On Fri, Nov 15, 2013 at 12:19:07PM +0000, Konstantin Khlebnikov wrote: > get_wchan() is lockless. Task may wakeup at any time and change its own stack, > thus each next stack frame may be overwritten and filled with random stuff. > > /proc/$pid/stack interface had been disabled for non-current tasks, see [1] > But 'wchan' still allows to trigger stack frame unwinding on volatile stack. > > This patch fixes oops in unwind_frame() by adding stack pointer validation on > each step (as x86 code do), unwind_frame() already checks frame pointer. > > Also I've found another report of this oops on stackoverflow (irony).
For that comment alone: Acked-by: Will Deacon <[email protected]> [also, the patch looks sane to me]. Will > Signed-off-by: Konstantin Khlebnikov <[email protected]> > Cc: Vyacheslav Tyrtov <[email protected]> > Link: http://www.spinics.net/lists/arm-kernel/msg110589.html [1] > Link: > http://stackoverflow.com/questions/18479894/unwind-frame-cause-a-kernel-paging-error > --- > arch/arm/kernel/process.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c > index 94f6b05..92f7b15 100644 > --- a/arch/arm/kernel/process.c > +++ b/arch/arm/kernel/process.c > @@ -404,6 +404,7 @@ EXPORT_SYMBOL(dump_fpu); > unsigned long get_wchan(struct task_struct *p) > { > struct stackframe frame; > + unsigned long stack_page; > int count = 0; > if (!p || p == current || p->state == TASK_RUNNING) > return 0; > @@ -412,9 +413,11 @@ unsigned long get_wchan(struct task_struct *p) > frame.sp = thread_saved_sp(p); > frame.lr = 0; /* recovered from the stack */ > frame.pc = thread_saved_pc(p); > + stack_page = (unsigned long)task_stack_page(p); > do { > - int ret = unwind_frame(&frame); > - if (ret < 0) > + if (frame.sp < stack_page || > + frame.sp >= stack_page + THREAD_SIZE || > + unwind_frame(&frame) < 0) > return 0; > if (!in_sched_functions(frame.pc)) > return frame.pc; > > > _______________________________________________ > linux-arm-kernel mailing list > [email protected] > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
