Commit 359ad0d4 authored by Jan Beulich's avatar Jan Beulich Committed by Andi Kleen

[PATCH] unwinder: more sanity checks in Dwarf2 unwinder

Tighten the requirements on both input to and output from the Dwarf2
unwinder.
Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
Signed-off-by: default avatarAndi Kleen <ak@suse.de>
parent eef5e0d1
...@@ -161,12 +161,19 @@ dump_trace_unwind(struct unwind_frame_info *info, void *data) ...@@ -161,12 +161,19 @@ dump_trace_unwind(struct unwind_frame_info *info, void *data)
{ {
struct ops_and_data *oad = (struct ops_and_data *)data; struct ops_and_data *oad = (struct ops_and_data *)data;
int n = 0; int n = 0;
unsigned long sp = UNW_SP(info);
if (arch_unw_user_mode(info))
return -1;
while (unwind(info) == 0 && UNW_PC(info)) { while (unwind(info) == 0 && UNW_PC(info)) {
n++; n++;
oad->ops->address(oad->data, UNW_PC(info)); oad->ops->address(oad->data, UNW_PC(info));
if (arch_unw_user_mode(info)) if (arch_unw_user_mode(info))
break; break;
if ((sp & ~(PAGE_SIZE - 1)) == (UNW_SP(info) & ~(PAGE_SIZE - 1))
&& sp > UNW_SP(info))
break;
sp = UNW_SP(info);
} }
return n; return n;
} }
......
...@@ -225,12 +225,19 @@ static int dump_trace_unwind(struct unwind_frame_info *info, void *context) ...@@ -225,12 +225,19 @@ static int dump_trace_unwind(struct unwind_frame_info *info, void *context)
{ {
struct ops_and_data *oad = (struct ops_and_data *)context; struct ops_and_data *oad = (struct ops_and_data *)context;
int n = 0; int n = 0;
unsigned long sp = UNW_SP(info);
if (arch_unw_user_mode(info))
return -1;
while (unwind(info) == 0 && UNW_PC(info)) { while (unwind(info) == 0 && UNW_PC(info)) {
n++; n++;
oad->ops->address(oad->data, UNW_PC(info)); oad->ops->address(oad->data, UNW_PC(info));
if (arch_unw_user_mode(info)) if (arch_unw_user_mode(info))
break; break;
if ((sp & ~(PAGE_SIZE - 1)) == (UNW_SP(info) & ~(PAGE_SIZE - 1))
&& sp > UNW_SP(info))
break;
sp = UNW_SP(info);
} }
return n; return n;
} }
......
...@@ -79,17 +79,13 @@ extern asmlinkage int arch_unwind_init_running(struct unwind_frame_info *, ...@@ -79,17 +79,13 @@ extern asmlinkage int arch_unwind_init_running(struct unwind_frame_info *,
void *arg), void *arg),
void *arg); void *arg);
static inline int arch_unw_user_mode(const struct unwind_frame_info *info) static inline int arch_unw_user_mode(/*const*/ struct unwind_frame_info *info)
{ {
#if 0 /* This can only work when selector register and EFLAGS saves/restores return user_mode_vm(&info->regs)
are properly annotated (and tracked in UNW_REGISTER_INFO). */ || info->regs.eip < PAGE_OFFSET
return user_mode_vm(&info->regs);
#else
return info->regs.eip < PAGE_OFFSET
|| (info->regs.eip >= __fix_to_virt(FIX_VDSO) || (info->regs.eip >= __fix_to_virt(FIX_VDSO)
&& info->regs.eip < __fix_to_virt(FIX_VDSO) + PAGE_SIZE) && info->regs.eip < __fix_to_virt(FIX_VDSO) + PAGE_SIZE)
|| info->regs.esp < PAGE_OFFSET; || info->regs.esp < PAGE_OFFSET;
#endif
} }
#else #else
......
...@@ -87,14 +87,10 @@ extern int arch_unwind_init_running(struct unwind_frame_info *, ...@@ -87,14 +87,10 @@ extern int arch_unwind_init_running(struct unwind_frame_info *,
static inline int arch_unw_user_mode(const struct unwind_frame_info *info) static inline int arch_unw_user_mode(const struct unwind_frame_info *info)
{ {
#if 0 /* This can only work when selector register saves/restores return user_mode(&info->regs)
are properly annotated (and tracked in UNW_REGISTER_INFO). */ || (long)info->regs.rip >= 0
return user_mode(&info->regs);
#else
return (long)info->regs.rip >= 0
|| (info->regs.rip >= VSYSCALL_START && info->regs.rip < VSYSCALL_END) || (info->regs.rip >= VSYSCALL_START && info->regs.rip < VSYSCALL_END)
|| (long)info->regs.rsp >= 0; || (long)info->regs.rsp >= 0;
#endif
} }
#else #else
......
