From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933848AbcJ0GaT (ORCPT ); Thu, 27 Oct 2016 02:30:19 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:33759 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932605AbcJ0GaP (ORCPT ); Thu, 27 Oct 2016 02:30:15 -0400 Date: Thu, 27 Oct 2016 08:30:11 +0200 From: Ingo Molnar To: Josh Poimboeuf Cc: x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/4] x86/unwind: ensure stack grows down Message-ID: <20161027063010.GA3884@gmail.com> References: <65e1ac5a17bd20d43c21d400ea2fcd84e6d09e78.1477496147.git.jpoimboe@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <65e1ac5a17bd20d43c21d400ea2fcd84e6d09e78.1477496147.git.jpoimboe@redhat.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Josh Poimboeuf wrote: > Add a sanity check to ensure the stack only grows down, and print a > warning if the check fails. > > Signed-off-by: Josh Poimboeuf > --- > arch/x86/kernel/unwind_frame.c | 36 ++++++++++++++++++++++++++++++++---- > 1 file changed, 32 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/kernel/unwind_frame.c b/arch/x86/kernel/unwind_frame.c > index 9be9a8f..0d8d2f2 100644 > --- a/arch/x86/kernel/unwind_frame.c > +++ b/arch/x86/kernel/unwind_frame.c > @@ -24,6 +24,15 @@ unsigned long unwind_get_return_address(struct unwind_state *state) > } > EXPORT_SYMBOL_GPL(unwind_get_return_address); > > +static size_t regs_size(struct pt_regs *regs) > +{ > + /* x86_32 regs from kernel mode are two words shorter */ > + if (IS_ENABLED(CONFIG_X86_32) && !user_mode(regs)) > + return sizeof(*regs) - (2*sizeof(long)); Unnecessary parentheses. > + > + return sizeof(*regs); > +} > + > static bool is_last_task_frame(struct unwind_state *state) > { > unsigned long bp = (unsigned long)state->bp; > @@ -71,6 +80,7 @@ bool unwind_next_frame(struct unwind_state *state) > struct pt_regs *regs; > unsigned long *next_bp, *next_frame; > size_t next_len; > + enum stack_type prev_type = state->stack_info.type; > > if (unwind_done(state)) > return false; > @@ -134,6 +144,18 @@ bool unwind_next_frame(struct unwind_state *state) > goto bad_address; > } > > + /* make sure it only unwinds up and doesn't overlap the last frame */ Please capitalize comments - and if the comment refers to a control block please also add ':', i.e. something like: /* Make sure it only unwinds up and doesn't overlap the last frame: */ This also applies to other places in this patch series. > + if (state->stack_info.type == prev_type) { > + if (state->regs && > + (void *)next_frame < (void *)state->regs + > + regs_size(state->regs)) No line breaks that make the code worse please. > + goto bad_address; > + > + if (state->bp && > + (void *)next_frame < (void *)state->bp + FRAME_HEADER_SIZE) Ditto. > + goto bad_address; > + } > + > /* move to the next frame */ > if (regs) { > state->regs = regs; > @@ -146,10 +168,16 @@ bool unwind_next_frame(struct unwind_state *state) > return true; > > bad_address: > - printk_deferred_once(KERN_WARNING > - "WARNING: kernel stack frame pointer at %p in %s:%d has bad value %p\n", > - state->bp, state->task->comm, > - state->task->pid, next_bp); > + if (state->regs) > + printk_deferred_once(KERN_WARNING > + "WARNING: kernel stack regs at %p in %s:%d has bad 'bp' value %p\n", > + state->regs, state->task->comm, > + state->task->pid, next_frame); > + else > + printk_deferred_once(KERN_WARNING > + "WARNING: kernel stack frame pointer at %p in %s:%d has bad value %p\n", > + state->bp, state->task->comm, > + state->task->pid, next_frame); Multi-line statements should have curly braces. Thanks, Ingo