From: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
To: <linux@armlinux.org.uk>
Cc: <matthias.bgg@gmail.com>, <kstewart@linuxfoundation.org>,
<allison@lohutok.net>, <lvqiang.huang@unisoc.com>,
<gregkh@linuxfoundation.org>, <info@metux.net>,
<tglx@linutronix.de>, <linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>,
<linux-mediatek@lists.infradead.org>, <yj.chiang@mediatek.com>,
<mark-pk.tsai@mediatek.com>, <alix.wu@mediatek.com>,
<mike-sl.lin@mediatek.com>, <eddy.lin@mediatek.com>,
<phil.chang@mediatek.com>
Subject: [PATCH] ARM: fix race in for_each_frame
Date: Tue, 12 Nov 2019 21:29:38 +0800 [thread overview]
Message-ID: <20191112132937.19335-1-mark-pk.tsai@mediatek.com> (raw)
The sv_pc, which is saved in the stack, may be an invalid address
if the target thread is running on another processor in the meantime.
It will cause kernel crash at `ldr r2, [sv_pc, #-4]`.
Check if sv_pc is valid before use it like unwind_frame in
arch/arm/kernel/unwind.c.
Signed-off-by: Mike-SL Lin <mike-sl.lin@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
---
arch/arm/lib/backtrace.S | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/lib/backtrace.S b/arch/arm/lib/backtrace.S
index 582925238d65..84f06381bbfb 100644
--- a/arch/arm/lib/backtrace.S
+++ b/arch/arm/lib/backtrace.S
@@ -64,6 +64,11 @@ for_each_frame: tst frame, mask @ Check for address exceptions
sub sv_pc, sv_pc, offset @ Correct PC for prefetching
bic sv_pc, sv_pc, mask @ mask PC/LR for the mode
+ mov r0, sv_pc
+ bl kernel_text_address @ check if sv_pc is valid
+ cmp r0, #0 @ if sv_pc is not kernel text
+ beq 1006f @ address, abort backtrace
+
1003: ldr r2, [sv_pc, #-4] @ if stmfd sp!, {args} exists,
ldr r3, .Ldsi+4 @ adjust saved 'pc' back one
teq r3, r2, lsr #11 @ instruction
--
2.18.0
WARNING: multiple messages have this Message-ID (diff)
From: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
To: <linux@armlinux.org.uk>
Cc: kstewart@linuxfoundation.org, mike-sl.lin@mediatek.com,
alix.wu@mediatek.com, eddy.lin@mediatek.com,
gregkh@linuxfoundation.org, yj.chiang@mediatek.com,
phil.chang@mediatek.com, linux-kernel@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-arm-kernel@lists.infradead.org, mark-pk.tsai@mediatek.com,
matthias.bgg@gmail.com, tglx@linutronix.de, info@metux.net,
lvqiang.huang@unisoc.com, allison@lohutok.net
Subject: [PATCH] ARM: fix race in for_each_frame
Date: Tue, 12 Nov 2019 21:29:38 +0800 [thread overview]
Message-ID: <20191112132937.19335-1-mark-pk.tsai@mediatek.com> (raw)
The sv_pc, which is saved in the stack, may be an invalid address
if the target thread is running on another processor in the meantime.
It will cause kernel crash at `ldr r2, [sv_pc, #-4]`.
Check if sv_pc is valid before use it like unwind_frame in
arch/arm/kernel/unwind.c.
