Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp17926729ybl; Thu, 2 Jan 2020 14:58:51 -0800 (PST) X-Google-Smtp-Source: APXvYqxdbCM/nOTwaqmDZ3AZBjnoci5eaG83dNjWDmBElUk/F7mt1J8kAvbq6hstRB+RqiX08nUm X-Received: by 2002:a9d:6f85:: with SMTP id h5mr95043235otq.19.1578005931629; Thu, 02 Jan 2020 14:58:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578005931; cv=none; d=google.com; s=arc-20160816; b=RQoB1eZG8l27E0vK3EuN59AiWwNqQ+Z8iwxM9Deja0BnaGUjMP2mfdzfhWsiNOMl6W kYFPaKxnXRPHq/mr0ObW9ENZKW/VBSlg7eoAonX+szs8jqO1Z2nTiT+APk6gzHHjUqhu WyjpeQWrWNlErjnN3B0GtVH77tglenQRS9vv/XBOY4Jgf+1qS4sPlAOBc7LX71tjdGXB 3TgJ44CiyEI8kiZpFT97qD52aTncp6BqzeVFHFA3L924HF8IbeZG4Z/W8kQWG3SdnKsU +4oxx9kcsvQmP4RQfYOlhrplaEaPddkXNcDXr1x2aJx+hoxdGNOdwJlCge05efp0l+3W Tj1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wa8I26GeJyYrNmtmR+gZH/zspsnfLofa9pQ2IiqA7+8=; b=BOzZ3IwXCl73K+PvrMkRCtqPh/kuc8klStnj2hE8yc7MoUeFbDOuB7r6cFKRj5R+xF Q94z7lIwvo67zEYgU0rIM82KEGSOoX36kDMxDMgH7/XCKBX022w8wZLxbLLpzMJgHIdg aMBWj95Dz67PZonCzNvwtkFdSX4ReiG1wZ5oV2bTLdm7fFoPAgkYB8s/cERK1dTlKew0 9enG8eWuO0D6YUdpn0sQg+aDclFcVAcImuwBZPsyo/ZapH06YfbYeBvIpozPEdmnxO8R OAsxQ0RP0d3DViofHguHv7p0Qz6FckKdqEUQUHwG0Pe8MSPJkJyRzqj9SvW6c/E1uHpP l4Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i3PH4OTf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s128si27134770oig.204.2020.01.02.14.58.40; Thu, 02 Jan 2020 14:58:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i3PH4OTf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728059AbgABWQu (ORCPT + 99 others); Thu, 2 Jan 2020 17:16:50 -0500 Received: from mail.kernel.org ([198.145.29.99]:58832 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727823AbgABWQo (ORCPT ); Thu, 2 Jan 2020 17:16:44 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8F8AA21582; Thu, 2 Jan 2020 22:16:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578003404; bh=xe3Z79I60jJdx7YuK/c1laM9GG6/6JpZJqjcyjGH+IQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i3PH4OTfxiIF/WCuBt/pmEsLHsgSL3nO5P9Lyvzy5NMEZFHWUVvX/m+hyF+hss036 1adPTU/LIKfLagmjbL4NH5Cv25BmmtX0MQZiNL2/qQjLkoD7iUXrv2Mmcb14Ma3PJ5 UNSC6K+FTFpRlWQ9fxdYUEnFzv5xMD0xIjkGnkzs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Heiko Carstens , Vasily Gorbik , Sasha Levin Subject: [PATCH 5.4 121/191] s390/unwind: filter out unreliable bogus %r14 Date: Thu, 2 Jan 2020 23:06:43 +0100 Message-Id: <20200102215842.770802524@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200102215829.911231638@linuxfoundation.org> References: <20200102215829.911231638@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vasily Gorbik [ Upstream commit bf018ee644897d7982e1b8dd8b15e97db6e1a4da ] Currently unwinder unconditionally returns %r14 from the first frame pointed by %r15 from pt_regs. A task could be interrupted when a function already allocated this frame (if it needs it) for its callees or to store local variables. In that case this frame would contain random values from stack or values stored there by a callee. As we are only interested in %r14 to get potential return address, skip bogus return addresses which doesn't belong to kernel text. This helps to avoid duplicating filtering logic in unwider users, most of which use unwind_get_return_address() and would choke on bogus 0 address returned by it otherwise. Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik Signed-off-by: Sasha Levin --- arch/s390/kernel/unwind_bc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/s390/kernel/unwind_bc.c b/arch/s390/kernel/unwind_bc.c index a8204f952315..6e609b13c0ce 100644 --- a/arch/s390/kernel/unwind_bc.c +++ b/arch/s390/kernel/unwind_bc.c @@ -60,6 +60,11 @@ bool unwind_next_frame(struct unwind_state *state) ip = READ_ONCE_NOCHECK(sf->gprs[8]); reliable = false; regs = NULL; + if (!__kernel_text_address(ip)) { + /* skip bogus %r14 */ + state->regs = NULL; + return unwind_next_frame(state); + } } else { sf = (struct stack_frame *) state->sp; sp = READ_ONCE_NOCHECK(sf->back_chain); -- 2.20.1