From patchwork Thu Jul 30 20:51:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Desaulniers X-Patchwork-Id: 247289 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2744259ilg; Thu, 30 Jul 2020 13:51:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxEHk/um6BH5GjUr19CaQF5T3ycplKD5uE/APL62W7ySKkqYFWdGZO50T9MctQPuKGzcjbn X-Received: by 2002:a05:6402:1c10:: with SMTP id ck16mr817863edb.151.1596142288882; Thu, 30 Jul 2020 13:51:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596142288; cv=none; d=google.com; s=arc-20160816; b=HWC97MVMnupiQqeWwEfZX7SiXJ3VrGfmkdWYeY+f+lPRToNsUXwPsPDGlUJwFP9q91 2cAttwmo/cbjZMusO/r4VNcwAeFkziL3lZboh2xiggQ5UfKtFF+Ea7p6Q5bGVP0Lr4/A UJ5/RpbVXW1ZSonEc8d8RgiFNf4Bq9reVwsfL8HG/9aVcyh0CHqHr352Ur9qn95n8WnB 8oJcLlolAtD5XGyTv998xhxll8CsZy1RpFbxejlkwcGL+lDkegu8fS3hon8A4fRToQag RPr+3L6ySiHrbO0xEZ1lU8Bm2R+lzyefJFuHHshvaqh81B/Hz1I1reDNHbIRfYkNPou4 L7lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=G95KKuekTz1iA7Zr8ZdyT9EdDFTvRs8dYtvTVOv4Dfc=; b=KRN9hETN84oOEFLpScd2a1u1R8Ogfo4nLP4et7RxLGpWZz1q5RGWtRafpx5bloWbgS ka80oPo9iLhi2tjh76dBJn1xp4SiMrnZjenKby0wdqeIj0MisGh7X3K4VaRP7lfGK9FW rIHVjb5nb1XVnH2Wos6ItmSovU4r2/ObuTJ6PVC/2i7xtBlngUMXdyJAKkB9rbGyAbH7 szEB9LsP9IfJuvgYXdSGnaqdREopOdUY6p6Eq7FR95Dhiml7i0ckL/SkyGOGMhn0yvXE DEtrVrH5vfByU67UvpCMS9XDIoROJB5HMjtSDhPmNAoDKD6r6McGkj11Wf/LOkynLWNX yIyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ViS1JlQV; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cf17si3983460edb.488.2020.07.30.13.51.28; Thu, 30 Jul 2020 13:51:28 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ViS1JlQV; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728806AbgG3Uv2 (ORCPT + 15 others); Thu, 30 Jul 2020 16:51:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728778AbgG3Uv1 (ORCPT ); Thu, 30 Jul 2020 16:51:27 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7AAFCC061575 for ; Thu, 30 Jul 2020 13:51:27 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id u12so35457887ybj.0 for ; Thu, 30 Jul 2020 13:51:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=G95KKuekTz1iA7Zr8ZdyT9EdDFTvRs8dYtvTVOv4Dfc=; b=ViS1JlQVeIZx1+sasiczEhUQiJqT9BJ3+cGlNfVvdmsU9R2mLheJZdbOTUgKPav/+p 5pdrAapxvRSoKlz+chL0Gy18OCbJssl+aqaycS4dtpZekMdniwmfHSE28+u/htN+H2l+ lzAV54E++V9VAVcItllAAJIR59b/yWJz3F+UzYTyFBu/N5BqHonoSRohu96fk/lK3LEL 0FlD+6rYx6p5mrUR2jhCMNL3Mk/QYxpV5o//SYtwl8PLWXae6OWyWZcWxICKQUEdXgj8 g1z85D6nN1NBUXBVWo8pSEl6use+HV+VDaOcghe11TQpqrFnYk0mdJa+xoPyhRvpSBPa 46FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=G95KKuekTz1iA7Zr8ZdyT9EdDFTvRs8dYtvTVOv4Dfc=; b=qEHUoJfPTmywOWb1nVbMxFjnOzMbN+CEgPi+J6oTXR6rUhMCwfncqrC9Utadn/lyZe Nh/F3lZDIOWhhhxUaeERTBuhqACOKFhA5K9C7UVfg9m5YyGwWLOcbL1a+F34XoKKgrGP oeu5TFHQhyFvz7tLje2J1ax3hjAy6Ewczisp7+YeYhbJe+IVLA0Ij4DFAZoRzVK2nWAc