[PATCH] clear the frame pointer in copy_thread

From: Su, Xuemin
Date: Tue Jun 19 2012 - 03:29:30 EST

Next message: Ohad Ben-Cohen: "Re: [PATCHv3 0/4] remoteproc: Custom firmware handling."
Previous message: Axel Lin: "[PATCH] regulator: core: Export regulator_set_voltage_time_sel()"
Next in thread: H. Peter Anvin: "Re: [PATCH] clear the frame pointer in copy_thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: xueminsu <xuemin.su@xxxxxxxxx>

When creating a userspace thread, kernel copies all parent
threadâs registers to the child thread, including bp register
which is used to create stack frame. At this point, the bp
register is pointing to the parent threadâs last stack frame.

So, after the child thread is created, its bp register points
to the parent threadâs stack area, and the value would be pushed
to its own stack to form its first stack frame when it calls its
first function.

This would not be a problem if the child thread and the parent
thread do not share the VM or if they share the VM and have the
same stack. But if they share the VM and have different stacks,
this would cause an issue: when we try to print the child threadâs
stack trace, we would eventually walk into the parent threadâs
stack area, and sometimes we will occasionally prints out the
parent threadâs stack trace.

Currently some version of libc clears the frame pointer just after
the thread is created, but this is not guaranteed.

Signed-off-by: xueminsu <xuemin.su@xxxxxxxxx>
---
arch/x86/kernel/process_32.c | 9 +++++++++
arch/x86/kernel/process_64.c | 9 +++++++++
2 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 516fa18..b1b6d42 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -139,6 +139,15 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
childregs->ax = 0;
childregs->sp = sp;

+ /*
+ * If the child thread and the parent thread share the VM
+ * but have different stack, the child thread's bp register
+ * should be set to null, preventing it from pointing to
+ * the parent thread's stack area.
+ */
+ if ((sp != regs->sp) && (clone_flags & CLONE_VM))
+ childregs->bp = 0;
+
p->thread.sp = (unsigned long) childregs;
p->thread.sp0 = (unsigned long) (childregs+1);

diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 61cdf7f..5acff83 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -163,6 +163,15 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
else
childregs->sp = (unsigned long)childregs;

+ /*
+ * If the child thread and the parent thread share the VM
+ * but have different stack, the child thread's bp register
+ * should be set to null, preventing it from pointing to
+ * the parent thread's stack area.
+ */
+ if ((sp != regs->sp) && (clone_flags & CLONE_VM))
+ childregs->bp = 0;
+
p->thread.sp = (unsigned long) childregs;
p->thread.sp0 = (unsigned long) (childregs+1);
p->thread.usersp = me->thread.usersp;
--
1.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ohad Ben-Cohen: "Re: [PATCHv3 0/4] remoteproc: Custom firmware handling."
Previous message: Axel Lin: "[PATCH] regulator: core: Export regulator_set_voltage_time_sel()"
Next in thread: H. Peter Anvin: "Re: [PATCH] clear the frame pointer in copy_thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]