Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp822198pxb; Tue, 12 Apr 2022 14:25:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz+zGNUgN8dD+qESGzKCHeWCM4OOJyJNxBbd1hhe6hHFWeABTiFsajfeCDl7kSTgVzh2tHF X-Received: by 2002:a17:902:9309:b0:156:983d:2193 with SMTP id bc9-20020a170902930900b00156983d2193mr38769052plb.158.1649798720690; Tue, 12 Apr 2022 14:25:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649798720; cv=none; d=google.com; s=arc-20160816; b=GFGRliPur4rN95Z+jwGO6M2Of6eL3jsd7lu57fEW2yQ85XnUGbO7ChEf/G+k9xt4Nz dCYyQuXsaVLt3ImVqCmEzTYyzwU8rTARDZEcan3shQK7QFsX/CwSAN8HnEYg7R4xOb4J 2os0c2SNbYNNLC9Kp2l6X6aD0hhJpOdu4a1GlNY2aYIs9FBAotsCJjoPuHQtK3JFKpnV t1XTNwYYvj9KGMUJKvprcoXwDVdZ+miJmmCEKIVUN7A5Ju2J6nuWuGC3XCxTCEgukfm8 rEbQg9q5ZTubhrOHBA4emE53SMG4W9Svcm3KUc71+meV2muMrapjM1iBzjgFJyCWO8ZN o6KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from; bh=Rlz/bAdwDcKzYk7vQOogmWhIcMtt5jHNj6JTwKf8T4Y=; b=VhfaExGnCamMuR/p8BBiHGXsUQvXKV/TWGhBxz89njGQA4VUgpABnQUCd+LwqdKAsX eMNIml/RTtAOWEqdM9BxfQItJycWuymgCJ0F6Yr90pVBHqVRHn52L6DlwbHf/YbpCe81 OHbrxTu1RAD+QcLdjaDE15eFHANSbOAjHKkdlfmX910c0z7LavxuKOg949jDga20dt6m DnRVCZU14sYxXyHSS0D0sAyryBWrzuKFOYNQhHKz9uL5M7WsEojjVIHTZRAlzL7xoRKI 50yFK4ym52TMrVfPoW1BWUhTf0nsb1Iw6nTNxr2Q4FhUjfBdJRJqddzDhHE0JRZHv18f cjYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex-team.ru Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id r5-20020a170903020500b00153b2d165a7si12521967plh.431.2022.04.12.14.25.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 14:25:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex-team.ru Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7A973105073; Tue, 12 Apr 2022 13:37:06 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358584AbiDLJ11 (ORCPT + 99 others); Tue, 12 Apr 2022 05:27:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356549AbiDLIKm (ORCPT ); Tue, 12 Apr 2022 04:10:42 -0400 X-Greylist: delayed 95 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 12 Apr 2022 00:41:52 PDT Received: from outback3o.mail.yandex.net (outback3o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::503]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90381F3F for ; Tue, 12 Apr 2022 00:41:52 -0700 (PDT) Received: from sas1-ad1836f4152f.qloud-c.yandex.net (sas1-ad1836f4152f.qloud-c.yandex.net [IPv6:2a02:6b8:c08:793:0:640:ad18:36f4]) by outback3o.mail.yandex.net (Yandex) with ESMTP id 8A5E51D1693E; Tue, 12 Apr 2022 10:40:16 +0300 (MSK) Received: from kernel1.search.yandex.net (kernel1.search.yandex.net [2a02:6b8:c02:550:0:604:9094:6282]) by sas1-ad1836f4152f.qloud-c.yandex.net (yaback/Yandex) with ESMTP id YxpBSLFY7v-eFOGpDVi; Tue, 12 Apr 2022 10:40:15 +0300 X-Yandex-Fwd: 1 Authentication-Results: sas1-ad1836f4152f.qloud-c.yandex.net; dkim=pass Received: by kernel1.search.yandex.net (Postfix, from userid 55271) id 6C6035068E2; Tue, 12 Apr 2022 10:40:15 +0300 (MSK) From: Dmitry Monakhov To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@redhat.com, Dmitry Monakhov Subject: [PATCH 2/2] x86/unwind/orc: Fix address check size for deref_stack_iret_regs Date: Tue, 12 Apr 2022 10:40:04 +0300 Message-Id: <1649749204-186363-2-git-send-email-dmtrmonakhov@yandex-team.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1649749204-186363-1-git-send-email-dmtrmonakhov@yandex-team.ru> References: <1649749204-186363-1-git-send-email-dmtrmonakhov@yandex-team.ru> X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,HK_RANDOM_FROM,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For historical reasons we check only IRET_FRAME_OFFSET, but this check is no longer valid because we also access regs->sp field which is located beyond IRET_FRAME, so it is reasonable to validate full structure. Signed-off-by: Dmitry Monakhov --- arch/x86/kernel/unwind_orc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c index 80b878772b86..a249ecabe689 100644 --- a/arch/x86/kernel/unwind_orc.c +++ b/arch/x86/kernel/unwind_orc.c @@ -379,7 +379,7 @@ static bool deref_stack_iret_regs(struct unwind_state *state, unsigned long addr { struct pt_regs *regs = (void *)addr - IRET_FRAME_OFFSET; - if (!stack_access_ok(state, addr, IRET_FRAME_SIZE)) + if (!stack_access_ok(state, addr, sizeof(struct pt_regs))) return false; *ip = READ_ONCE_NOCHECK(regs->ip); -- 2.7.4