm_inline( (gdb) bt #0 __do_pgm_check (regs=0x37fe0a23b18) at ./arch/s390/include/asm/lowcore.h:224 #1 0x000003ffe0cc08f4 in pgm_check_handler () at arch/s390/kernel/entry.S:339 #2 0x000003ffe04f2510 in __set_nameidata (p=0x37fe0a23c78, dfd=<optimized out>, name=0xfffffff666666667) at fs/namei.c:668 #3 set_nameidata (p=0x37fe0a23c78, dfd=<optimized out>, name=0xfffffff666666667, root=0x0 <fini>) at fs/namei.c:679 #4 do_filp_open (dfd=-100, pathname=0xfffffff666666667, op=0x37fe0a23db0, op@entry=0x3ffe04e5cc2 <do_open_execat+178>) at fs/namei.c:4160 #5 0x000003ffe04e5c72 in do_open_execat (fd=fd@entry=-100, name=name@entry=0xfffffff666666667, flags=flags@entry=0) at fs/exec.c:783 torvalds#6 0x000003ffe04e5dee in alloc_bprm (fd=fd@entry=-100, filename=filename@entry=0xfffffff666666667, flags=0) at fs/exec.c:1410 torvalds#7 0x000003ffe04e6040 in do_execveat_common (fd=fd@entry=-100, filename=0xfffffff666666667, argv=..., envp=..., envp@entry=..., flags=flags@entry=0) at fs/exec.c:1811 torvalds#8 0x000003ffe04e69c6 in do_execve (filename=<optimized out>, __argv=<optimized out>, __envp=0x2aa21a6bb60) at fs/exec.c:1934 torvalds#9 __do_sys_execve (filename=<optimized out>, argv=<optimized out>, envp=0x2aa21a6bb60) at fs/exec.c:2010 torvalds#10 __se_sys_execve (filename=<optimized out>, argv=<optimized out>, envp=2929732270944) at fs/exec.c:2005 torvalds#11 __s390x_sys_execve (regs=<optimized out>) at fs/exec.c:2005 torvalds#12 0x000003ffe0cb3cb6 in __do_syscall (regs=0x37fe0a23f40, per_trap=<optimized out>) at arch/s390/kernel/syscall.c:125 torvalds#13 0x000003ffe0cc078e in system_call () at arch/s390/kernel/entry.S:261 Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
diff --git a/arch/s390/Makefile b/arch/s390/Makefile
@@ -103,6 +103,8 @@ endif
 
 # Test CFI features of binutils
 cfi := $(call as-instr,.cfi_startproc\n.cfi_val_offset 15$(comma)-160\n.cfi_endproc,-DCONFIG_AS_CFI_VAL_OFFSET=1)
+cfi += $(call as-instr,.cfi_startproc\n.cfi_escape uleb128(0)\n.cfi_endproc,-DCONFIG_AS_CFI_ESCAPE_LEB128=1)
+cfi += $(call as-instr,.cfi_startproc\n.cfi_escape data8(0)\n.cfi_endproc,-DCONFIG_AS_CFI_ESCAPE_DATA=1)
 
 KBUILD_CFLAGS	+= -mpacked-stack -mbackchain -msoft-float $(cflags-y)
 KBUILD_CFLAGS	+= -pipe -Wno-sign-compare
diff --git a/arch/s390/include/asm/dwarf.h b/arch/s390/include/asm/dwarf.h
@@ -33,6 +33,45 @@
 	.cfi_sections .eh_frame, .debug_frame
 #endif
 
+#define DW_CFA_restore_extended 0x06
+#define DW_CFA_expression 0x10
+#define DW_CFA_offset_extended_sf 0x11
+
+#define DW_OP_const8u 0x0e
+
+.macro CFI_GLOBAL reg, addr
+#if defined(CONFIG_AS_CFI_ESCAPE_LEB128) && defined(CONFIG_AS_CFI_ESCAPE_DATA)
+.cfi_escape DW_CFA_expression, uleb128(\reg), 9, DW_OP_const8u, data8(\addr)
+#else
+.cfi_undefined \reg
+#endif
+.endm
+
+.macro CFI_GLOBAL_MULTIPLE reg1, reg2, addr
+.set .Lreg, (\reg1)
+.rept (\reg2)-(\reg1)+1
+	CFI_GLOBAL .Lreg, (\addr)+(.Lreg-(\reg1))*8
+	.set .Lreg, .Lreg+1
+.endr
+.endm
+
+.macro CFI_OFFSET_MULTIPLE reg1, reg2, off
+.set .Lreg, (\reg1)
+.rept (\reg2)-(\reg1)+1
+	.cfi_escape DW_CFA_offset_extended_sf, uleb128(.Lreg), \
+		    sleb128(-(\off)/8-(.Lreg-(\reg1)))
+	.set .Lreg, .Lreg+1
+.endr
+.endm
+
+.macro CFI_RESTORE_MULTIPLE reg1, reg2
+.set .Lreg, (\reg1)
+.rept (\reg2)-(\reg1)+1
+	.cfi_escape DW_CFA_restore_extended, uleb128(.Lreg)
+	.set .Lreg, .Lreg+1
+.endr
+.endm
+
 #endif	/* __ASSEMBLER__ */
 
 #endif	/* _ASM_S390_DWARF_H */
diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S
@@ -289,7 +289,10 @@ SYM_CODE_END(ret_from_fork)
  */
 
 SYM_CODE_START(pgm_check_handler)
+	CFI_STARTPROC
+	CFI_GLOBAL_MULTIPLE 64,65,__LC_PGM_OLD_PSW
 	STMG_LC	%r8,%r15,__LC_SAVE_AREA
+	CFI_GLOBAL_MULTIPLE 8,15,__LC_SAVE_AREA
 	GET_LC	%r13
 	stpt	__LC_SYS_ENTER_TIMER(%r13)
 	BPOFF
@@ -317,9 +320,12 @@ SYM_CODE_START(pgm_check_handler)
 	stg	%r10,__PT_FLAGS(%r11)
 	xc	__SF_BACKCHAIN(8,%r15),__SF_BACKCHAIN(%r15)
 	stmg	%r0,%r7,__PT_R0(%r11)
+	CFI_OFFSET_MULTIPLE 0,7,__PT_R0
 	mvc	__PT_R8(64,%r11),__LC_SAVE_AREA(%r13)
+	CFI_OFFSET_MULTIPLE 8,15,__PT_R0+64
 	mvc	__PT_LAST_BREAK(8,%r11),__LC_PGM_LAST_BREAK(%r13)
 	stmg	%r8,%r9,__PT_PSW(%r11)
+	CFI_OFFSET_MULTIPLE 64,65,__PT_PSW
 	# clear user controlled registers to prevent speculative use
 	xgr	%r0,%r0
 	xgr	%r1,%r1
@@ -338,9 +344,12 @@ SYM_CODE_START(pgm_check_handler)
 	stpt	__LC_EXIT_TIMER(%r13)
 .Lpgm_exit_kernel:
 	mvc	__LC_RETURN_PSW(16,%r13),STACK_FRAME_OVERHEAD+__PT_PSW(%r15)
+	CFI_GLOBAL_MULTIPLE 64,65,__LC_RETURN_PSW
 	LBEAR	STACK_FRAME_OVERHEAD+__PT_LAST_BREAK(%r15)
 	lmg	%r0,%r15,STACK_FRAME_OVERHEAD+__PT_R0(%r15)
+	CFI_RESTORE_MULTIPLE 0,15
 	LPSWEY	__LC_RETURN_PSW,__LC_RETURN_LPSWE
+	CFI_ENDPROC
 
 #
 # single stepped system call
