Re: [PATCH] ARM: fix race in for_each_frame

From: Mark-PK Tsai
Date: Tue Nov 12 2019 - 22:26:02 EST


> Dear Mark,
> Thanks a lot for the reply.
>
> As said in last reply, sv_pc can be a module text, then more check needed.

If sv_pc is in module text area, kernel_text_address() returns true.

>
> And beside crash at 1003, we may also get crash at 1001, the frame is invalid. (The last sv_pv is valid and sv_frame is invalid), then more check needed.

There's a basic check for sv_fp at the end of 1004.
But I'm not sure is it enough to prevent the 1001 crash you mentioned.
Should we add a verify_stack for sv_fp?

>
> And we often show_data around the general proposal registers when kernel crash. When they contain an address mapping for a hw register but canÂt access because clock gated, it will crash again because do_bad() is involved. (continuous crash in arm and hang at die_lock in arm64)
>
> So, why not check the __ex_table in do_bad() ?
>

On our arm platform, kernel just die becuase the Unhandled fault in for_each_frame.
So I'd rather to fix it before the continuous crash happen.