From: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
To: <linux@armlinux.org.uk>
Cc: <matthias.bgg@gmail.com>, <kstewart@linuxfoundation.org>,
<allison@lohutok.net>, <lvqiang.huang@unisoc.com>,
<gregkh@linuxfoundation.org>, <info@metux.net>,
<tglx@linutronix.de>, <linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>,
<linux-mediatek@lists.infradead.org>, <yj.chiang@mediatek.com>,
<mark-pk.tsai@mediatek.com>, <alix.wu@mediatek.com>,
<mike-sl.lin@mediatek.com>, <eddy.lin@mediatek.com>,
<phil.chang@mediatek.com>
Subject: [PATCH] ARM: fix race in for_each_frame
Date: Tue, 12 Nov 2019 21:29:38 +0800 [thread overview]
Message-ID: <20191112132937.19335-1-mark-pk.tsai@mediatek.com> (raw)
The sv_pc, which is saved in the stack, may be an invalid address
if the target thread is running on another processor in the meantime.
It will cause kernel crash at `ldr r2, [sv_pc, #-4]`.
Check if sv_pc is valid before use it like unwind_frame in
arch/arm/kernel/unwind.c.
Signed-off-by: Mike-SL Lin <mike-sl.lin@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
---
arch/arm/lib/backtrace.S | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/lib/backtrace.S b/arch/arm/lib/backtrace.S
index 582925238d65..84f06381bbfb 100644
--- a/arch/arm/lib/backtrace.S
+++ b/arch/arm/lib/backtrace.S
@@ -64,6 +64,11 @@ for_each_frame: tst frame, mask @ Check for address exceptions
sub sv_pc, sv_pc, offset @ Correct PC for prefetching
bic sv_pc, sv_pc, mask @ mask PC/LR for the mode
+ mov r0, sv_pc
+ bl kernel_text_address @ check if sv_pc is valid
+ cmp r0, #0 @ if sv_pc is not kernel text
+ beq 1006f @ address, abort backtrace
+
1003: ldr r2, [sv_pc, #-4] @ if stmfd sp!, {args} exists,
ldr r3, .Ldsi+4 @ adjust saved 'pc' back one
teq r3, r2, lsr #11 @ instruction
--
2.18.0
next reply other threads:[~2019-11-12 13:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 13:29 Mark-PK Tsai [this message]
2019-11-12 14:14 ` [PATCH] ARM: fix race in for_each_frame 黄吕强 (Lvqiang Huang)
2019-11-12 14:35 ` 黄吕强 (Lvqiang Huang)
2019-11-13 3:25 ` Mark-PK Tsai
2019-11-12 15:20 ` Mark-PK Tsai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191112132937.19335-1-mark-pk.tsai@mediatek.com \
--to=mark-pk.tsai@mediatek.com \
--cc=alix.wu@mediatek.com \
--cc=allison@lohutok.net \
--cc=eddy.lin@mediatek.com \
--cc=gregkh@linuxfoundation.org \
--cc=info@metux.net \
--cc=kstewart@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=lvqiang.huang@unisoc.com \
--cc=matthias.bgg@gmail.com \
--cc=mike-sl.lin@mediatek.com \
--cc=phil.chang@mediatek.com \
--cc=tglx@linutronix.de \
--cc=yj.chiang@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).