[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1188540238.6004.28.camel@localhost.localdomain>
Date: Fri, 31 Aug 2007 16:03:58 +1000
From: Rusty Russell <rusty@...tcorp.com.au>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org, lguest <lguest@...abs.org>,
Frederik Deweerdt <deweerdt@...e.fr>, Andi Kleen <ak@....de>
Subject: Re: [PATCH] Fix out-by-one error in traps.c
On Thu, 2007-08-30 at 21:44 -0700, Linus Torvalds wrote:
>
> On Fri, 31 Aug 2007, Rusty Russell wrote:
> >
> > We don't care if ebp is on the stack, we care about ebp + 4. Without
> > this, lguest (with CONFIG_DEBUG_LOCKDEP) can touch a page unmapped by
> > CONFIG_DEBUG_PAGEALLOC.
>
> Hmm.. This *really* cannot happen with a normal kernel - it implies that
> the stack has crossed into an invalid page.
AFAICT, a corrupt stack could lead us to touch a page which isn't
mapped. If we assume the stack isn't corrupt, we don't have to do the
valid_stack_ptr() check at all...
> Why is that allowed with lguest? What kind of code could validly *ever*
> come in here and cause problems?
head.S pushes a "$0" on the stack to stop the unwinder, lguest doesn't.
Here's the lguest fix, but I still think the real fix posted previously
is more important.
Cheers,
Rusty.
===
lguest doesn't terminate stack, upsets unwinder
Copy head.S, which puts a 0 on the stack to terminate ebp-chasing
backtrace code.
Signed-off-by: Rusty Russell <rusty@...tcorp.com.au>
diff -r 926e5cc964fd drivers/lguest/lguest_asm.S
--- a/drivers/lguest/lguest_asm.S Fri Aug 31 08:02:08 2007 +1000
+++ b/drivers/lguest/lguest_asm.S Fri Aug 31 16:01:25 2007 +1000
@@ -19,6 +19,8 @@
movl $(init_thread_union+THREAD_SIZE),%esp
movl %esi, %eax
addl $__PAGE_OFFSET, %eax
+ /* Fake value to stop backtraces with CONFIG_FRAME_POINTER */
+ pushl $0
jmp lguest_init
/*G:055 We create a macro which puts the assembler code between lgstart_ and
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists