arm64: Fix again segfault in arm64_is_kernel_exception_frame() when c…

…orrupt stack pointer address is given This is the second trial from the commit 9868ebc that was reverted at the previous commit. As described in the previous commit, result of STACK_OFFSET_TYPE() can be an address out of bt->stackbuf and hence the address needs to be checked prior to being referred to as an pt_regs object. So, to fix the issue, let's check if stkptr points to within the range of the kernel stack first. [ kh: added a warning at Lianbo's suggestion ] Signed-off-by: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
crash-utility · Jun 15, 2023 · 6c8cd9b · 6c8cd9b
1 parent 91a7695
commit 6c8cd9b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/arm64.c b/arm64.c
@@ -2381,6 +2381,12 @@ arm64_is_kernel_exception_frame(struct bt_info *bt, ulong stkptr)
         struct arm64_pt_regs *regs;
 	struct machine_specific *ms = machdep->machspec;
 
+	if (stkptr > STACKSIZE() && !INSTACK(stkptr, bt)) {
+		if (CRASHDEBUG(1))
+			error(WARNING, "stkptr: %lx is outside the kernel stack range\n", stkptr);
+		return FALSE;
+	}
+
         regs = (struct arm64_pt_regs *)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(stkptr))];
 
 	if (INSTACK(regs->sp, bt) && INSTACK(regs->regs[29], bt) &&