From: Simon Glass <simon.glass@canonical.com>
When the stack is corrupted (e.g., by the stack protector test),
collecting a backtrace during malloc causes a crash because the
backtrace code walks the invalid stack frames.
Update __stack_chk_fail() to set the flag before calling panic()
Also update stackprot_test() to set the flag before intentionally
corrupting the stack. This is needed because of the printf() in the
test: on sandbox printf() results in truetype allocations due to the
console output.
These fixes allow the stack protector test to pass with mcheck enabled.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---
cmd/stackprot_test.c | 7 +++++++
common/stackprot.c | 6 ++++++
2 files changed, 13 insertions(+)
@@ -4,6 +4,7 @@
*/
#include <command.h>
+#include <malloc.h>
static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
@@ -14,6 +15,12 @@ static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int argc,
*/
char a[128];
+ /*
+ * Disable backtrace collection before corrupting the stack.
+ * Otherwise, any malloc (e.g., from printf/font rendering) will
+ * attempt to collect a backtrace from the corrupted stack and crash.
+ */
+ malloc_backtrace_skip(true);
memset(a, 0xa5, 512);
printf("We have smashed our stack as this should not exceed 128: sizeof(a) = %zd\n",
@@ -4,6 +4,7 @@
*/
#include <asm/global_data.h>
+#include <malloc.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -13,6 +14,11 @@ void __stack_chk_fail(void)
{
void *ra;
+ /*
+ * When the stack is corrupted, backtrace collection will crash.
+ * Skip it before calling panic().
+ */
+ malloc_backtrace_skip(true);
ra = __builtin_extract_return_addr(__builtin_return_address(0));
panic("Stack smashing detected in function:\n%p relocated from %p",
ra, ra - gd->reloc_off);