| Message ID | 20190401035557.22191-1-liwei391@huawei.com (mailing list archive) |
|---|---|
| State | Mainlined, archived |
| Commit | 1c41860864c8ae0387ef7d44f0000e99cbb2e06d |
| Headers | show |
| Series | arm64: fix wrong check of on_sdei_stack in nmi context | expand |
Hi Wei, On 01/04/2019 04:55, Wei Li wrote: > When doing unwind_frame() in the context of pseudo nmi (need enable > CONFIG_ARM64_PSEUDO_NMI), reaching the botton of the stack (fp == 0, > pc != 0), function on_sdei_stack() will return true while the sdei acpi > table is not inited in fact. This will cause a "NULL pointer dereference" > oops when going on. > > Signed-off-by: Wei Li <liwei391@huawei.com> Thanks for catching this. The change makes sense to me. Reviewed-by: Julien Thierry <julien.thierry@arm.com> > --- > arch/arm64/kernel/sdei.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/arm64/kernel/sdei.c b/arch/arm64/kernel/sdei.c > index 5ba4465e44f0..ea94cf8f9dc6 100644 > --- a/arch/arm64/kernel/sdei.c > +++ b/arch/arm64/kernel/sdei.c > @@ -94,6 +94,9 @@ static bool on_sdei_normal_stack(unsigned long sp, struct stack_info *info) > unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_normal_ptr); > unsigned long high = low + SDEI_STACK_SIZE; > > + if (!low) > + return false; > + > if (sp < low || sp >= high) > return false; > > @@ -111,6 +114,9 @@ static bool on_sdei_critical_stack(unsigned long sp, struct stack_info *info) > unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_critical_ptr); > unsigned long high = low + SDEI_STACK_SIZE; > > + if (!low) > + return false; > + > if (sp < low || sp >= high) > return false; > >
On 2019/4/1 11:55, Wei Li wrote: > When doing unwind_frame() in the context of pseudo nmi (need enable > CONFIG_ARM64_PSEUDO_NMI), reaching the botton of the stack (fp == 0, botton -> bottom? Heyi > pc != 0), function on_sdei_stack() will return true while the sdei acpi > table is not inited in fact. This will cause a "NULL pointer dereference" > oops when going on. > > Signed-off-by: Wei Li <liwei391@huawei.com> > --- > arch/arm64/kernel/sdei.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/arm64/kernel/sdei.c b/arch/arm64/kernel/sdei.c > index 5ba4465e44f0..ea94cf8f9dc6 100644 > --- a/arch/arm64/kernel/sdei.c > +++ b/arch/arm64/kernel/sdei.c > @@ -94,6 +94,9 @@ static bool on_sdei_normal_stack(unsigned long sp, struct stack_info *info) > unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_normal_ptr); > unsigned long high = low + SDEI_STACK_SIZE; > > + if (!low) > + return false; > + > if (sp < low || sp >= high) > return false; > > @@ -111,6 +114,9 @@ static bool on_sdei_critical_stack(unsigned long sp, struct stack_info *info) > unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_critical_ptr); > unsigned long high = low + SDEI_STACK_SIZE; > > + if (!low) > + return false; > + > if (sp < low || sp >= high) > return false; >
On Mon, Apr 01, 2019 at 11:55:57AM +0800, Wei Li wrote: > When doing unwind_frame() in the context of pseudo nmi (need enable > CONFIG_ARM64_PSEUDO_NMI), reaching the botton of the stack (fp == 0, > pc != 0), function on_sdei_stack() will return true while the sdei acpi > table is not inited in fact. This will cause a "NULL pointer dereference" > oops when going on. > > Signed-off-by: Wei Li <liwei391@huawei.com> Thanks. I'll queue it for -rc4.
diff --git a/arch/arm64/kernel/sdei.c b/arch/arm64/kernel/sdei.c index 5ba4465e44f0..ea94cf8f9dc6 100644 --- a/arch/arm64/kernel/sdei.c +++ b/arch/arm64/kernel/sdei.c @@ -94,6 +94,9 @@ static bool on_sdei_normal_stack(unsigned long sp, struct stack_info *info) unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_normal_ptr); unsigned long high = low + SDEI_STACK_SIZE; + if (!low) + return false; + if (sp < low || sp >= high) return false; @@ -111,6 +114,9 @@ static bool on_sdei_critical_stack(unsigned long sp, struct stack_info *info) unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_critical_ptr); unsigned long high = low + SDEI_STACK_SIZE; + if (!low) + return false; + if (sp < low || sp >= high) return false;
When doing unwind_frame() in the context of pseudo nmi (need enable CONFIG_ARM64_PSEUDO_NMI), reaching the botton of the stack (fp == 0, pc != 0), function on_sdei_stack() will return true while the sdei acpi table is not inited in fact. This will cause a "NULL pointer dereference" oops when going on. Signed-off-by: Wei Li <liwei391@huawei.com> --- arch/arm64/kernel/sdei.c | 6 ++++++ 1 file changed, 6 insertions(+)