From patchwork Wed Oct 10 06:46:12 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Todd Poynor X-Patchwork-Id: 1572281 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) by patchwork1.kernel.org (Postfix) with ESMTP id 49E373FD9C for ; Wed, 10 Oct 2012 06:48:31 +0000 (UTC) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux)) id 1TLq3v-0007Q1-OW; Wed, 10 Oct 2012 06:46:35 +0000 Received: from mail-la0-f73.google.com ([209.85.215.73]) by merlin.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1TLq3r-0007PF-E5 for linux-arm-kernel@lists.infradead.org; Wed, 10 Oct 2012 06:46:32 +0000 Received: by mail-la0-f73.google.com with SMTP id b11so12268lam.0 for ; Tue, 09 Oct 2012 23:46:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer; bh=8h/GhLDXWU5d+LCDOeiUeynOO1SpHG++ppmVXBN5UdQ=; b=XqVBLEitZZyqjgLwEkOR1gsGd3DtpsLN0pwx07ttraS3mN9EZINTz6v2ATmCybj8gV RhbG6VLLKwjFfMy0lwycc4RC/IZEGjTRrydgQCeDcJJhPugcGmPtLKQKewoy3MHMgf7D 3Hr3R9vy2/J7Vm9SvhC+lc/ZTSQnKMUZVrChILpyLIKADNBMKODGvtJLvNRAnpnC8fZQ /kpbUvQLEiV0NT6C2vAuV/kEA338/0ovffOHjOd/mu/jlEGJo0PpcScpq/PRKbcSGlgr j/CVa3gnz+VFiJj37rvRcpksAwk1FZDvu6uzNgNUvdnChVWlzNF3ES3KI4XNGRRdsn/4 NoAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:x-gm-message-state; bh=8h/GhLDXWU5d+LCDOeiUeynOO1SpHG++ppmVXBN5UdQ=; b=jCcpQdgbRO3R+eNThXktxaqDiVoHwFpqj+qZeQrlX2qLvAJyu06hQRbSdc431L81Qe 37FLG+0On48Oc4LieoDXPTsvMr4oFY6wQsX14mDfZLLFyO4ZAEB3dlobt2bhVJdZf29N xg0HgDsABoRQ7mO4cXG4gghyXgdv+mAF5xuis4DgDltA7nYTmBLnZcsSf2nEcoZI6cUg /wjzTL7ooVGo+JUkJrC0Mbm3WVJjPCpkbiAU7NrvqCJ0ILQEYl6tzhcjci5YPnPGVs3s SJotMCmHoy8VEd3tslyu13hqI51nSTjwDQLGduRDXzzDB0ifxOUyeu9IccGMwtDMz5ZZ Wvzg== Received: by 10.180.73.134 with SMTP id l6mr1159006wiv.1.1349851585256; Tue, 09 Oct 2012 23:46:25 -0700 (PDT) Received: from hpza10.eem.corp.google.com ([74.125.121.33]) by gmr-mx.google.com with ESMTPS id bu8si61076wib.2.2012.10.09.23.46.25 (version=TLSv1/SSLv3 cipher=AES128-SHA); Tue, 09 Oct 2012 23:46:25 -0700 (PDT) Received: from toddpoynor2.mtv.corp.google.com (toddpoynor2.mtv.corp.google.com [172.18.104.48]) by hpza10.eem.corp.google.com (Postfix) with ESMTP id D647820004E; Tue, 9 Oct 2012 23:46:24 -0700 (PDT) Received: by toddpoynor2.mtv.corp.google.com (Postfix, from userid 115684) id 1778E144B6F; Tue, 9 Oct 2012 23:46:23 -0700 (PDT) From: Todd Poynor To: Russell King , linux-arm-kernel@lists.infradead.org Subject: [PATCH] ARM: backtrace: avoid crash on large invalid fp value Date: Tue, 9 Oct 2012 23:46:12 -0700 Message-Id: <1349851572-9967-1-git-send-email-toddpoynor@google.com> X-Mailer: git-send-email 1.7.7.3 X-Gm-Message-State: ALoCoQmXBIbAmvm1qDlPngL3ME5emeG32Oy49AA3RVwpmiI213uqb+8IWyLLE1L9QyXayuPNulJW08SnxNhXBDPTmt2zvdZGDBzlIPj7oIyT4UiNh3SX0FzAS3V8iAU4RCn20XVDvd4JVe4/VPAU/RNVLVGRAQhgUKjpvtlOtOn2z1Sq3pQQ/CCkH/FRb0t3gnifxNIEcY7rfBSI16XivjxYz+gGqmWtJg== X-Spam-Note: CRM114 invocation failed X-Spam-Score: -4.8 (----) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-4.8 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [209.85.215.73 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -2.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Cc: Todd Poynor X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-arm-kernel-bounces@lists.infradead.org Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Invalid frame pointer (signed) -4 <= fp <= -1 defeats check for too high on overflow. Signed-off-by: Todd Poynor --- arch/arm/kernel/stacktrace.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c index 00f79e5..6315162 100644 --- a/arch/arm/kernel/stacktrace.c +++ b/arch/arm/kernel/stacktrace.c @@ -31,7 +31,7 @@ int notrace unwind_frame(struct stackframe *frame) high = ALIGN(low, THREAD_SIZE); /* check current frame pointer is within bounds */ - if (fp < (low + 12) || fp + 4 >= high) + if (fp < (low + 12) || fp >= high - 4) return -EINVAL; /* restore the registers from the stack frame */