lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ae2880e9-0d59-19fc-0d1f-80c2f011415f@redhat.com>
Date:   Wed, 17 Jan 2018 16:03:13 +0100
From:   Jerome Marchand <jmarchan@...hat.com>
To:     Catalin Marinas <catalin.marinas@....com>
Cc:     linux-arm-kernel@...ts.infradead.org,
        Pratyush Anand <pratyush.anand@...il.com>,
        Will Deacon <will.deacon@....com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] arm64: fix unwind_frame() for filtered out fn for
 function graph tracing

On 16/01/18 18:57, Catalin Marinas wrote:
> On Fri, Jan 12, 2018 at 11:48:32AM +0100, Jerome Marchand wrote:
>> diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
>> index 76809ccd309c..5a528c58ef68 100644
>> --- a/arch/arm64/kernel/stacktrace.c
>> +++ b/arch/arm64/kernel/stacktrace.c
>> @@ -59,6 +59,10 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
>>  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
>>  	if (tsk->ret_stack &&
>>  			(frame->pc == (unsigned long)return_to_handler)) {
>> +		WARN_ON(frame->graph == -1);
>> +		if (frame->graph < -1)
>> +			frame->graph += FTRACE_NOTRACE_DEPTH;
>> +
>>  		/*
>>  		 * This is a case where function graph tracer has
>>  		 * modified a return address (LR) in a stack frame
> 
> So do we still allow this to continue if graph == -1? The following line
> doesn't seem safe:
> 
> 		frame->pc = tsk->ret_stack[frame->graph--].ret;
> 

You're right. We probably should return a error (-EINVAL I guess) if
this happens. Note that this shouldn't happen here and if we're
confident enough that profile_pc() was the only faulty caller, we could
just drop the warning.

Jerome



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