Message ID | 20200730205112.2099429-2-ndesaulniers@google.com |
---|---|
State | New |
Headers | show |
Series | [1/4] ARM: backtrace-clang: check for NULL lr | expand |
On Thu, Jul 30, 2020 at 3:51 PM Nick Desaulniers <ndesaulniers@google.com> wrote: > > If the link register was zeroed out, do not attempt to use it for > address calculations for which there are currently no fixup handlers, > which can lead to a panic during unwind. Since panicking triggers > another unwind, this can lead to an infinite loop. If this occurs > during start_kernel(), this can prevent a kernel from booting. > > commit 59b6359dd92d ("ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel()") > intentionally zeros out the link register in __mmap_switched which tail > calls into start kernel. Test for this condition so that we can stop > unwinding when initiated within start_kernel() correctly. > > Cc: stable@vger.kernel.org > Fixes: commit 6dc5fd93b2f1 ("ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang") > Reported-by: Miles Chen <miles.chen@mediatek.com> > Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> > --- > arch/arm/lib/backtrace-clang.S | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/arm/lib/backtrace-clang.S b/arch/arm/lib/backtrace-clang.S > index 6174c45f53a5..5388ac664c12 100644 > --- a/arch/arm/lib/backtrace-clang.S > +++ b/arch/arm/lib/backtrace-clang.S > @@ -144,6 +144,8 @@ for_each_frame: tst frame, mask @ Check for address exceptions > */ > 1003: ldr sv_lr, [sv_fp, #4] @ get saved lr from next frame > > + tst sv_lr, #0 @ If there's no previous lr, > + beq finished_setup @ we're done. > ldr r0, [sv_lr, #-4] @ get call instruction > ldr r3, .Lopcode+4 > and r2, r3, r0 @ is this a bl call > -- > 2.28.0.163.g6104cc2f0b6-goog > Reviewed-by: Nathan Huckleberry <nhuck15@gmail.com>
diff --git a/arch/arm/lib/backtrace-clang.S b/arch/arm/lib/backtrace-clang.S index 6174c45f53a5..5388ac664c12 100644 --- a/arch/arm/lib/backtrace-clang.S +++ b/arch/arm/lib/backtrace-clang.S @@ -144,6 +144,8 @@ for_each_frame: tst frame, mask @ Check for address exceptions */ 1003: ldr sv_lr, [sv_fp, #4] @ get saved lr from next frame + tst sv_lr, #0 @ If there's no previous lr, + beq finished_setup @ we're done. ldr r0, [sv_lr, #-4] @ get call instruction ldr r3, .Lopcode+4 and r2, r3, r0 @ is this a bl call
If the link register was zeroed out, do not attempt to use it for address calculations for which there are currently no fixup handlers, which can lead to a panic during unwind. Since panicking triggers another unwind, this can lead to an infinite loop. If this occurs during start_kernel(), this can prevent a kernel from booting. commit 59b6359dd92d ("ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel()") intentionally zeros out the link register in __mmap_switched which tail calls into start kernel. Test for this condition so that we can stop unwinding when initiated within start_kernel() correctly. Cc: stable@vger.kernel.org Fixes: commit 6dc5fd93b2f1 ("ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang") Reported-by: Miles Chen <miles.chen@mediatek.com> Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> --- arch/arm/lib/backtrace-clang.S | 2 ++ 1 file changed, 2 insertions(+) -- 2.28.0.163.g6104cc2f0b6-goog