All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] X86-64: Don't use pointer to out-of-scope variable in dump_trace()
@ 2011-01-24 21:41 Jesper Juhl
  2011-01-24 23:12 ` [tip:x86/urgent] x86-64: " tip-bot for Jesper Juhl
  0 siblings, 1 reply; 2+ messages in thread
From: Jesper Juhl @ 2011-01-24 21:41 UTC (permalink / raw)
  To: x86
  Cc: linux-kernel, Thomas Gleixner, Ingo Molnar, H. Peter Anvin,
	Frederic Weisbecker, Jiri Slaby, Soren Sandmann, Alexey Dobriyan

In arch/x86/kernel/dumpstack_64.c::dump_trace() we have this code:

...
  		if (!stack) {
  			unsigned long dummy;
  			stack = &dummy;
  			if (task && task != current)
  				stack = (unsigned long *)task->thread.sp;
  		}
  	
  		bp = stack_frame(task, regs);
  		/*
  		 * Print function call entries in all stacks, starting at the
  		 * current stack address. If the stacks consist of nested
  		 * exceptions
  		 */
  		tinfo = task_thread_info(task);

  		for (;;) {
  			char *id;
  			unsigned long *estack_end;
  			estack_end = in_exception_stack(cpu, (unsigned long)stack,
  							&used, &id);
...

You'll notice that we assign to 'stack' the address of the variable 
'dummy' which is only in-scope inside the 'if (!stack)'. So when we later 
access stack (at the end of the above, and assuming we did not take the 
'if (task && task != current)' branch) we'll be using the address of a 
variable that is no longer in scope. I believe this patch is the proper 
fix, but I freely admit that I'm not 100% certain.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
---
 dumpstack_64.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

  compile tested only.

diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
index 6410133..a6b6fcf 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -149,13 +149,13 @@ void dump_trace(struct task_struct *task,
 	unsigned used = 0;
 	struct thread_info *tinfo;
 	int graph = 0;
+	unsigned long dummy;
 	unsigned long bp;
 
 	if (!task)
 		task = current;
 
 	if (!stack) {
-		unsigned long dummy;
 		stack = &dummy;
 		if (task && task != current)
 			stack = (unsigned long *)task->thread.sp;


-- 
Jesper Juhl <jj@chaosbits.net>            http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [tip:x86/urgent] x86-64: Don't use pointer to out-of-scope variable in dump_trace()
  2011-01-24 21:41 [PATCH] X86-64: Don't use pointer to out-of-scope variable in dump_trace() Jesper Juhl
@ 2011-01-24 23:12 ` tip-bot for Jesper Juhl
  0 siblings, 0 replies; 2+ messages in thread
From: tip-bot for Jesper Juhl @ 2011-01-24 23:12 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: linux-kernel, hpa, mingo, jj, tglx, hpa

Commit-ID:  2e5aa6824d9e0248d734573dad8858a2cc279cfe
Gitweb:     http://git.kernel.org/tip/2e5aa6824d9e0248d734573dad8858a2cc279cfe
Author:     Jesper Juhl <jj@chaosbits.net>
AuthorDate: Mon, 24 Jan 2011 22:41:11 +0100
Committer:  H. Peter Anvin <hpa@linux.intel.com>
CommitDate: Mon, 24 Jan 2011 13:46:15 -0800

x86-64: Don't use pointer to out-of-scope variable in dump_trace()

In arch/x86/kernel/dumpstack_64.c::dump_trace() we have this code:

...
  		if (!stack) {
  			unsigned long dummy;
  			stack = &dummy;
  			if (task && task != current)
  				stack = (unsigned long *)task->thread.sp;
  		}

  		bp = stack_frame(task, regs);
  		/*
  		 * Print function call entries in all stacks, starting at the
  		 * current stack address. If the stacks consist of nested
  		 * exceptions
  		 */
  		tinfo = task_thread_info(task);

  		for (;;) {
  			char *id;
  			unsigned long *estack_end;
  			estack_end = in_exception_stack(cpu, (unsigned long)stack,
  							&used, &id);
...

You'll notice that we assign to 'stack' the address of the variable
'dummy' which is only in-scope inside the 'if (!stack)'. So when we later
access stack (at the end of the above, and assuming we did not take the
'if (task && task != current)' branch) we'll be using the address of a
variable that is no longer in scope. I believe this patch is the proper
fix, but I freely admit that I'm not 100% certain.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
LKML-Reference: <alpine.LNX.2.00.1101242232590.10252@swampdragon.chaosbits.net>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
---
 arch/x86/kernel/dumpstack_64.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
index 6410133..a6b6fcf 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -149,13 +149,13 @@ void dump_trace(struct task_struct *task,
 	unsigned used = 0;
 	struct thread_info *tinfo;
 	int graph = 0;
+	unsigned long dummy;
 	unsigned long bp;
 
 	if (!task)
 		task = current;
 
 	if (!stack) {
-		unsigned long dummy;
 		stack = &dummy;
 		if (task && task != current)
 			stack = (unsigned long *)task->thread.sp;

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-01-24 23:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-01-24 21:41 [PATCH] X86-64: Don't use pointer to out-of-scope variable in dump_trace() Jesper Juhl
2011-01-24 23:12 ` [tip:x86/urgent] x86-64: " tip-bot for Jesper Juhl

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.