Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1ffe199b authored by James Morse's avatar James Morse Committed by Will Deacon
Browse files

arm64: when walking onto the task stack, check sp & fp are in current->stack 



When unwind_frame() reaches the bottom of the irq_stack, the last fp
points to the original task stack. unwind_frame() uses
IRQ_STACK_TO_TASK_STACK() to find the sp value. If either values is
wrong, we may end up walking a corrupt stack.

Check these values are sane by testing if they are both on the stack
pointed to by current->stack.

Signed-off-by: default avatarJames Morse <james.morse@arm.com>
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
parent aa4d5d3c

arch/arm64/kernel/stacktrace.c

+10 −2
Original line number Diff line number Diff line
@@ -71,9 +71,17 @@ int notrace unwind_frame(struct stackframe *frame) 
	 * to task stack.

	 * If we reach the end of the stack - and its an interrupt stack,

	 * read the original task stack pointer from the dummy frame.

	 *

	 * Check the frame->fp we read from the bottom of the irq_stack,

	 * and the original task stack pointer are both in current->stack.

	 */

	if (frame->sp == irq_stack_ptr)

		frame->sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr);

	if (frame->sp == irq_stack_ptr) {

		unsigned long orig_sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr);



		if(object_is_on_stack((void *)orig_sp) &&

		   object_is_on_stack((void *)frame->fp))

			frame->sp = orig_sp;

	}



	return 0;

}