From patchwork Wed Dec 10 00:07:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@u-boot.org>
X-Patchwork-Id: 889
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org>
X-Original-To: u-boot-concept@u-boot.org
Delivered-To: u-boot-concept@u-boot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765325421;
	bh=yHAPvqKhi5ljzrAcoSO8m8VoOyJAnpVmAzGb5PVagtg=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=p0yVNTujIxlXGPXdAO6p8z0yLfZ4AbhRhyr7naGkOMINwwBLvQboubMv9xWwFSEo4
	 SXJUsmjsQJfjdfEZ8TYdILV5AzzIdV5kkZyLKJQQ6DhLeqNGU8IOMqPE2VVTVm9fFk
	 1Yfq/ij4kqkjdUDitw03sTv6sjGlkBCc+3hmtF7+ticly1UGdnvp5+OvMhEMoSjlH/
	 QYlP+jX/e4ISxQNUNgF66fQ0JWfpjqkHio/usd+J2aXuzk5k6AmUEVxrU0OkssbxGM
	 f9aMOkjMdJGjfWqYTYiaZSgm3TYwGbYulYI761FhnbyZfWthcnW0EL6rZPQrkb9FTQ
	 Q0W5f9ABu9dww==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 47933689EA
	for <u-boot-concept@u-boot.org>; Tue,  9 Dec 2025 17:10:21 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id SB6JZJqFxIuM for <u-boot-concept@u-boot.org>;
 Tue,  9 Dec 2025 17:10:21 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765325421;
	bh=yHAPvqKhi5ljzrAcoSO8m8VoOyJAnpVmAzGb5PVagtg=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=p0yVNTujIxlXGPXdAO6p8z0yLfZ4AbhRhyr7naGkOMINwwBLvQboubMv9xWwFSEo4
	 SXJUsmjsQJfjdfEZ8TYdILV5AzzIdV5kkZyLKJQQ6DhLeqNGU8IOMqPE2VVTVm9fFk
	 1Yfq/ij4kqkjdUDitw03sTv6sjGlkBCc+3hmtF7+ticly1UGdnvp5+OvMhEMoSjlH/
	 QYlP+jX/e4ISxQNUNgF66fQ0JWfpjqkHio/usd+J2aXuzk5k6AmUEVxrU0OkssbxGM
	 f9aMOkjMdJGjfWqYTYiaZSgm3TYwGbYulYI761FhnbyZfWthcnW0EL6rZPQrkb9FTQ
	 Q0W5f9ABu9dww==
Received: from mail.u-boot.org (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 37E1D68972
	for <u-boot-concept@u-boot.org>; Tue,  9 Dec 2025 17:10:21 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765325420;
	bh=zIzA1T10NcYp+jX2JvjkYAmpxlzMcgabKcMgSBL7dbU=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=uc0TlKijx98GCueMikXQObl7ytYRf2ySxBmLqdpwIL1+ZOhMZeBoDBtg0prEFhcYM
	 tKNOOSv1Xgbujn+PwXX0EghiPigoPyaUGI0aM+lcLeCsQfNiEPH+wBuQtejX0QFkfp
	 OX6W1JvHTiYDiTDPny/+LIGbM9QmMvgSSABcKORIlJ5kZhvCpEkWNlVkFFnGAaI7Uz
	 mIQFyIOjq1Y6cQHOpfxeprVf2Lj4b4QuuiTKVC/9rCDcfadNDDyRafpxDhL4VDkIT6
	 nvOeWGRxYWPhtzgPM2YylcMlDkIY+oflopQ0/tW9XAYwxnTdPTTOg6G0o9ZjKRob/D
	 w3yPkU2zUHXYw==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 39823687A7;
	Tue,  9 Dec 2025 17:10:20 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP
 id N1XHJ1FLc-GS; Tue,  9 Dec 2025 17:10:20 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765325414;
	bh=2sBDxo2+d4L1MKfEZxXUGlD43Ub0rm8dzqIVMl92Guw=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=Wg/M5hsJDZSYK7K6d3HCxDLPTilfOn1kPnLu4OcdwlGfzEecfbLnuMpbZ7Ch/w5aK
	 c7xsLgRZg0voRD7ZT/X+oBGK4WFv0zjWo1i9lkIBRPOvaAbSKqaaEykQNPxcGTYsQK
	 CS+LyabdUAtxByCqx2+Ulb2xFjbmRVNVUlHGXvofu+d4GVBtpDr71fi/rxjOeQJUdv
	 aPKGX45N2wSXlTXZqSYXNplzAY44o5CAigZBcrt0kJ0Aql02fYb0YTYsiG/KzrGHJs
	 +KQ6J+5qOVkGDy6qmHs8AGWh4jFCv9WCzeCzi/aIIqcze8lkHjglFpIavtfndf3oXS
	 Z5iGODImAY7zw==
Received: from u-boot.org (unknown [73.34.74.121])
	by mail.u-boot.org (Postfix) with ESMTPSA id C4655689EA;
	Tue,  9 Dec 2025 17:10:13 -0700 (MST)
From: Simon Glass <sjg@u-boot.org>
To: U-Boot Concept <concept@u-boot.org>
Date: Tue,  9 Dec 2025 17:07:23 -0700
Message-ID: <20251210000737.180797-33-sjg@u-boot.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251210000737.180797-1-sjg@u-boot.org>
References: <20251210000737.180797-1-sjg@u-boot.org>
MIME-Version: 1.0
Message-ID-Hash: TXIMDSP2SFZYIAALR6VSBMNET3GMPZGS
X-Message-ID-Hash: TXIMDSP2SFZYIAALR6VSBMNET3GMPZGS
X-MailFrom: sjg@u-boot.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Simon Glass <simon.glass@canonical.com>, Claude <noreply@anthropic.com>
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Concept] [PATCH 32/35] malloc: Skip backtrace when stack is
 corrupted
List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org>
Archived-At: 
 <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/TXIMDSP2SFZYIAALR6VSBMNET3GMPZGS/>
List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/>
List-Help: <mailto:concept-request@u-boot.org?subject=help>
List-Owner: <mailto:concept-owner@u-boot.org>
List-Post: <mailto:concept@u-boot.org>
List-Subscribe: <mailto:concept-join@u-boot.org>
List-Unsubscribe: <mailto:concept-leave@u-boot.org>

