Re: [PATCH] Fix out-by-one error in traps.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-08-30 at 21:44 -0700, Linus Torvalds wrote:
> 
> On Fri, 31 Aug 2007, Rusty Russell wrote:
> >
> > We don't care if ebp is on the stack, we care about ebp + 4.  Without
> > this, lguest (with CONFIG_DEBUG_LOCKDEP) can touch a page unmapped by
> > CONFIG_DEBUG_PAGEALLOC.
> 
> Hmm.. This *really* cannot happen with a normal kernel - it implies that 
> the stack has crossed into an invalid page. 

AFAICT, a corrupt stack could lead us to touch a page which isn't
mapped.  If we assume the stack isn't corrupt, we don't have to do the
valid_stack_ptr() check at all...

> Why is that allowed with lguest? What kind of code could validly *ever* 
> come in here and cause problems?

head.S pushes a "$0" on the stack to stop the unwinder, lguest doesn't.

Here's the lguest fix, but I still think the real fix posted previously
is more important.

Cheers,
Rusty.
===
lguest doesn't terminate stack, upsets unwinder

Copy head.S, which puts a 0 on the stack to terminate ebp-chasing
backtrace code.

Signed-off-by: Rusty Russell <[email protected]>

diff -r 926e5cc964fd drivers/lguest/lguest_asm.S
--- a/drivers/lguest/lguest_asm.S	Fri Aug 31 08:02:08 2007 +1000
+++ b/drivers/lguest/lguest_asm.S	Fri Aug 31 16:01:25 2007 +1000
@@ -19,6 +19,8 @@
  	movl $(init_thread_union+THREAD_SIZE),%esp
 	movl %esi, %eax
 	addl $__PAGE_OFFSET, %eax
+	/* Fake value to stop backtraces with CONFIG_FRAME_POINTER */
+	pushl $0
 	jmp lguest_init
 
 /*G:055 We create a macro which puts the assembler code between lgstart_ and


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux