[PATCH] ARM: vfp: avoid unbalanced stack on 'success' return path
Ard Biesheuvel
ardb at kernel.org
Mon May 8 07:55:51 PDT 2023
On Mon, 8 May 2023 at 08:17, Linus Walleij <linus.walleij at linaro.org> wrote:
>
> On Sat, May 6, 2023 at 6:13 PM Ard Biesheuvel <ardb at kernel.org> wrote:
>
> > Commit c76c6c4ecbec0deb5 ("ARM: 9294/2: vfp: Fix broken softirq handling
> > with instrumentation enabled") updated the VFP exception entry logic to
> > go via a C function, so that we get the compiler's version of
> > local_bh_disable(), which may be instrumented, and isn't generally
> > callable from assembler.
> >
> > However, this assumes that passing an alternative 'success' return
> > address works in C as it does in asm, and this is only the case if the C
> > calls in question are tail calls, as otherwise, the stack will need some
> > unwinding as well.
>
> Aha I get it.
>
> > I have already sent patches to the list that replace most of the asm
> > logic with C code, and so it is preferable to have a minimal fix that
> > addresses the issue and can be backported along with the commit that it
> > fixes to v6.3 from v6.4. Hopefully, we can land the C conversion for v6.5.
> >
> > So instead of passing the 'success' return address as a function
> > argument, pass the stack address from where to pop it so that both LR
> > and SP have the expected value.
> >
> > Fixes: c76c6c4ecbec0deb5 ("ARM: 9294/2: vfp: Fix broken softirq handling with ...")
> > Reported-by: syzbot+d4b00edc2d0c910d4bf4 at syzkaller.appspotmail.com
> > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
>
> FWIW: Looks correct to me!
> Reviewed-by: Linus Walleij <linus.walleij at linaro.org>
>
Thanks! I've dropped this into the patch tracker.
More information about the linux-arm-kernel
mailing list