diff options
| author | Vasily Gorbik <gor@linux.ibm.com> | 2019-07-08 14:24:38 +0200 |
|---|---|---|
| committer | Vasily Gorbik <gor@linux.ibm.com> | 2019-07-11 20:40:02 +0200 |
| commit | 9a159190414d461fdac7ae5bb749c2d532b35419 (patch) | |
| tree | 5a56c4dde47542d0b300506c1a7bb34df0242173 | |
| parent | s390/zcrypt: remove the exporting of ap_query_configuration (diff) | |
| download | linux-9a159190414d461fdac7ae5bb749c2d532b35419.tar.xz linux-9a159190414d461fdac7ae5bb749c2d532b35419.zip | |
s390/unwind: avoid int overflow in outside_of_stack
When current task is interrupted in-between stack frame allocation
and backchain write instructions new stack frame backchain pointer
is left uninitialized. That invalid backchain value is passed into
outside_of_stack for sanity check. Make sure int overflow does not happen
by subtracting stack_frame size from the stack "end" rather than adding
it to "random" backchain value.
Fixes: 41b0474c1b1c ("s390/unwind: introduce stack unwind API")
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
| -rw-r--r-- | arch/s390/kernel/unwind_bc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/kernel/unwind_bc.c b/arch/s390/kernel/unwind_bc.c index 3ce8a0808059..8fc9daae47a2 100644 --- a/arch/s390/kernel/unwind_bc.c +++ b/arch/s390/kernel/unwind_bc.c @@ -20,7 +20,7 @@ EXPORT_SYMBOL_GPL(unwind_get_return_address); static bool outside_of_stack(struct unwind_state *state, unsigned long sp) { return (sp <= state->sp) || - (sp + sizeof(struct stack_frame) > state->stack_info.end); + (sp > state->stack_info.end - sizeof(struct stack_frame)); } static bool update_stack_info(struct unwind_state *state, unsigned long sp) |