diff mbox series

[for-3.18,22/24] sched: panic on corrupted stack end

Message ID 1494340968-17152-23-git-send-email-amit.pundir@linaro.org
State New
Headers show
Series Security fixes from 2015 and 2016 android security bulletins | expand

Commit Message

Amit Pundir May 9, 2017, 2:42 p.m. UTC
From: Jann Horn <jannh@google.com>


commit 29d6455178a09e1dc340380c582b13356227e8df upstream.

Until now, hitting this BUG_ON caused a recursive oops (because oops
handling involves do_exit(), which calls into the scheduler, which in
turn raises an oops), which caused stuff below the stack to be
overwritten until a panic happened (e.g.  via an oops in interrupt
context, caused by the overwritten CPU index in the thread_info).

Just panic directly.

Signed-off-by: Jann Horn <jannh@google.com>

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

[AmitP: Minor refactoring of upstream changes for linux-3.18.y]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

---
 kernel/sched/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
2.7.4
diff mbox series

Patch

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 5f4c71c5d38e..a760c9e0353e 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2709,7 +2709,8 @@  static noinline void __schedule_bug(struct task_struct *prev)
 static inline void schedule_debug(struct task_struct *prev)
 {
 #ifdef CONFIG_SCHED_STACK_END_CHECK
-	BUG_ON(unlikely(task_stack_end_corrupted(prev)));
+	if (task_stack_end_corrupted(prev))
+		panic("corrupted stack end detected inside scheduler\n");
 #endif
 	/*
 	 * Test if we are atomic. Since do_exit() needs to call into