diff options
| author | Vasily Gorbik <gor@linux.ibm.com> | 2019-11-27 20:12:04 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-01-04 21:18:29 +0300 |
| commit | cff542509ec302ea63b9cc19ae2226740883ba63 (patch) | |
| tree | e981a340eb9e2c58d73aac63f92ec6de02c3dd3d /arch | |
| parent | ebd75fea2cda2a1ecfe2a63ed2316665ed193f97 (diff) | |
| download | linux-cff542509ec302ea63b9cc19ae2226740883ba63.tar.xz | |
s390/unwind: filter out unreliable bogus %r14
[ Upstream commit bf018ee644897d7982e1b8dd8b15e97db6e1a4da ]
Currently unwinder unconditionally returns %r14 from the first frame
pointed by %r15 from pt_regs. A task could be interrupted when a function
already allocated this frame (if it needs it) for its callees or to
store local variables. In that case this frame would contain random
values from stack or values stored there by a callee. As we are only
interested in %r14 to get potential return address, skip bogus return
addresses which doesn't belong to kernel text.
This helps to avoid duplicating filtering logic in unwider users, most
of which use unwind_get_return_address() and would choke on bogus 0
address returned by it otherwise.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/s390/kernel/unwind_bc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/s390/kernel/unwind_bc.c b/arch/s390/kernel/unwind_bc.c index a8204f952315..6e609b13c0ce 100644 --- a/arch/s390/kernel/unwind_bc.c +++ b/arch/s390/kernel/unwind_bc.c @@ -60,6 +60,11 @@ bool unwind_next_frame(struct unwind_state *state) ip = READ_ONCE_NOCHECK(sf->gprs[8]); reliable = false; regs = NULL; + if (!__kernel_text_address(ip)) { + /* skip bogus %r14 */ + state->regs = NULL; + return unwind_next_frame(state); + } } else { sf = (struct stack_frame *) state->sp; sp = READ_ONCE_NOCHECK(sf->back_chain); |