tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

objtool: Fix another stack overflow in validate_branch()

The insn state is getting saved on the stack twice for each recursive
iteration. No need for that, once is enough.

Fixes the following reported stack overflow:

drivers/scsi/qla2xxx/qla_dbg.o: error: SIGSEGV: objtool stack overflow!
Segmentation fault

Fixes: 70589843b36f ("objtool: Add option to trace function validation")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Closes: https://lore.kernel.org/90956545-2066-46e3-b547-10c884582eb0@app.fastmail.com
Link: https://patch.msgid.link/8b97f62d083457f3b0a29a424275f7957dd3372f.1772821683.git.jpoimboe@kernel.org
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>

Josh Poimboeuf 9a73f085 7fdaa640

+5 -5
+5 -5
tools/objtool/check.c
··· 3748 3748 static int validate_branch(struct objtool_file *file, struct symbol *func, 3749 3749 struct instruction *insn, struct insn_state state); 3750 3750 static int do_validate_branch(struct objtool_file *file, struct symbol *func, 3751 - struct instruction *insn, struct insn_state state); 3751 + struct instruction *insn, struct insn_state *state); 3752 3752 3753 3753 static int validate_insn(struct objtool_file *file, struct symbol *func, 3754 3754 struct instruction *insn, struct insn_state *statep, ··· 4013 4013 * tools/objtool/Documentation/objtool.txt. 4014 4014 */ 4015 4015 static int do_validate_branch(struct objtool_file *file, struct symbol *func, 4016 - struct instruction *insn, struct insn_state state) 4016 + struct instruction *insn, struct insn_state *state) 4017 4017 { 4018 4018 struct instruction *next_insn, *prev_insn = NULL; 4019 4019 bool dead_end; ··· 4044 4044 return 1; 4045 4045 } 4046 4046 4047 - ret = validate_insn(file, func, insn, &state, prev_insn, next_insn, 4047 + ret = validate_insn(file, func, insn, state, prev_insn, next_insn, 4048 4048 &dead_end); 4049 4049 4050 4050 if (!insn->trace) { ··· 4055 4055 } 4056 4056 4057 4057 if (!dead_end && !next_insn) { 4058 - if (state.cfi.cfa.base == CFI_UNDEFINED) 4058 + if (state->cfi.cfa.base == CFI_UNDEFINED) 4059 4059 return 0; 4060 4060 if (file->ignore_unreachables) 4061 4061 return 0; ··· 4080 4080 int ret; 4081 4081 4082 4082 trace_depth_inc(); 4083 - ret = do_validate_branch(file, func, insn, state); 4083 + ret = do_validate_branch(file, func, insn, &state); 4084 4084 trace_depth_dec(); 4085 4085 4086 4086 return ret;