Back to home page

OSCL-LXR
 
 

     

0001 .. SPDX-License-Identifier: GPL-2.0
0002 
0003 =============
0004 Kernel Stacks
0005 =============
0006 
0007 Kernel stacks on x86-64 bit
0008 ===========================
0009 
0010 Most of the text from Keith Owens, hacked by AK
0011 
0012 x86_64 page size (PAGE_SIZE) is 4K.
0013 
0014 Like all other architectures, x86_64 has a kernel stack for every
0015 active thread.  These thread stacks are THREAD_SIZE (2*PAGE_SIZE) big.
0016 These stacks contain useful data as long as a thread is alive or a
0017 zombie. While the thread is in user space the kernel stack is empty
0018 except for the thread_info structure at the bottom.
0019 
0020 In addition to the per thread stacks, there are specialized stacks
0021 associated with each CPU.  These stacks are only used while the kernel
0022 is in control on that CPU; when a CPU returns to user space the
0023 specialized stacks contain no useful data.  The main CPU stacks are:
0024 
0025 * Interrupt stack.  IRQ_STACK_SIZE
0026 
0027   Used for external hardware interrupts.  If this is the first external
0028   hardware interrupt (i.e. not a nested hardware interrupt) then the
0029   kernel switches from the current task to the interrupt stack.  Like
0030   the split thread and interrupt stacks on i386, this gives more room
0031   for kernel interrupt processing without having to increase the size
0032   of every per thread stack.
0033 
0034   The interrupt stack is also used when processing a softirq.
0035 
0036 Switching to the kernel interrupt stack is done by software based on a
0037 per CPU interrupt nest counter. This is needed because x86-64 "IST"
0038 hardware stacks cannot nest without races.
0039 
0040 x86_64 also has a feature which is not available on i386, the ability
0041 to automatically switch to a new stack for designated events such as
0042 double fault or NMI, which makes it easier to handle these unusual
0043 events on x86_64.  This feature is called the Interrupt Stack Table
0044 (IST).  There can be up to 7 IST entries per CPU. The IST code is an
0045 index into the Task State Segment (TSS). The IST entries in the TSS
0046 point to dedicated stacks; each stack can be a different size.
0047 
0048 An IST is selected by a non-zero value in the IST field of an
0049 interrupt-gate descriptor.  When an interrupt occurs and the hardware
0050 loads such a descriptor, the hardware automatically sets the new stack
0051 pointer based on the IST value, then invokes the interrupt handler.  If
0052 the interrupt came from user mode, then the interrupt handler prologue
0053 will switch back to the per-thread stack.  If software wants to allow
0054 nested IST interrupts then the handler must adjust the IST values on
0055 entry to and exit from the interrupt handler.  (This is occasionally
0056 done, e.g. for debug exceptions.)
0057 
0058 Events with different IST codes (i.e. with different stacks) can be
0059 nested.  For example, a debug interrupt can safely be interrupted by an
0060 NMI.  arch/x86_64/kernel/entry.S::paranoidentry adjusts the stack
0061 pointers on entry to and exit from all IST events, in theory allowing
0062 IST events with the same code to be nested.  However in most cases, the
0063 stack size allocated to an IST assumes no nesting for the same code.
0064 If that assumption is ever broken then the stacks will become corrupt.
0065 
0066 The currently assigned IST stacks are:
0067 
0068 * ESTACK_DF.  EXCEPTION_STKSZ (PAGE_SIZE).
0069 
0070   Used for interrupt 8 - Double Fault Exception (#DF).
0071 
0072   Invoked when handling one exception causes another exception. Happens
0073   when the kernel is very confused (e.g. kernel stack pointer corrupt).
0074   Using a separate stack allows the kernel to recover from it well enough
0075   in many cases to still output an oops.
0076 
0077 * ESTACK_NMI.  EXCEPTION_STKSZ (PAGE_SIZE).
0078 
0079   Used for non-maskable interrupts (NMI).
0080 
0081   NMI can be delivered at any time, including when the kernel is in the
0082   middle of switching stacks.  Using IST for NMI events avoids making
0083   assumptions about the previous state of the kernel stack.
0084 
0085 * ESTACK_DB.  EXCEPTION_STKSZ (PAGE_SIZE).
0086 
0087   Used for hardware debug interrupts (interrupt 1) and for software
0088   debug interrupts (INT3).
0089 
0090   When debugging a kernel, debug interrupts (both hardware and
0091   software) can occur at any time.  Using IST for these interrupts
0092   avoids making assumptions about the previous state of the kernel
0093   stack.
0094 
0095   To handle nested #DB correctly there exist two instances of DB stacks. On
0096   #DB entry the IST stackpointer for #DB is switched to the second instance
0097   so a nested #DB starts from a clean stack. The nested #DB switches
0098   the IST stackpointer to a guard hole to catch triple nesting.
0099 
0100 * ESTACK_MCE.  EXCEPTION_STKSZ (PAGE_SIZE).
0101 
0102   Used for interrupt 18 - Machine Check Exception (#MC).
0103 
0104   MCE can be delivered at any time, including when the kernel is in the
0105   middle of switching stacks.  Using IST for MCE events avoids making
0106   assumptions about the previous state of the kernel stack.
0107 
0108 For more details see the Intel IA32 or AMD AMD64 architecture manuals.
0109 
0110 
0111 Printing backtraces on x86
0112 ==========================
0113 
0114 The question about the '?' preceding function names in an x86 stacktrace
0115 keeps popping up, here's an indepth explanation. It helps if the reader
0116 stares at print_context_stack() and the whole machinery in and around
0117 arch/x86/kernel/dumpstack.c.
0118 
0119 Adapted from Ingo's mail, Message-ID: <20150521101614.GA10889@gmail.com>:
0120 
0121 We always scan the full kernel stack for return addresses stored on
0122 the kernel stack(s) [1]_, from stack top to stack bottom, and print out
0123 anything that 'looks like' a kernel text address.
0124 
0125 If it fits into the frame pointer chain, we print it without a question
0126 mark, knowing that it's part of the real backtrace.
0127 
0128 If the address does not fit into our expected frame pointer chain we
0129 still print it, but we print a '?'. It can mean two things:
0130 
0131  - either the address is not part of the call chain: it's just stale
0132    values on the kernel stack, from earlier function calls. This is
0133    the common case.
0134 
0135  - or it is part of the call chain, but the frame pointer was not set
0136    up properly within the function, so we don't recognize it.
0137 
0138 This way we will always print out the real call chain (plus a few more
0139 entries), regardless of whether the frame pointer was set up correctly
0140 or not - but in most cases we'll get the call chain right as well. The
0141 entries printed are strictly in stack order, so you can deduce more
0142 information from that as well.
0143 
0144 The most important property of this method is that we _never_ lose
0145 information: we always strive to print _all_ addresses on the stack(s)
0146 that look like kernel text addresses, so if debug information is wrong,
0147 we still print out the real call chain as well - just with more question
0148 marks than ideal.
0149 
0150 .. [1] For things like IRQ and IST stacks, we also scan those stacks, in
0151        the right order, and try to cross from one stack into another
0152        reconstructing the call chain. This works most of the time.
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!