ZklpGqYt5J+zcTqPJQcUyNHGRjfzFUFKuwf8XT00tLBHyuya2fsR0+/CHyipOT2jOlJh uMgixcW6wDphzXimA2VOSBiJi1H/yu7VHM55PGZfuDyNyW+2f83v3Ds6RpzTcD1PQTJL v83A== X-Gm-Message-State: AOAM530jLUTS/wXeECPySBQZqCyoa/CiQIo8UOZMLGk1EpaKht5geLqc kzRyVEyFfJwljE8r9GvGwonCJpkAkFmYOnpI/6w= X-Received: by 2002:a25:40cb:: with SMTP id n194mr1171359yba.380.1596142286622; Thu, 30 Jul 2020 13:51:26 -0700 (PDT) Date: Thu, 30 Jul 2020 13:51:09 -0700 In-Reply-To: <20200730205112.2099429-1-ndesaulniers@google.com> Message-Id: <20200730205112.2099429-2-ndesaulniers@google.com> Mime-Version: 1.0 References: <20200730205112.2099429-1-ndesaulniers@google.com> X-Mailer: git-send-email 2.28.0.163.g6104cc2f0b6-goog Subject: [PATCH 1/4] ARM: backtrace-clang: check for NULL lr From: Nick Desaulniers To: Nathan Huckleberry , Russell King Cc: Andrew Morton , Chunyan Zhang , clang-built-linux@googlegroups.com, Dmitry Safonov <0x7f454c46@gmail.com>, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, Lvqiang Huang , Matthias Brugger , Nick Desaulniers , Miles Chen , stable@vger.kernel.org Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org If the link register was zeroed out, do not attempt to use it for address calculations for which there are currently no fixup handlers, which can lead to a panic during unwind. Since panicking triggers another unwind, this can lead to an infinite loop. If this occurs during start_kernel(), this can prevent a kernel from booting. commit 59b6359dd92d ("ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel()") intentionally zeros out the link register in __mmap_switched which tail calls into start kernel. Test for this condition so that we can stop unwinding when initiated within start_kernel() correctly. Cc: stable@vger.kernel.org Fixes: commit 6dc5fd93b2f1 ("ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang") Reported-by: Miles Chen Signed-off-by: Nick Desaulniers --- arch/arm/lib/backtrace-clang.S | 2 ++ 1 file changed, 2 insertions(+) -- 2.28.0.163.g6104cc2f0b6-goog Reviewed-by: Nathan Huckleberry diff --git a/arch/arm/lib/backtrace-clang.S b/arch/arm/lib/backtrace-clang.S index 6174c45f53a5..5388ac664c12 100644 --- a/arch/arm/lib/backtrace-clang.S +++ b/arch/arm/lib/backtrace-clang.S @@ -144,6 +144,8 @@ for_each_frame: tst frame, mask @ Check for address exceptions */ 1003: ldr sv_lr, [sv_fp, #4] @ get saved lr from next frame + tst sv_lr, #0 @ If there's no previous lr, + beq finished_setup @ we're done. ldr r0, [sv_lr, #-4] @ get call instruction ldr r3, .Lopcode+4 and r2, r3, r0 @ is this a bl call From patchwork Thu Jul 30 20:51:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Desaulniers X-Patchwork-Id: 247290 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2744304ilg; Thu, 30 Jul 2020 