| Message ID | 20230926105949.1025995-2-twuufnxlz@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | riscv: fix out of bounds in walk_stackframe | expand |
diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c index 64a9c093aef9..53bd18672329 100644 --- a/arch/riscv/kernel/stacktrace.c +++ b/arch/riscv/kernel/stacktrace.c @@ -54,6 +54,8 @@ void notrace walk_stackframe(struct task_struct *task, struct pt_regs *regs, break; /* Unwind stack frame */ frame = (struct stackframe *)fp - 1; + if (!virt_addr_valid(frame)) + break; sp = fp; if (regs && (regs->epc == pc) && (frame->fp & 0x7)) { fp = frame->ra;
Increase the check on the frame after assigning its value. This is to prevent frame access from crossing boundaries. Reported-and-tested-by: syzbot+8d2757d62d403b2d9275@syzkaller.appspotmail.com Signed-off-by: Edward AD <twuufnxlz@gmail.com> --- arch/riscv/kernel/stacktrace.c | 2 ++ 1 file changed, 2 insertions(+)