[Crash-utility] [PATCH] do not check sp if ip points to user space
Dave Anderson
anderson at redhat.com
Fri Sep 23 13:41:53 UTC 2011
----- Original Message -----
> If the task is a user program, the sp can be points to anywhere,
> because we can modify sp in assembly.
> For example:
>
> .globl main
> .type main, @function
> main:
>
> finit
> subq $16, (%rsp)
> movq $0, (%rsp)
> .loop:
> jmp .loop
>
>
Why would any user task do that?
And what happens when a backtrace is attempted on such a task?
Since the current code would not set BT_USER_SPACE, I'm guessing that it
would run into this (at least on x86_64):
if (!(bt->flags & BT_USER_SPACE) && (!rsp || !accessible(rsp))) {
error(INFO, "cannot determine starting stack pointer\n");
return;
}
I do believe that I put the additional in_user_stack() checks in those
locations for a reason. Consider a task running in kernel mode that
corrupts its return address stack location with a non-kernel address,
or called a function indirectly that had a NULL pointer in it. That
would cause a kernel crash with a non-kernel RIP in its exception frame,
and your patch would mistake it for user-space.
In any case, you're going to have to come up with a more compelling
reason to change all of these locations. (And for that matter, I wonder
why you didn't patch Fujitsu's get_sadump_regs() the same way?)
Dave
More information about the Crash-utility
mailing list