Re: [RFC PATCH v3 2/4] arm64: Check the return PC against unreliable code sections

[Madhavan T. Venkataraman]

On 5/6/21 8:45 AM, Mark Brown wrote:
> On Wed, May 05, 2021 at 01:48:21PM -0500, Madhavan T. Venkataraman wrote:
>> On 5/5/21 11:46 AM, Mark Brown wrote:
> 
>>> I think that works even if it's hard to love the goto, might want some
>>> defensiveness to ensure we can't somehow end up in an infinite loop with
>>> a sufficiently badly formed stack.
> 
>> I could do something like this:
> 
>> unwind_frame()
>> {
>> 	int	i;
>> 	...
>>
>> 	for (i = 0; i < MAX_CHECKS; i++) {
>> 		if (!check_frame(tsk, frame))
>> 			break;
>> 	}
> 
> I think that could work, yes.  Have to see the actual code (and other
> people's opinions!).
> 
>> If this is acceptable, then the only question is - what should be the value of
>> MAX_CHECKS (I will rename it to something more appropriate)?
> 
> I'd expect something like 10 to be way more than we'd ever need, or we
> could define it down to the 2 checks we expect to be possible ATM to be
> conservative.  I'm tempted to be permissive if we have sufficient other
> checks but I'm not 100% sure on that.
> 

OK. I will implement these changes for version 4 and send it out so this
whole thing can be reviewed again with the actual changes in front of us.

Madhavan