Re: [PATCH] riscv: fix out of bounds in walk_stackframe
From: Conor Dooley
Date: Tue Sep 26 2023 - 07:12:53 EST
Hey Edward,
Where did you come up with the CC list for this patch from? Please run
get_maintainer.pl on your patches and CC the output. You've not CCed any
relevant developers on this mail :(
On Tue, Sep 26, 2023 at 06:59:50PM +0800, Edward AD wrote:
> Increase the check on the frame after assigning its value. This is to prevent
> frame access from crossing boundaries.
>
> Reported-and-tested-by: syzbot+8d2757d62d403b2d9275@xxxxxxxxxxxxxxxxxxxxxxxxx
Please also add a Fixes: tag & a Closes: tag with a link to the report
when you do so.
Thanks,
Conor.
> Signed-off-by: Edward AD <twuufnxlz@xxxxxxxxx>
> ---
> arch/riscv/kernel/stacktrace.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c
> index 64a9c093aef9..53bd18672329 100644
> --- a/arch/riscv/kernel/stacktrace.c
> +++ b/arch/riscv/kernel/stacktrace.c
> @@ -54,6 +54,8 @@ void notrace walk_stackframe(struct task_struct *task, struct pt_regs *regs,
> break;
> /* Unwind stack frame */
> frame = (struct stackframe *)fp - 1;
> + if (!virt_addr_valid(frame))
> + break;
> sp = fp;
> if (regs && (regs->epc == pc) && (frame->fp & 0x7)) {
> fp = frame->ra;
> --
> 2.25.1
>
Attachment:
signature.asc
Description: PGP signature