From nobody Fri Apr 3 22:35:09 2026 Received: from mail115-95.sinamail.sina.com.cn (mail115-95.sinamail.sina.com.cn [218.30.115.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77CA831E848 for ; Mon, 23 Mar 2026 06:31:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=218.30.115.95 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774247496; cv=none; b=KlTYti5D2DHKsUw7+N3z/wFFbLi7wjou1kOCJb3oKN0rvwrmAxJAi1Eq/RWiZzSFTLOA5RpxM+SZHGKqN8A4nYWs/ba7gk8sIqsN7VWntDAvbzacqP+vnm/w7KUDuJm+nsczdxEw8UwhFcsSjiM76ZcK0TfX3praHbgdptsJlOU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774247496; c=relaxed/simple; bh=Rs2neo4FxLnmJGr6Qjf/JC9WoglZcU1W5DKFZwrmMtY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=Vpwq7HKVKSe6xrCXx023NEVn79i+wbDZP3XSw5mt+DqlJRVrABLuMwvByQHUHy19wkMN0csMngkMUYQWQFx11Q+bs+SOll5sNv/9reU7M8leJHb/b+eRJuYiMH1ffOApPTohLBIi6krVyQN/2tKaH3yNNuOP6tSsJv4tp013PMg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sina.cn; spf=pass smtp.mailfrom=sina.cn; dkim=pass (1024-bit key) header.d=sina.cn header.i=@sina.cn header.b=BI+BvS41; arc=none smtp.client-ip=218.30.115.95 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sina.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.cn Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=sina.cn header.i=@sina.cn header.b="BI+BvS41" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sina.cn; s=201208; t=1774247491; bh=w/6QTn2RrWbgNuU6QaGGcFWM01G6XO+tMUvHhd4TYjY=; h=From:Subject:Date:Message-Id; b=BI+BvS41Enwk5qCALlB8LLF55Tebfw6cKtNd4l+HqaJ3YqT3SnM94Ba5eAyPktFI8 4AGyBIHMuGfZC4t1ugGA83NEAwldM8RT00LRGj5gLJkCRCqNmFF96j5IN4oEC79dDJ lxCRFH1RYAKgki8OhJswQPWHSSo9WijWU3dZA8Yg= X-SMAIL-HELO: NTT-kernel-dev Received: from unknown (HELO NTT-kernel-dev)([60.247.85.88]) by sina.cn (10.185.250.23) with ESMTP id 69C0DE330000165C; Mon, 23 Mar 2026 14:31:19 +0800 (CST) X-Sender: jianqkang@sina.cn X-Auth-ID: jianqkang@sina.cn Authentication-Results: sina.cn; spf=none smtp.mailfrom=jianqkang@sina.cn; dkim=none header.i=none; dmarc=none action=none header.from=jianqkang@sina.cn X-SMAIL-MID: 6027208913430 X-SMAIL-UIID: F608F980582B4633BEBF41786CA6AB3D-20260323-143119-1 From: Jianqiang kang To: gregkh@linuxfoundation.org, stable@vger.kernel.org, zhangchunyan@iscas.ac.cn Cc: patches@lists.linux.dev, linux-kernel@vger.kernel.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, xujiakai2025@iscas.ac.cn, linux-riscv@lists.infradead.org, pjw@kernel.org Subject: [PATCH 6.1.y] riscv: stacktrace: Disable KASAN checks for non-current tasks Date: Mon, 23 Mar 2026 14:31:14 +0800 Message-Id: <20260323063115.3555043-1-jianqkang@sina.cn> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Chunyan Zhang [ Upstream commit 060ea84a484e852b52b938f234bf9b5503a6c910 ] Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460" There is a same issue on x86 and has been resolved by the commit 84936118bdf3 ("x86/unwind: Disable KASAN checks for non-current tasks") The solution could be applied to RISC-V too. This patch also can solve the issue: https://seclists.org/oss-sec/2025/q4/23 Fixes: 5d8544e2d007 ("RISC-V: Generic library routines and assembly") Co-developed-by: Jiakai Xu Signed-off-by: Jiakai Xu Signed-off-by: Chunyan Zhang Link: https://lore.kernel.org/r/20251022072608.743484-1-zhangchunyan@iscas.= ac.cn [pjw@kernel.org: clean up checkpatch issues] Signed-off-by: Paul Walmsley [ Minor conflict resolved. ] Signed-off-by: Jianqiang kang --- arch/riscv/kernel/stacktrace.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c index 10e311b2759d..4f78b7962651 100644 --- a/arch/riscv/kernel/stacktrace.c +++ b/arch/riscv/kernel/stacktrace.c @@ -16,6 +16,22 @@ =20 #ifdef CONFIG_FRAME_POINTER =20 +/* + * This disables KASAN checking when reading a value from another task's s= tack, + * since the other task could be running on another CPU and could have poi= soned + * the stack in the meantime. + */ +#define READ_ONCE_TASK_STACK(task, x) \ +({ \ + unsigned long val; \ + unsigned long addr =3D x; \ + if ((task) =3D=3D current) \ + val =3D READ_ONCE(addr); \ + else \ + val =3D READ_ONCE_NOCHECK(addr); \ + val; \ +}) + extern asmlinkage void ret_from_exception(void); =20 static inline int fp_is_valid(unsigned long fp, unsigned long sp) @@ -68,8 +84,9 @@ void notrace walk_stackframe(struct task_struct *task, st= ruct pt_regs *regs, fp =3D frame->ra; pc =3D regs->ra; } else { - fp =3D frame->fp; - pc =3D ftrace_graph_ret_addr(current, &graph_idx, frame->ra, + fp =3D READ_ONCE_TASK_STACK(task, frame->fp); + pc =3D READ_ONCE_TASK_STACK(task, frame->ra); + pc =3D ftrace_graph_ret_addr(current, &graph_idx, pc, &frame->ra); if (pc =3D=3D (unsigned long)ret_from_exception) { if (unlikely(!__kernel_text_address(pc) || !fn(arg, pc))) --=20 2.34.1