Signed-off-by: Mike-SL Lin <mike-sl.lin@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
---
arch/arm/lib/backtrace.S | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/lib/backtrace.S b/arch/arm/lib/backtrace.S
index 582925238d65..84f06381bbfb 100644
--- a/arch/arm/lib/backtrace.S
+++ b/arch/arm/lib/backtrace.S
@@ -64,6 +64,11 @@ for_each_frame: tst frame, mask @ Check for address exceptions
sub sv_pc, sv_pc, offset @ Correct PC for prefetching
bic sv_pc, sv_pc, mask @ mask PC/LR for the mode
+ mov r0, sv_pc
+ bl kernel_text_address @ check if sv_pc is valid
+ cmp r0, #0 @ if sv_pc is not kernel text
+ beq 1006f @ address, abort backtrace
+
1003: ldr r2, [sv_pc, #-4] @ if stmfd sp!, {args} exists,
ldr r3, .Ldsi+4 @ adjust saved 'pc' back one
teq r3, r2, lsr #11 @ instruction
--
2.18.0
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
To: <linux@armlinux.org.uk>
Cc: kstewart@linuxfoundation.org, mike-sl.lin@mediatek.com,
alix.wu@mediatek.com, eddy.lin@mediatek.com,
gregkh@linuxfoundation.org, yj.chiang@mediatek.com,
phil.chang@mediatek.com, linux-kernel@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-arm-kernel@lists.infradead.org, mark-pk.tsai@mediatek.com,
matthias.bgg@gmail.com, tglx@linutronix.de, info@metux.net,
lvqiang.huang@unisoc.com, allison@lohutok.net
Subject: [PATCH] ARM: fix race in for_each_frame
Date: Tue, 12 Nov 2019 21:29:38 +0800 [thread overview]
Message-ID: <20191112132937.19335-1-mark-pk.tsai@mediatek.com> (raw)
The sv_pc, which is saved in the stack, may be an invalid address
if the target thread is running on another processor in the meantime.
It will cause kernel crash at `ldr r2, [sv_pc, #-4]`.
Check if sv_pc is valid before use it like unwind_frame in
arch/arm/kernel/unwind.c.
Signed-off-by: Mike-SL Lin <mike-sl.lin@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
---
arch/arm/lib/backtrace.S | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/lib/backtrace.S b/arch/arm/lib/backtrace.S
index 582925238d65..84f06381bbfb 100644
--- a/arch/arm/lib/backtrace.S
+++ b/arch/arm/lib/backtrace.S
@@ -64,6 +64,11 @@ for_each_frame: tst frame, mask @ Check for address exceptions
sub sv_pc, sv_pc, offset @ Correct PC for prefetching
bic sv_pc, sv_pc, mask @ mask PC/LR for the mode
+ mov r0, sv_pc
+ bl kernel_text_address @ check if sv_pc is valid
+ cmp r0, #0 @ if sv_pc is not kernel text
+ beq 1006f @ address, abort backtrace
+
1003: ldr r2, [sv_pc, #-4] @ if stmfd sp!, {args} exists,
ldr r3, .Ldsi+4 @ adjust saved 'pc' back one
teq r3, r2, lsr #11 @ instruction
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2019-11-12 13:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 13:29 Mark-PK Tsai [this message]
2019-11-12 13:29 ` [PATCH] ARM: fix race in for_each_frame Mark-PK Tsai
2019-11-12 13:29 ` Mark-PK Tsai
2019-11-12 14:14 ` 黄吕强 (Lvqiang Huang)
2019-11-12 15:20 ` Mark-PK Tsai
2019-11-12 15:20 ` Mark-PK Tsai
2019-11-12 15:20 ` Mark-PK Tsai
2019-11-12 14:14 ` 黄吕强 (Lvqiang Huang)
2019-11-12 14:14 ` 黄吕强 (Lvqiang Huang)
2019-11-12 14:35 ` 黄吕强 (Lvqiang Huang)
2019-11-12 14:35 ` 黄吕强 (Lvqiang Huang)
2019-11-12 14:35 ` 黄吕强 (Lvqiang Huang)
2019-11-13 3:25 ` Mark-PK Tsai
2019-11-13 3:25 ` Mark-PK Tsai
2019-11-13 3:25 ` Mark-PK Tsai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191112132937.19335-1-mark-pk.tsai@mediatek.com \
--to=mark-pk.tsai@mediatek.com \
--cc=alix.wu@mediatek.com \
--cc=allison@lohutok.net \
--cc=eddy.lin@mediatek.com \
--cc=gregkh@linuxfoundation.org \
--cc=info@metux.net \
--cc=kstewart@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=lvqiang.huang@unisoc.com \
--cc=matthias.bgg@gmail.com \
--cc=mike-sl.lin@mediatek.com \
--cc=phil.chang@mediatek.com \
--cc=tglx@linutronix.de \
--cc=yj.chiang@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.