13:51:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyjTOhkrQsVOEAM+kEYuA5RrBDRGyjGT+YC+wZARKKYgOuHqirqFZ/wgLDmD6ivmHgpqZ6R X-Received: by 2002:a17:906:3a51:: with SMTP id a17mr881101ejf.433.1596142295412; Thu, 30 Jul 2020 13:51:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596142295; cv=none; d=google.com; s=arc-20160816; b=TQZ4cYbxJoebaBmQRijtU0NAm+mA8QOo52SXG98MovOn9Mu/i/mbmiIYt6Enh4eSBn lt+oE8SlYB0w0xW7CFEY06EuA2zUkWPQaF+xDeMqZwB8WE4fYrB0EmojF/Dp7QDq/Eyc jXPbDw1qtzKIDU6wZ/9eR2dxujEAIlEU2zI8f/oTqg9DwaQCFf+9+izJUQpPr0BopV7v kiEXXglgpqRFog5KENXgDaddhC1at1CPIwZ8M/A1ZGZ0iZ0PCVXB8pTgHE+Y7LQuOJf3 9RbucQRFGGXnUZ2SaTpw0MU8yyWZJKCq9hoTkNZ+GZD7Oj5mvt9hQsMrqHsVhcZgp312 zQhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=U0OUPTDRNGhh0ydoN6VkhJdiruQZ6OtwNxR4N39C4f8=; b=Vq2O2T+DxpCCgybnR308uyUl0kcR+YTl60E0WMOh35Jc9Y7C46U/FSaooHxqraqGdV Tt1/nSNmkMF77GvVffYnGdu9qfVakWIuirklBjwg7TwDIFmJdAnT6J4Dt8JeF9RhAqvj Ql2biOg/EH6Q6NXAOephoHKcqcemOxsMgAsjYPL44Tp8gBDnJDFpJlcVg4c33U+O2rB3 yHppDji7a/3S0ZnAKqU1DCO+JyicHETmfRcsSaWuipvoXXSXNnEfvEE0gDnE3QPZc3gD sMNGlmlpMJiDnaLlyeHrHwiMmH9wsC/fc8Bh/M9xiMLpVf9Yj1yKnerqjO+Esy4wnlpR uozg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=bS33mlwd; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j13si3985532edp.43.2020.07.30.13.51.35; Thu, 30 Jul 2020 13:51:35 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=bS33mlwd; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730130AbgG3Uvb (ORCPT + 15 others); Thu, 30 Jul 2020 16:51:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57590 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729166AbgG3Uva (ORCPT ); Thu, 30 Jul 2020 16:51:30 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D52DCC061574 for ; Thu, 30 Jul 2020 13:51:30 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id ei10so7056856pjb.2 for ; Thu, 30 Jul 2020 13:51:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=U0OUPTDRNGhh0ydoN6VkhJdiruQZ6OtwNxR4N39C4f8=; b=bS33mlwdf/DJIQD28epPbEI7pJZXa1xHzvIjvbrwJsYvNRprRL04EmCMO8BY7c7vyR ofLXj+EecJitrlsOgIRSeYox7Ze/fCWlAwsLoJGJXNxJhm1Jzit1E25lLOIc4Zq4SNtH vDVgxSSFKjr6Dev1jNeB+/y6/4/TPRX9evR1RJBCof4kAi7IzZUb1z4wOFHcPt1MDXS1 UMmiVxWsDAo7fDiJWj5rZyAePJEpkaW+/xc4T//YX/DRcxFqZMlHsEZewHwkWf3ZE5Bn pEZzlVLo2QFc9P0WbNbGGnsimIfk/QgsbAfVHpxvfHt3Lp7csq8m7P0gUJ1850oZa06/ oWcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=U0OUPTDRNGhh0ydoN6VkhJdiruQZ6OtwNxR4N39C4f8=; b=QdLzRUTaGhF17z1Nwubx2DU2DaIx2PNQmjhpEJBQdUFw60Jis1rbHUq94FyEqOM8Oa Nu99vePA5IO2A3oAqGUreU3c5BgdxkWI4ycWrXjYQ/XMCWriVizvyTJcHG9+DswBS1tW KCzJmNVqMLBiAR99Bcx1FN01Rx88z69nerG4tBDvPs9ipfp2SatqMsCHzfFLdq+XYZrv DHwL9On02R5Yiky7lBnLFlalqw0KPvvh0LW25t3ILFd1u5aHwdJZReXv4I8E2US5kDuo Iqu6q7F/WTgU3L6P2vMYoDk5QZc5sNLR+VxaQoS0BZZUAiNJqWmWOqUmBewyQQhLxlCl Lz1w== X-Gm-Message-State: