[PATCH] ARM: fix race in for_each_frame

From: Mark-PK Tsai
Date: Tue Nov 12 2019 - 08:31:13 EST

Next message: Benoit Parrot: "Re: [Patch v2 12/20] media: ti-vpe: cal: Add DRA76x support"
Previous message: Jan Kara: "Re: [PATCH 2/2] fs: Move swap_[de]activate to file_operations"
Next in thread: 黄吕强 (Lvqiang Huang): "Re: [PATCH] ARM: fix race in for_each_frame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The sv_pc, which is saved in the stack, may be an invalid address
if the target thread is running on another processor in the meantime.
It will cause kernel crash at `ldr r2, [sv_pc, #-4]`.

Check if sv_pc is valid before use it like unwind_frame in
arch/arm/kernel/unwind.c.

Signed-off-by: Mike-SL Lin <mike-sl.lin@xxxxxxxxxxxx>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@xxxxxxxxxxxx>
---
arch/arm/lib/backtrace.S | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/arch/arm/lib/backtrace.S b/arch/arm/lib/backtrace.S
index 582925238d65..84f06381bbfb 100644
--- a/arch/arm/lib/backtrace.S
+++ b/arch/arm/lib/backtrace.S
@@ -64,6 +64,11 @@ for_each_frame: tst frame, mask @ Check for address exceptions
sub sv_pc, sv_pc, offset @ Correct PC for prefetching
bic sv_pc, sv_pc, mask @ mask PC/LR for the mode

+ mov r0, sv_pc
+ bl kernel_text_address @ check if sv_pc is valid
+ cmp r0, #0 @ if sv_pc is not kernel text
+ beq 1006f @ address, abort backtrace
+
1003: ldr r2, [sv_pc, #-4] @ if stmfd sp!, {args} exists,
ldr r3, .Ldsi+4 @ adjust saved 'pc' back one
teq r3, r2, lsr #11 @ instruction
--
2.18.0

Next message: Benoit Parrot: "Re: [Patch v2 12/20] media: ti-vpe: cal: Add DRA76x support"
Previous message: Jan Kara: "Re: [PATCH 2/2] fs: Move swap_[de]activate to file_operations"
Next in thread: 黄吕强 (Lvqiang Huang): "Re: [PATCH] ARM: fix race in for_each_frame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]