linux_dsm_epyc7002/arch/arm/kernel
Vincent Whitchurch 40ff1ddb55 ARM: 8948/1: Prevent OOB access in stacktrace
The stacktrace code can read beyond the stack size, when it attempts to
read pt_regs from exception frames.

This can happen on normal, non-corrupt stacks.  Since the unwind
information in the extable is not correct for function prologues, the
unwinding code can return data from the stack which is not actually the
caller function address, and if in_entry_text() happens to succeed on
this value, we can end up reading data from outside the task's stack
when attempting to read pt_regs, since there is no bounds check.

Example:

 [<8010e729>] (unwind_backtrace) from [<8010a9c9>] (show_stack+0x11/0x14)
 [<8010a9c9>] (show_stack) from [<8057d8d7>] (dump_stack+0x87/0xac)
 [<8057d8d7>] (dump_stack) from [<8012271d>] (tasklet_action_common.constprop.4+0xa5/0xa8)
 [<8012271d>] (tasklet_action_common.constprop.4) from [<80102333>] (__do_softirq+0x11b/0x31c)
 [<80102333>] (__do_softirq) from [<80122485>] (irq_exit+0xad/0xd8)
 [<80122485>] (irq_exit) from [<8015f3d7>] (__handle_domain_irq+0x47/0x84)
 [<8015f3d7>] (__handle_domain_irq) from [<8036a523>] (gic_handle_irq+0x43/0x78)
 [<8036a523>] (gic_handle_irq) from [<80101a49>] (__irq_svc+0x69/0xb4)
 Exception stack(0xeb491f58 to 0xeb491fa0)
 1f40:                                                       7eb14794 00000000
 1f60: ffffffff 008dd32c 008dd324 ffffffff 008dd314 0000002a 801011e4 eb490000
 1f80: 0000002a 7eb1478c 50c5387d eb491fa8 80101001 8023d09c 40080033 ffffffff
 [<80101a49>] (__irq_svc) from [<8023d09c>] (do_pipe2+0x0/0xac)
 [<8023d09c>] (do_pipe2) from [<ffffffff>] (0xffffffff)
 Exception stack(0xeb491fc8 to 0xeb492010)
 1fc0:                   008dd314 0000002a 00511ad8 008de4c8 7eb14790 7eb1478c
 1fe0: 00511e34 7eb14774 004c8557 76f44098 60080030 7eb14794 00000000 00000000
 2000: 00000001 00000000 ea846c00 ea847cc0

In this example, the stack limit is 0xeb492000, but 16 bytes outside the
stack have been read.

Fix it by adding bounds checks.

Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2020-01-25 18:18:11 +00:00
..
.gitignore
arch_timer.c ARM: 8913/1: arch_timer: include <asm/arch_timer.h> 2019-10-27 21:14:43 +00:00
armksyms.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
asm-offsets.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atags_compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atags_parse.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atags_proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
atags.h ARM: mark setup_machine_tags() stub as __init __noreturn 2019-05-14 19:52:48 -07:00
bios32.c PCI: Remove PCI_REASSIGN_ALL_RSRC use on arm and arm64 2017-12-18 23:07:43 -06:00
bugs.c treewide: fix typos of SPDX-License-Identifier 2019-06-01 18:29:58 +02:00
cpuidle.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 159 2019-05-30 11:26:37 -07:00
crash_dump.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
debug.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
devtree.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
dma-isa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
early_printk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
efi.c mm/pgtable: drop pgtable_t variable from pte_fn_t functions 2019-07-12 11:05:46 -07:00
elf.c Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2017-11-16 12:50:35 -08:00
entry-armv.S docs: arm: convert docs to ReST and rename to *.rst 2019-07-15 09:20:24 -03:00
entry-common.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
entry-ftrace.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
entry-header.S ARM: 8844/1: use unified assembler in assembly files 2019-02-26 11:26:07 +00:00
entry-v7m.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
fiq.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fiqasm.S
ftrace.c ARM: function_graph: Simplify with function_graph_enter() 2018-11-27 20:29:52 -05:00
head-common.S ARM: 8914/1: NOMMU: Fix exc_ret for XIP 2019-10-10 22:23:20 +01:00
head-inflate-data.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
head-nommu.S ARM: 8914/1: NOMMU: Fix exc_ret for XIP 2019-10-10 22:23:20 +01:00
head.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
hibernate.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
hw_breakpoint.c ARM: 8927/1: ARM/hw_breakpoint: add more ARMv8 debug architecture versions support 2019-11-15 22:21:08 +00:00
hyp-stub.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1 2019-05-21 11:28:39 +02:00
insn.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
io.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
isa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
iwmmxt.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
jump_label.c jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
kgdb.c kgdb/treewide: constify struct kgdb_arch arch_kgdb_ops 2018-12-30 08:33:06 +00:00
machine_kexec.c ARM: avoid Cortex-A9 livelock on tight dmb loops 2019-02-01 22:05:50 +00:00
Makefile ARM: 8918/2: only build return_address() if needed 2019-11-15 22:21:07 +00:00
module-plts.c ARM: 8910/1: fix missing declartion of module_frob_arch_sections 2019-10-27 21:14:38 +00:00
module.c Modules updates for v5.3 2019-07-18 12:06:57 -07:00
module.lds License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
opcodes.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
paravirt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
patch.c ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t 2019-02-26 11:24:50 +00:00
perf_callchain.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
perf_event_v6.c arm_pmu: Tidy up clear_event_idx call backs 2018-07-10 18:19:02 +01:00
perf_event_v7.c ARM: 8873/1: perf: cleanup cppcheck shifting warning 2019-08-23 11:38:46 +01:00
perf_event_xscale.c arm_pmu: Tidy up clear_event_idx call backs 2018-07-10 18:19:02 +01:00
perf_regs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pj4-cp0.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
process.c ARM: 8920/1: share get_signal_page from signal.c to process.c 2019-10-31 16:58:53 +00:00
psci_smp.c ARM: 8919/1: make unexported functions static 2019-10-31 16:58:52 +00:00
ptrace.c seccomp: simplify secure_computing() 2019-10-10 14:55:24 -07:00
reboot.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
reboot.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
relocate_kernel.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
return_address.c ARM: 8918/2: only build return_address() if needed 2019-11-15 22:21:07 +00:00
setup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
signal.c ARM: signal: Mark expected switch fall-through 2019-08-09 19:47:15 -05:00
signal.h ARM: 8920/1: share get_signal_page from signal.c to process.c 2019-10-31 16:58:53 +00:00
sigreturn_codes.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
sleep.S ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used 2019-02-26 11:32:54 +00:00
smccc-call.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
smp_scu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smp_tlb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smp_twd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smp.c ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC 2019-12-06 11:51:02 +00:00
stacktrace.c ARM: 8948/1: Prevent OOB access in stacktrace 2020-01-25 18:18:11 +00:00
suspend.c ARM: bugs: hook processor bug checking into SMP and suspend paths 2018-05-31 10:39:29 +01:00
swp_emulate.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sys_arm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sys_oabi-compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
tcm.c ARM: 8925/1: tcm: include <asm/tcm.h> for missing declarations 2019-10-31 16:58:56 +00:00
thumbee.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
time.c ARM: 8938/1: kernel: initialize broadcast hrtimer based clock event device 2019-11-16 10:51:24 +00:00
topology.c ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC 2019-12-06 11:51:02 +00:00
traps.c ARM: 8948/1: Prevent OOB access in stacktrace 2020-01-25 18:18:11 +00:00
unwind.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
v7m.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
vdso.c ARM: 8930/1: Add support for generic vDSO 2019-11-15 22:21:12 +00:00
vmlinux-xip.lds.S vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA 2019-11-04 15:57:41 +01:00
vmlinux.lds.h vmlinux.lds.h: Fix incomplete .text.exit discards 2018-10-12 08:54:58 +11:00
vmlinux.lds.S vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA 2019-11-04 15:57:41 +01:00
xscale-cp0.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00