[Query] Stack Overflow in "arch/arm/kernel/unwind.c" while unwinding frame

From: Anurag Aggarwal
Date: Tue Sep 24 2013 - 01:23:45 EST

Next message: Dave Young: "Re: [PATCH -v2] EFI: Runtime services virtual mapping"
Previous message: Mika Westerberg: "Re: [PATCH v2 1/9] i2c: prepare runtime PM support for I2C clientdevices"
Next in thread: Jean Pihet: "Re: [Query] Stack Overflow in "arch/arm/kernel/unwind.c" whileunwinding frame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

While executing unwind backtrace instructions in ARM, in the function
unwind_exec_insn()
there are chances that SP overflows from stack.

For example while executing instruction with opcode 0xAE, vsp can go
beyond stack to area that has not been allocated till now.

unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
int reg;

/* pop R4-R[4+bbb] */
for (reg = 4; reg <= 4 + (insn & 7); reg++)
ctrl->vrs[reg] = *vsp++;

The above scenario can happen while executing any of the unwind instruction.

One of the ways to fix the problem is to check for vsp with stack
limits before we increment it, but doing it for all the instructions
seems a little bad.

I just want to know that if anyone has faced the problem before

I am working on Linux kernel for Android phones and I saw one case
when this happened.

I am new to Linux Kernel so not sure if this is the right place to ask
the question.

--
Anurag Aggarwal
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Young: "Re: [PATCH -v2] EFI: Runtime services virtual mapping"
Previous message: Mika Westerberg: "Re: [PATCH v2 1/9] i2c: prepare runtime PM support for I2C clientdevices"
Next in thread: Jean Pihet: "Re: [Query] Stack Overflow in "arch/arm/kernel/unwind.c" whileunwinding frame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]