hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sparc64: perf: Add sanity checking on addresses in user stack 

Processes are getting killed (sigbus or segv) while walking userspace
callchains when using perf. In some instances I have seen ufp = 0x7ff
which does not seem like a proper stack address.

This patch adds a function to run validity checks against the address
before attempting the copy_from_user. The checks are copied from the
x86 version as a start point with the addition of a 4-byte alignment
check.

Signed-off-by: David Ahern <david.ahern@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern 2015-06-15 16:15:45 -04:00 committed by David S. Miller
parent 2bf7c3efc3
commit b69fb7699c
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
arch/sparc/include/asm/uaccess_64.h
View File

@ -49,6 +49,28 @@ do { \
__asm__ __volatile__ ("wr %%g0, %0, %%asi" : : "r" ((val).seg)); \ __asm__ __volatile__ ("wr %%g0, %0, %%asi" : : "r" ((val).seg)); \
} while(0) } while(0)
/*
* Test whether a block of memory is a valid user space address.
* Returns 0 if the range is valid, nonzero otherwise.
*/
static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, unsigned long limit)
{
if (__builtin_constant_p(size))
return addr > limit - size;
addr += size;
if (addr < size)
return true;
return addr > limit;
}
#define __range_not_ok(addr, size, limit) \
({ \
__chk_user_ptr(addr); \
__chk_range_not_ok((unsigned long __force)(addr), size, limit); \
})
static inline int __access_ok(const void __user * addr, unsigned long size) static inline int __access_ok(const void __user * addr, unsigned long size)
{ {
return 1; return 1;

13
arch/sparc/kernel/perf_event.c
View File

@ -1741,6 +1741,16 @@ void perf_callchain_kernel(struct perf_callchain_entry *entry,
} while (entry->nr < PERF_MAX_STACK_DEPTH); } while (entry->nr < PERF_MAX_STACK_DEPTH);
} }
static inline int
valid_user_frame(const void __user *fp, unsigned long size)
{
/* addresses should be at least 4-byte aligned */
if (((unsigned long) fp) & 3)
return 0;
return (__range_not_ok(fp, size, TASK_SIZE) == 0);
}
static void perf_callchain_user_64(struct perf_callchain_entry *entry, static void perf_callchain_user_64(struct perf_callchain_entry *entry,
struct pt_regs *regs) struct pt_regs *regs)
{ {
@ -1753,6 +1763,9 @@ static void perf_callchain_user_64(struct perf_callchain_entry *entry,
unsigned long pc; unsigned long pc;
usf = (struct sparc_stackf __user *)ufp; usf = (struct sparc_stackf __user *)ufp;
if (!valid_user_frame(usf, sizeof(sf)))
break;
if (__copy_from_user_inatomic(&sf, usf, sizeof(sf))) if (__copy_from_user_inatomic(&sf, usf, sizeof(sf)))
break; break;