CVE-2023-54322

In the Linux kernel, the following vulnerability has been resolved:

arm64: set __exceptionirqentry with _irqentry as a default

filterirqstacks() is supposed to cut entries which are related irq entries from its call stack. And inirqentrytext() which is called by filterirqstacks() uses __irqentrytextstart/end symbol to find irq entries in callstack.

But it doesn't work correctly as without "CONFIGFUNCTIONGRAPHTRACER", arm64 kernel doesn't include gichandle_irq which is entry point of arm64 irq between __irqentrytextstart and __irqentrytextend as we discussed in below link. https://lore.kernel.org/all/CACT4Y+aReMGLYua2rCLHgFpS9io5cZC04Q8GLs-uNmrn1ezxYQ@mail.gmail.com/#t

This problem can makes unintentional deep call stack entries especially in KASAN enabled situation as below.

[ 2479.383395]I[0:launcher-loader: 1719] Stack depot reached limit capacity [ 2479.383538]I[0:launcher-loader: 1719] WARNING: CPU: 0 PID: 1719 at lib/stackdepot.c:129 __stackdepotsave+0x464/0x46c [ 2479.385693]I[0:launcher-loader: 1719] pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 2479.385724]I[0:launcher-loader: 1719] pc : __stackdepotsave+0x464/0x46c [ 2479.385751]I[0:launcher-loader: 1719] lr : __stackdepotsave+0x460/0x46c [ 2479.385774]I[0:launcher-loader: 1719] sp : ffffffc0080073c0 [ 2479.385793]I[0:launcher-loader: 1719] x29: ffffffc0080073e0 x28: ffffffd00b78a000 x27: 0000000000000000 [ 2479.385839]I[0:launcher-loader: 1719] x26: 000000000004d1dd x25: ffffff891474f000 x24: 00000000ca64d1dd [ 2479.385882]I[0:launcher-loader: 1719] x23: 0000000000000200 x22: 0000000000000220 x21: 0000000000000040 [ 2479.385925]I[0:launcher-loader: 1719] x20: ffffffc008007440 x19: 0000000000000000 x18: 0000000000000000 [ 2479.385969]I[0:launcher-loader: 1719] x17: 2065726568207475 x16: 000000000000005e x15: 2d2d2d2d2d2d2d20 [ 2479.386013]I[0:launcher-loader: 1719] x14: 5d39313731203a72 x13: 00000000002f6b30 x12: 00000000002f6af8 [ 2479.386057]I[0:launcher-loader: 1719] x11: 00000000ffffffff x10: ffffffb90aacf000 x9 : e8a74a6c16008800 [ 2479.386101]I[0:launcher-loader: 1719] x8 : e8a74a6c16008800 x7 : 00000000002f6b30 x6 : 00000000002f6af8 [ 2479.386145]I[0:launcher-loader: 1719] x5 : ffffffc0080070c8 x4 : ffffffd00b192380 x3 : ffffffd0092b313c [ 2479.386189]I[0:launcher-loader: 1719] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000022 [ 2479.386231]I[0:launcher-loader: 1719] Call trace: [ 2479.386248]I[0:launcher-loader: 1719] __stackdepotsave+0x464/0x46c [ 2479.386273]I[0:launcher-loader: 1719] kasansavestack+0x58/0x70 [ 2479.386303]I[0:launcher-loader: 1719] savestackinfo+0x34/0x138 [ 2479.386331]I[0:launcher-loader: 1719] kasansavefree_info+0x18/0x24 [ 2479.386358]I[0:launcher-loader: 1719] ____kasanslabfree+0x16c/0x170 [ 2479.386385]I[0:launcher-loader: 1719] __kasanslabfree+0x10/0x20 [ 2479.386410]I[0:launcher-loader: 1719] kmemcachefree+0x238/0x53c [ 2479.386435]I[0:launcher-loader: 1719] mempoolfreeslab+0x1c/0x28 [ 2479.386460]I[0:launcher-loader: 1719] mempoolfree+0x7c/0x1a0 [ 2479.386484]I[0:launcher-loader: 1719] bvecfree+0x34/0x80 [ 2479.386514]I[0:launcher-loader: 1719] biofree+0x60/0x98 [ 2479.386540]I[0:launcher-loader: 1719] bioput+0x50/0x21c [ 2479.386567]I[0:launcher-loader: 1719] f2fswriteendio+0x4ac/0x4d0 [ 2479.386594]I[0:launcher-loader: 1719] bioendio+0x2dc/0x300 [ 2479.386622]I[0:launcher-loader: 1719] _dmiocomplete+0x324/0x37c [ 2479.386650]I[0:launcher-loader: 1719] dmiodecpending+0x60/0xa4 [ 2479.386676]I[0:launcher-loader: 1719] cloneendio+0xf8/0x2f0 [ 2479.386700]I[0:launcher-loader: 1719] bioendio+0x2dc/0x300 [ 2479.386727]I[0:launcher-loader: 1719] blkupdaterequest+0x258/0x63c [ 2479.386754]I[0:launcher-loader: 1719] scsiendrequest+0x50/0x304 [ 2479.386782]I[0:launcher-loader: 1719] scsiiocompletion+0x88/0x160 [ 2479.386808]I[0:launcher-loader: 1719] scsifinishcommand+0x17c/0x194 [ 2479.386833]I ---truncated---