Re: [PATCH] ARM: fix race in for_each_frame

From: "黄吕强 (Lvqiang Huang)" <lvqiang.huang@unisoc.com>
To: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Cc: "kstewart@linuxfoundation.org" <kstewart@linuxfoundation.org>,
	"alix.wu@mediatek.com" <alix.wu@mediatek.com>,
	"楚恩来 (Enlai Chu)" <enlai.chu@unisoc.com>,
	"eddy.lin@mediatek.com" <eddy.lin@mediatek.com>,
	"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
	"yj.chiang@mediatek.com" <yj.chiang@mediatek.com>,
	"phil.chang@mediatek.com" <phil.chang@mediatek.com>,
	"linux@armlinux.org.uk" <linux@armlinux.org.uk>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-mediatek@lists.infradead.org"
	<linux-mediatek@lists.infradead.org>,
	"linux-arm-kernel@lists.infradead.org"
	<linux-arm-kernel@lists.infradead.org>,
	"matthias.bgg@gmail.com" <matthias.bgg@gmail.com>,
	"tglx@linutronix.de" <tglx@linutronix.de>,
	"info@metux.net" <info@metux.net>,
	"mike-sl.lin@mediatek.com" <mike-sl.lin@mediatek.com>,
	"allison@lohutok.net" <allison@lohutok.net>
Subject: Re: [PATCH] ARM: fix race in for_each_frame
Date: Tue, 12 Nov 2019 14:14:54 +0000	[thread overview]
Message-ID: <C1108AB0-9156-426F-A933-486B4F5C91CF@unisoc.com> (raw)
In-Reply-To: <20191112132937.19335-1-mark-pk.tsai@mediatek.com>

> 在 2019年11月12日，21:31，Mark-PK Tsai <mark-pk.tsai@mediatek.com> 写道：
> 
> The sv_pc, which is saved in the stack, may be an invalid address
> if the target thread is running on another processor in the meantime.
> It will cause kernel crash at `ldr r2, [sv_pc, #-4]`.
> 
> Check if sv_pc is valid before use it like unwind_frame in
> arch/arm/kernel/unwind.c.
> 
> Signed-off-by: Mike-SL Lin <mike-sl.lin@mediatek.com>
> Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
> ---
> arch/arm/lib/backtrace.S | 5 +++++
> 1 file changed, 5 insertions(+)
> 
> diff --git a/arch/arm/lib/backtrace.S b/arch/arm/lib/backtrace.S
> index 582925238d65..84f06381bbfb 100644
> --- a/arch/arm/lib/backtrace.S
> +++ b/arch/arm/lib/backtrace.S
> @@ -64,6 +64,11 @@ for_each_frame:    tst    frame, mask        @ Check for address exceptions
>        sub    sv_pc, sv_pc, offset    @ Correct PC for prefetching
>        bic    sv_pc, sv_pc, mask    @ mask PC/LR for the mode
> 
> +        mov    r0, sv_pc
> +        bl    kernel_text_address    @ check if sv_pc is valid
> +        cmp    r0, #0            @ if sv_pc is not kernel text
> +        beq    1006f            @ address, abort backtrace
> +

The sv_pc can be a kernel module text. 

> 1003:        ldr    r2, [sv_pc, #-4]    @ if stmfd sp!, {args} exists,
>        ldr    r3, .Ldsi+4        @ adjust saved 'pc' back one
>        teq    r3, r2, lsr #11        @ instruction
> -- 
> 2.18.0

============================================================================
This email (including its attachments) is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. Unauthorized use, dissemination, distribution or copying of this email or the information herein or taking any action in reliance on the contents of this email or the information herein, by anyone other than the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, is strictly prohibited. If you are not the intended recipient, please do not read, copy, use or disclose any part of this e-mail to others. Please notify the sender immediately and permanently delete this e-mail and any attachments if you received it in error. Internet communications cannot be guaranteed to be timely, secure, error-free or virus-free. The sender does not accept liability for any errors or omissions. 
本邮件及其附件具有保密性质，受法律保护不得泄露，仅发送给本邮件所指特定收件人。严禁非经授权使用、宣传、发布或复制本邮件或其内容。若非该特定收件人，请勿阅读、复制、 使用或披露本邮件的任何内容。若误收本邮件，请从系统中永久性删除本邮件及所有附件，并以回复邮件的方式即刻告知发件人。无法保证互联网通信及时、安全、无误或防毒。发件人对任何错漏均不承担责任。
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek