[PATCH v2] riscv: stacktrace: fix stack-out-of-bounds in walk_stackframe()
Matthew Bystrin
dev.mbstr at gmail.com
Mon May 18 13:37:39 PDT 2026
Hi!
> @@ -68,19 +68,24 @@ void notrace walk_stackframe(struct task_struct *task, struct pt_regs *regs,
> pc = task->thread.ra;
> }
>
> + if (!task)
> + task = current;
> +
> + high = (unsigned long)task_pt_regs(task);
After noticing end_of_stack() function I'm not sure task_pt_regs() is the best
candidate for the boundary. Let's see what maintainers are going to say.
> +
> for (;;) {
> struct stackframe *frame;
>
> if (unlikely(!__kernel_text_address(pc) || (level++ >= 0 && !fn(arg, pc))))
> break;
>
> - if (unlikely(!fp_is_valid(fp, sp)))
> + if (unlikely(!fp_is_valid(fp, sp, high)))
> break;
>
> /* Unwind stack frame */
> frame = (struct stackframe *)fp - 1;
> sp = fp;
> - if (regs && (regs->epc == pc) && fp_is_valid(frame->ra, sp)) {
> + if (regs && (regs->epc == pc) && fp_is_valid(frame->ra, sp, high)) {
> /* We hit function where ra is not saved on the stack */
> fp = frame->ra;
> pc = regs->ra;
> --
> 2.34.1
All in all looks fine.
Reviewed-by: Matthew Bystrin <dev.mbstr at gmail.com>
--
Best regards
Matt
More information about the linux-riscv
mailing list