...@@ -95,6 +95,7 @@ static const struct { ...@@ -95,6 +95,7 @@ static const struct {
typedef unsigned long uleb128_t; typedef unsigned long uleb128_t;
typedef signed long sleb128_t; typedef signed long sleb128_t;
#define sleb128abs __builtin_labs
static struct unwind_table { static struct unwind_table {
struct { struct {
...@@ -787,7 +788,7 @@ int unwind(struct unwind_frame_info *frame) ...@@ -787,7 +788,7 @@ int unwind(struct unwind_frame_info *frame)
#define FRAME_REG(r, t) (((t *)frame)[reg_info[r].offs]) #define FRAME_REG(r, t) (((t *)frame)[reg_info[r].offs])
const u32 *fde = NULL, *cie = NULL; const u32 *fde = NULL, *cie = NULL;
const u8 *ptr = NULL, *end = NULL; const u8 *ptr = NULL, *end = NULL;
unsigned long pc = UNW_PC(frame) - frame->call_frame; unsigned long pc = UNW_PC(frame) - frame->call_frame, sp;
unsigned long startLoc = 0, endLoc = 0, cfa; unsigned long startLoc = 0, endLoc = 0, cfa;
unsigned i; unsigned i;
signed ptrType = -1; signed ptrType = -1;
...@@ -936,6 +937,9 @@ int unwind(struct unwind_frame_info *frame) ...@@ -936,6 +937,9 @@ int unwind(struct unwind_frame_info *frame)
state.dataAlign = get_sleb128(&ptr, end); state.dataAlign = get_sleb128(&ptr, end);
if (state.codeAlign == 0 || state.dataAlign == 0 || ptr >= end) if (state.codeAlign == 0 || state.dataAlign == 0 || ptr >= end)
cie = NULL; cie = NULL;
else if (UNW_PC(frame) % state.codeAlign
|| UNW_SP(frame) % sleb128abs(state.dataAlign))
return -EPERM;
else { else {
retAddrReg = state.version <= 1 ? *ptr++ : get_uleb128(&ptr, end); retAddrReg = state.version <= 1 ? *ptr++ : get_uleb128(&ptr, end);
/* skip augmentation */ /* skip augmentation */
...@@ -968,6 +972,8 @@ int unwind(struct unwind_frame_info *frame) ...@@ -968,6 +972,8 @@ int unwind(struct unwind_frame_info *frame)
#ifdef CONFIG_FRAME_POINTER #ifdef CONFIG_FRAME_POINTER
unsigned long top, bottom; unsigned long top, bottom;
if ((UNW_SP(frame) | UNW_FP(frame)) % sizeof(unsigned long))
return -EPERM;
top = STACK_TOP(frame->task); top = STACK_TOP(frame->task);
bottom = STACK_BOTTOM(frame->task); bottom = STACK_BOTTOM(frame->task);
# if FRAME_RETADDR_OFFSET < 0 # if FRAME_RETADDR_OFFSET < 0
...@@ -1018,6 +1024,7 @@ int unwind(struct unwind_frame_info *frame) ...@@ -1018,6 +1024,7 @@ int unwind(struct unwind_frame_info *frame)
|| state.regs[retAddrReg].where == Nowhere || state.regs[retAddrReg].where == Nowhere
|| state.cfa.reg >= ARRAY_SIZE(reg_info) || state.cfa.reg >= ARRAY_SIZE(reg_info)
|| reg_info[state.cfa.reg].width != sizeof(unsigned long) || reg_info[state.cfa.reg].width != sizeof(unsigned long)
|| FRAME_REG(state.cfa.reg, unsigned long) % sizeof(unsigned long)
|| state.cfa.offs % sizeof(unsigned long)) || state.cfa.offs % sizeof(unsigned long))
return -EIO; return -EIO;
/* update frame */ /* update frame */
...@@ -1038,6 +1045,8 @@ int unwind(struct unwind_frame_info *frame) ...@@ -1038,6 +1045,8 @@ int unwind(struct unwind_frame_info *frame)
#else #else
# define CASES CASE(8); CASE(16); CASE(32); CASE(64) # define CASES CASE(8); CASE(16); CASE(32); CASE(64)
#endif #endif
pc = UNW_PC(frame);
sp = UNW_SP(frame);
for (i = 0; i < ARRAY_SIZE(state.regs); ++i) { for (i = 0; i < ARRAY_SIZE(state.regs); ++i) {
if (REG_INVALID(i)) { if (REG_INVALID(i)) {
if (state.regs[i].where == Nowhere) if (state.regs[i].where == Nowhere)
...@@ -1118,6 +1127,11 @@ int unwind(struct unwind_frame_info *frame) ...@@ -1118,6 +1127,11 @@ int unwind(struct unwind_frame_info *frame)
} }
} }
if (UNW_PC(frame) % state.codeAlign
|| UNW_SP(frame) % sleb128abs(state.dataAlign)
|| (pc == UNW_PC(frame) && sp == UNW_SP(frame)))
return -EIO;
return 0; return 0;
#undef CASES #undef CASES
#undef FRAME_REG #undef FRAME_REG
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment