evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

arm64: when walking onto the task stack, check sp & fp are in current->stack

Browse source 
When unwind_frame() reaches the bottom of the irq_stack, the last fp
points to the original task stack. unwind_frame() uses
IRQ_STACK_TO_TASK_STACK() to find the sp value. If either values is
wrong, we may end up walking a corrupt stack.

Check these values are sane by testing if they are both on the stack
pointed to by current->stack.

Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
(cherry picked from commit 1ffe199b1c9b72a8e752a9ae2a7af10128ab2ca1)
Signed-off-by: Alex Shi <alex.shi@linaro.org>
This commit is contained in:
James Morse 2015-12-10 10:22:40 +00:00 committed by Alex Shi
parent 95e1db8bd7
commit e330d15430
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
arch/arm64/kernel/stacktrace.c
View file

@ -71,9 +71,17 @@ int notrace unwind_frame(struct stackframe *frame)
* to task stack. * to task stack.
* If we reach the end of the stack - and its an interrupt stack, * If we reach the end of the stack - and its an interrupt stack,
* read the original task stack pointer from the dummy frame. * read the original task stack pointer from the dummy frame.
*
* Check the frame->fp we read from the bottom of the irq_stack,
* and the original task stack pointer are both in current->stack.
*/ */
if (frame->sp == irq_stack_ptr) if (frame->sp == irq_stack_ptr) {
frame->sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr); unsigned long orig_sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr);
if(object_is_on_stack((void *)orig_sp) &&
object_is_on_stack((void *)frame->fp))
frame->sp = orig_sp;
}
return 0; return 0;
} }