[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <67969f7f-1c2d-c287-dbdb-4ce21bd8ef23@linux.microsoft.com>
Date: Thu, 6 May 2021 10:21:37 -0500
From: "Madhavan T. Venkataraman" <madvenka@...ux.microsoft.com>
To: Mark Brown <broonie@...nel.org>
Cc: jpoimboe@...hat.com, mark.rutland@....com, jthierry@...hat.com,
catalin.marinas@....com, will@...nel.org, jmorris@...ei.org,
pasha.tatashin@...een.com, linux-arm-kernel@...ts.infradead.org,
live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v3 2/4] arm64: Check the return PC against unreliable
code sections
On 5/6/21 8:45 AM, Mark Brown wrote:
> On Wed, May 05, 2021 at 01:48:21PM -0500, Madhavan T. Venkataraman wrote:
>> On 5/5/21 11:46 AM, Mark Brown wrote:
>
>>> I think that works even if it's hard to love the goto, might want some
>>> defensiveness to ensure we can't somehow end up in an infinite loop with
>>> a sufficiently badly formed stack.
>
>> I could do something like this:
>
>> unwind_frame()
>> {
>> int i;
>> ...
>>
>> for (i = 0; i < MAX_CHECKS; i++) {
>> if (!check_frame(tsk, frame))
>> break;
>> }
>
> I think that could work, yes. Have to see the actual code (and other
> people's opinions!).
>
>> If this is acceptable, then the only question is - what should be the value of
>> MAX_CHECKS (I will rename it to something more appropriate)?
>
> I'd expect something like 10 to be way more than we'd ever need, or we
> could define it down to the 2 checks we expect to be possible ATM to be
> conservative. I'm tempted to be permissive if we have sufficient other
> checks but I'm not 100% sure on that.
>
OK. I will implement these changes for version 4 and send it out so this
whole thing can be reviewed again with the actual changes in front of us.
Madhavan
Powered by blists - more mailing lists