Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 433c5f70 authored by David S. Miller's avatar David S. Miller
Browse files

sparc64: Fix end-of-stack checking in save_stack_trace(). 



Bug reported by Alexander Beregalov.

Before we dereference the stack frame or try to peek at the
pt_regs magic value, make sure the entire object is within
the kernel stack bounds.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 764f2579

arch/sparc64/kernel/stacktrace.c

+4 −2
Original line number Diff line number Diff line
@@ -26,13 +26,15 @@ void save_stack_trace(struct stack_trace *trace) 


		/* Bogus frame pointer? */

		if (fp < (thread_base + sizeof(struct thread_info)) ||

		    fp >= (thread_base + THREAD_SIZE))

		    fp > (thread_base + THREAD_SIZE - sizeof(struct sparc_stackf)))

			break;



		sf = (struct sparc_stackf *) fp;

		regs = (struct pt_regs *) (sf + 1);



		if ((regs->magic & ~0x1ff) == PT_REGS_MAGIC) {

		if (((unsigned long)regs <=

		     (thread_base + THREAD_SIZE - sizeof(*regs))) &&

		    (regs->magic & ~0x1ff) == PT_REGS_MAGIC) {

			if (!(regs->tstate & TSTATE_PRIV))

				break;

			pc = regs->tpc;