1 files changed, 2 insertions, 8 deletions

diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
index d31735f37ed7..9d4bf3ab049e 100644
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
@@ -2352,7 +2352,7 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent
                 frame.next_frame     = 0;
                 frame.return_address = 0;
 
-                if (!access_ok(VERIFY_READ, fp, 8))
+                if (!valid_user_frame(fp, sizeof(frame)))
                         break;
 
                 bytes = __copy_from_user_nmi(&frame.next_frame, fp, 4);
@@ -2362,9 +2362,6 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent
                 if (bytes != 0)
                         break;
 
-                if (!valid_user_frame(fp, sizeof(frame)))
-                        break;
-
                 perf_callchain_store(entry, cs_base + frame.return_address);
                 fp = compat_ptr(ss_base + frame.next_frame);
         }
@@ -2413,7 +2410,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs
                 frame.next_frame             = NULL;
                 frame.return_address = 0;
 
-                if (!access_ok(VERIFY_READ, fp, sizeof(*fp) * 2))
+                if (!valid_user_frame(fp, sizeof(frame)))
                         break;
 
                 bytes = __copy_from_user_nmi(&frame.next_frame, fp, sizeof(*fp));
@@ -2423,9 +2420,6 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs
                 if (bytes != 0)
                         break;
 
-                if (!valid_user_frame(fp, sizeof(frame)))
-                        break;
-
                 perf_callchain_store(entry, frame.return_address);
                 fp = (void __user *)frame.next_frame;
         }