From: Simon Glass <simon.glass@canonical.com>

When the stack is corrupted (e.g., by the stack protector test),
collecting a backtrace during malloc causes a crash because the
backtrace code walks the invalid stack frames.

Update __stack_chk_fail() to set the flag before calling panic()

Also update stackprot_test() to set the flag before intentionally
corrupting the stack. This is needed because of the printf() in the
test: on sandbox printf() results in truetype allocations due to the
console output.

These fixes allow the stack protector test to pass with mcheck enabled.

Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 cmd/stackprot_test.c | 7 +++++++
 common/stackprot.c   | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/cmd/stackprot_test.c b/cmd/stackprot_test.c
index e7ff4a06158..d7fbc3ecca0 100644
--- a/cmd/stackprot_test.c
+++ b/cmd/stackprot_test.c
@@ -4,6 +4,7 @@
  */
 
 #include <command.h>
+#include <malloc.h>
 
 static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int argc,
 				  char *const argv[])
@@ -14,6 +15,12 @@ static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int argc,
 	 */
 	char a[128];
 
+	/*
+	 * Disable backtrace collection before corrupting the stack.
+	 * Otherwise, any malloc (e.g., from printf/font rendering) will
+	 * attempt to collect a backtrace from the corrupted stack and crash.
+	 */
+	malloc_backtrace_skip(true);
 	memset(a, 0xa5, 512);
 
 	printf("We have smashed our stack as this should not exceed 128: sizeof(a) = %zd\n",
diff --git a/common/stackprot.c b/common/stackprot.c
index 4e3297b7d00..408cd6d1e05 100644
--- a/common/stackprot.c
+++ b/common/stackprot.c
@@ -4,6 +4,7 @@
  */
 
 #include <asm/global_data.h>
+#include <malloc.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -13,6 +14,11 @@ void __stack_chk_fail(void)
 {
 	void *ra;
 
+	/*
+	 * When the stack is corrupted, backtrace collection will crash.
+	 * Skip it before calling panic().
+	 */
+	malloc_backtrace_skip(true);
 	ra = __builtin_extract_return_addr(__builtin_return_address(0));
 	panic("Stack smashing detected in function:\n%p relocated from %p",
 	      ra, ra - gd->reloc_off);