redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/arch/arm/kernel
History
Vincent Whitchurch 47634c0fc9 ARM: 8948/1: Prevent OOB access in stacktrace 
[ Upstream commit 40ff1ddb55 ]

The stacktrace code can read beyond the stack size, when it attempts to
read pt_regs from exception frames.

This can happen on normal, non-corrupt stacks.  Since the unwind
information in the extable is not correct for function prologues, the
unwinding code can return data from the stack which is not actually the
caller function address, and if in_entry_text() happens to succeed on
this value, we can end up reading data from outside the task's stack
when attempting to read pt_regs, since there is no bounds check.

Example:

 [<8010e729>] (unwind_backtrace) from [<8010a9c9>] (show_stack+0x11/0x14)
 [<8010a9c9>] (show_stack) from [<8057d8d7>] (dump_stack+0x87/0xac)
 [<8057d8d7>] (dump_stack) from [<8012271d>] (tasklet_action_common.constprop.4+0xa5/0xa8)
 [<8012271d>] (tasklet_action_common.constprop.4) from [<80102333>] (__do_softirq+0x11b/0x31c)
 [<80102333>] (__do_softirq) from [<80122485>] (irq_exit+0xad/0xd8)
 [<80122485>] (irq_exit) from [<8015f3d7>] (__handle_domain_irq+0x47/0x84)
 [<8015f3d7>] (__handle_domain_irq) from [<8036a523>] (gic_handle_irq+0x43/0x78)
 [<8036a523>] (gic_handle_irq) from [<80101a49>] (__irq_svc+0x69/0xb4)
 Exception stack(0xeb491f58 to 0xeb491fa0)
 1f40:                                                       7eb14794 00000000
 1f60: ffffffff 008dd32c 008dd324 ffffffff 008dd314 0000002a 801011e4 eb490000
 1f80: 0000002a 7eb1478c 50c5387d eb491fa8 80101001 8023d09c 40080033 ffffffff
 [<80101a49>] (__irq_svc) from [<8023d09c>] (do_pipe2+0x0/0xac)
 [<8023d09c>] (do_pipe2) from [<ffffffff>] (0xffffffff)
 Exception stack(0xeb491fc8 to 0xeb492010)
 1fc0:                   008dd314 0000002a 00511ad8 008de4c8 7eb14790 7eb1478c
 1fe0: 00511e34 7eb14774 004c8557 76f44098 60080030 7eb14794 00000000 00000000
 2000: 00000001 00000000 ea846c00 ea847cc0

In this example, the stack limit is 0xeb492000, but 16 bytes outside the
stack have been read.

Fix it by adding bounds checks.

Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-10-01 13:17:29 +02:00
..
.gitignore
Makefile ARM: bugs: prepare processor bug infrastructure 2018-05-31 10:39:18 +01:00
arch_timer.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
armksyms.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
asm-offsets.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atags.h ARM: mark setup_machine_tags() stub as __init __noreturn 2019-05-14 19:52:48 -07:00
atags_compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atags_parse.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atags_proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bios32.c PCI: Remove PCI_REASSIGN_ALL_RSRC use on arm and arm64 2017-12-18 23:07:43 -06:00
bugs.c treewide: fix typos of SPDX-License-Identifier 2019-06-01 18:29:58 +02:00
cpuidle.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 159 2019-05-30 11:26:37 -07:00
crash_dump.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
debug.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
devtree.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
dma-isa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
early_printk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
efi.c mm/pgtable: drop pgtable_t variable from pte_fn_t functions 2019-07-12 11:05:46 -07:00
elf.c Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2017-11-16 12:50:35 -08:00
entry-armv.S ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h 2020-06-03 08:21:18 +02:00
entry-common.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
entry-ftrace.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
entry-header.S ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h 2020-06-03 08:21:18 +02:00
entry-v7m.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
fiq.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fiqasm.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
ftrace.c ARM: function_graph: Simplify with function_graph_enter() 2018-11-27 20:29:52 -05:00
head-common.S ARM: 8914/1: NOMMU: Fix exc_ret for XIP 2019-10-10 22:23:20 +01:00
head-inflate-data.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
head-nommu.S ARM: 8914/1: NOMMU: Fix exc_ret for XIP 2019-10-10 22:23:20 +01:00
head.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
hibernate.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
hw_breakpoint.c ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints 2020-08-05 09:59:42 +02:00
hyp-stub.S ARM: 8955/1: virt: Relax arch timer version check during early boot 2020-02-05 21:22:49 +00:00
insn.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
io.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
isa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
iwmmxt.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
jump_label.c jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
kgdb.c kgdb/treewide: constify struct kgdb_arch arch_kgdb_ops 2018-12-30 08:33:06 +00:00
machine_kexec.c ARM: avoid Cortex-A9 livelock on tight dmb loops 2019-02-01 22:05:50 +00:00
module-plts.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
module.c Modules updates for v5.3 2019-07-18 12:06:57 -07:00
module.lds License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
opcodes.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
paravirt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
patch.c ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t 2019-02-26 11:24:50 +00:00
perf_callchain.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
perf_event_v6.c arm_pmu: Tidy up clear_event_idx call backs 2018-07-10 18:19:02 +01:00
perf_event_v7.c ARM: 8873/1: perf: cleanup cppcheck shifting warning 2019-08-23 11:38:46 +01:00
perf_event_xscale.c arm_pmu: Tidy up clear_event_idx call backs 2018-07-10 18:19:02 +01:00
perf_regs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pj4-cp0.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
process.c arm: Implement copy_thread_tls 2020-01-14 20:08:34 +01:00
psci_smp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
ptrace.c ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook 2020-06-17 16:40:21 +02:00
reboot.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
reboot.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
relocate_kernel.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
return_address.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
setup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
signal.c ARM: signal: Mark expected switch fall-through 2019-08-09 19:47:15 -05:00
signal.h ARM: signal handling support for FDPIC_FUNCPTRS functions 2017-09-10 19:31:46 -04:00
sigreturn_codes.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
sleep.S ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used 2019-02-26 11:32:54 +00:00
smccc-call.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
smp.c ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC 2020-01-17 19:48:55 +01:00
smp_scu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smp_tlb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smp_twd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
stacktrace.c ARM: 8948/1: Prevent OOB access in stacktrace 2020-10-01 13:17:29 +02:00
suspend.c ARM: bugs: hook processor bug checking into SMP and suspend paths 2018-05-31 10:39:29 +01:00
swp_emulate.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sys_arm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sys_oabi-compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
tcm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
thumbee.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
time.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
topology.c ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC 2020-01-17 19:48:55 +01:00
traps.c ARM: 8948/1: Prevent OOB access in stacktrace 2020-10-01 13:17:29 +02:00
unwind.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
v7m.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
vdso.c arm64: Introduce a way to disable the 32bit vdso 2020-07-22 09:32:50 +02:00
vmlinux-xip.lds.S vmlinux.lds.h: Move LSM_TABLE into INIT_DATA 2018-10-10 20:40:21 -07:00
vmlinux.lds.S ARM: 8757/1: NOMMU: Support PMSAv8 MPU 2018-05-19 11:53:46 +01:00
vmlinux.lds.h vmlinux.lds.h: Fix incomplete .text.exit discards 2018-10-12 08:54:58 +11:00
xscale-cp0.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00