lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20240228073247.13102-1-haibo.li@mediatek.com>
Date: Wed, 28 Feb 2024 15:32:47 +0800
From: Haibo Li <haibo.li@...iatek.com>
To: Russell King <linux@...linux.org.uk>, Alexandre Mergnat
	<amergnat@...libre.com>, Linus Walleij <linus.walleij@...aro.org>
CC: Matthias Brugger <matthias.bgg@...il.com>, AngeloGioacchino Del Regno
	<angelogioacchino.delregno@...labora.com>, Haibo Li <haibo.li@...iatek.com>,
	"Russell King (Oracle)" <rmk+kernel@...linux.org.uk>,
	<linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
	<linux-mediatek@...ts.infradead.org>, <xiaoming.yu@...iatek.com>
Subject: [PATCH] ARM: unwind: fix unwind started from IRQ stack in THUMB2 kernel

When unwinds started from IRQ stack,call_with_stack is the only
place to do stack switch.
It need to identify call_with_stack when unwinding.

In thumb2 kernel,it fails to identify call_with_stack.
In practice,(u32)&call_with_stack has bit 0 set.

	prel31_to_addr(&idx->addr_offset) is 0x806ed518,
	while (u32)&call_with_stack is 0x806ed519.
So it is impossible to do stack switch.

dump_stack from IRQ stack gets below result:
..
 call_timer_fn from __run_timers+0x163/0x25c
 __run_timers from run_timer_softirq+0x15/0x24
 run_timer_softirq from __do_softirq+0xe3/0x232
 __do_softirq from __irq_exit_rcu+0x3f/0xac
 __irq_exit_rcu from irq_exit+0x7/0xe
 irq_exit from call_with_stack+0xd/0x10
..
The stacktrace ends with call_with_stack.

Since bit 0 of pc in thumb2 is always 0,skip bit 0 when do compraing.
Then we get expected stacktrace:
..
 call_timer_fn from __run_timers+0x163/0x25c
 __run_timers from run_timer_softirq+0x15/0x24
 run_timer_softirq from __do_softirq+0xe3/0x232
 __do_softirq from __irq_exit_rcu+0x3f/0xac
 __irq_exit_rcu from irq_exit+0x7/0xe
 irq_exit from call_with_stack+0xd/0x10
 call_with_stack from __irq_svc+0x93/0xb6
Exception stack(0xf0875f60 to 0xf0875fa8)
5f60: ****
5f80: ****
5fa0: ****
 __irq_svc from arch_local_irq_enable+0x2/0x4
 arch_local_irq_enable from do_idle+0xad/0x1f6
..

Signed-off-by: Haibo Li <haibo.li@...iatek.com>
---
 arch/arm/kernel/unwind.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/kernel/unwind.c b/arch/arm/kernel/unwind.c
index 9d2192156087..89e1f440082c 100644
--- a/arch/arm/kernel/unwind.c
+++ b/arch/arm/kernel/unwind.c
@@ -482,7 +482,8 @@ int unwind_frame(struct stackframe *frame)
 
 	ctrl.check_each_pop = 0;
 
-	if (prel31_to_addr(&idx->addr_offset) == (u32)&call_with_stack) {
+	if (prel31_to_addr(&idx->addr_offset) ==
+		((u32)&call_with_stack & (~0x01))) {
 		/*
 		 * call_with_stack() is the only place where we permit SP to
 		 * jump from one stack to another, and since we know it is
-- 
2.18.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