Re: [PATCH v15 08/20] unwind_user: Stop when reaching an outermost frame

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Uninitialized stack variable read of `outermost` field causes premature termination of user space stack unwinding.
--

commit 6e5baf1a7025f1ab5a73320fe2e522b5d83d132d
Author: Jens Remus <jremus@linux.ibm.com>

unwind_user: Stop when reaching an outermost frame

This commit adds an outermost frame indication to the user space unwind
frame structure. It checks this flag during the unwind process to stop
unwinding when an outermost frame is reached.

[ ... ]

> diff --git a/kernel/unwind/user.c b/kernel/unwind/user.c
> index 1fb2724197332..fdb1001e37505 100644
> --- a/kernel/unwind/user.c
> +++ b/kernel/unwind/user.c
> @@ -32,6 +32,12 @@ static int unwind_user_next_common(struct unwind_user_state *state,
>  {
>  	unsigned long cfa, fp, ra;
>  
> +	/* Stop unwinding when reaching an outermost frame. */
> +	if (frame->outermost) {

[Severity: Medium]
Will this read uninitialized stack memory during sframe unwinding?

Looking at unwind_user_next_sframe(), the frame structure is allocated on the
stack without zero-initialization:

kernel/unwind/user.c:unwind_user_next_sframe() {
	struct unwind_user_frame frame;

	/* sframe expects the frame to be local storage */
	if (sframe_find(state->ip, &frame))
		return -ENOENT;
	return unwind_user_next_common(state, &frame);
}

Since the new outermost field isn't populated by sframe_find() until a later
commit ("unwind_user/sframe: Add support for outermost frame indication"),
could this uninitialized read evaluate to true and cause premature termination
of user space stack unwinding?

This would break the bisectability of the patch series.

> +		state->done = true;
> +		return 0;
> +	}
> +

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260520154004.3845823-1-jremus@linux.ibm.com?part=8