AOAM532HH7y5Mr2tnwRmWgRAc/xm+xGdfitzUmQ9TO4fnmNUBPP+z7F1 kDp8TPtXddrQDw9HqwLSbYJ0+HqUQub3k1YCV70= X-Received: by 2002:a17:90b:4d0b:: with SMTP id mw11mr923395pjb.4.1596142290243; Thu, 30 Jul 2020 13:51:30 -0700 (PDT) Date: Thu, 30 Jul 2020 13:51:10 -0700 In-Reply-To: <20200730205112.2099429-1-ndesaulniers@google.com> Message-Id: <20200730205112.2099429-3-ndesaulniers@google.com> Mime-Version: 1.0 References: <20200730205112.2099429-1-ndesaulniers@google.com> X-Mailer: git-send-email 2.28.0.163.g6104cc2f0b6-goog Subject: [PATCH 2/4] ARM: backtrace-clang: add fixup for lr dereference From: Nick Desaulniers To: Nathan Huckleberry , Russell King Cc: Andrew Morton , Chunyan Zhang , clang-built-linux@googlegroups.com, Dmitry Safonov <0x7f454c46@gmail.com>, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, Lvqiang Huang , Matthias Brugger , Nick Desaulniers , Miles Chen , stable@vger.kernel.org Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org If the value of the link register is not correct (tail call from asm that didn't set it, stack corruption, memory no longer mapped), then using it for an address calculation may trigger an exception. Without a fixup handler, this will lead to a panic, which will unwind, which will trigger the fault repeatedly in an infinite loop. We don't observe such failures currently, but we have. Just to be safe, add a fixup handler here so that at least we don't have an infinite loop. Cc: stable@vger.kernel.org Fixes: commit 6dc5fd93b2f1 ("ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang") Reported-by: Miles Chen Signed-off-by: Nick Desaulniers --- arch/arm/lib/backtrace-clang.S | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) -- 2.28.0.163.g6104cc2f0b6-goog diff --git a/arch/arm/lib/backtrace-clang.S b/arch/arm/lib/backtrace-clang.S index 5388ac664c12..40eb2215eaf4 100644 --- a/arch/arm/lib/backtrace-clang.S +++ b/arch/arm/lib/backtrace-clang.S @@ -146,7 +146,7 @@ for_each_frame: tst frame, mask @ Check for address exceptions tst sv_lr, #0 @ If there's no previous lr, beq finished_setup @ we're done. - ldr r0, [sv_lr, #-4] @ get call instruction +prev_call: ldr r0, [sv_lr, #-4] @ get call instruction ldr r3, .Lopcode+4 and r2, r3, r0 @ is this a bl call teq r2, r3 @@ -206,6 +206,13 @@ finished_setup: mov r2, frame bl printk no_frame: ldmfd sp!, {r4 - r9, fp, pc} +/* + * Accessing the address pointed to by the link register triggered an + * exception, don't try to unwind through it. + */ +bad_lr: mov sv_fp, #0 + mov sv_lr, #0 + b finished_setup ENDPROC(c_backtrace) .pushsection __ex_table,"a" .align 3 @@ -214,6 +221,7 @@ ENDPROC(c_backtrace) .long 1003b, 1006b .long 1004b, 1006b .long 1005b, 1006b + .long prev_call, bad_lr .popsection .Lbad: .asciz "%sBacktrace aborted due to bad frame pointer <%p>\n"