[RFC PATCH v3 2/4] arm64: Check the return PC against unreliable code sections
Mark Brown
broonie at kernel.org
Thu May 6 06:45:42 PDT 2021
On Wed, May 05, 2021 at 01:48:21PM -0500, Madhavan T. Venkataraman wrote:
> On 5/5/21 11:46 AM, Mark Brown wrote:
> > I think that works even if it's hard to love the goto, might want some
> > defensiveness to ensure we can't somehow end up in an infinite loop with
> > a sufficiently badly formed stack.
> I could do something like this:
> unwind_frame()
> {
> int i;
> ...
>
> for (i = 0; i < MAX_CHECKS; i++) {
> if (!check_frame(tsk, frame))
> break;
> }
I think that could work, yes. Have to see the actual code (and other
people's opinions!).
> If this is acceptable, then the only question is - what should be the value of
> MAX_CHECKS (I will rename it to something more appropriate)?
I'd expect something like 10 to be way more than we'd ever need, or we
could define it down to the 2 checks we expect to be possible ATM to be
conservative. I'm tempted to be permissive if we have sufficient other
checks but I'm not 100% sure on that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20210506/e8542b4c/attachment-0001.sig>
More information about the linux-arm-kernel
mailing list