1 files changed, 38 insertions, 18 deletions
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index fb6b6b650719..b68e10fc453d 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -488,31 +488,52 @@ unsigned long notrace unwind_stack_by_address(unsigned long stack_page,
                                              unsigned long pc,
                                              unsigned long *ra)
 {
+        unsigned long low, high, irq_stack_high;
        struct mips_frame_info info;
        unsigned long size, ofs;
+        struct pt_regs *regs;
        int leaf;
-        extern void ret_from_irq(void);
-        extern void ret_from_exception(void);
        if (!stack_page)
                return 0;
        /*
-         * If we reached the bottom of interrupt context,
+         * IRQ stacks start at IRQ_STACK_START
-         * return saved pc in pt_regs.
+         * task stacks at THREAD_SIZE - 32
         */
-        if (pc == (unsigned long)ret_from_irq ||
+        low = stack_page;
-            pc == (unsigned long)ret_from_exception) {
+        if (!preemptible() && on_irq_stack(raw_smp_processor_id(), *sp)) {
-                struct pt_regs *regs;
+                high = stack_page + IRQ_STACK_START;
-                if (*sp >= stack_page &&
+                irq_stack_high = high;
-                    *sp + sizeof(*regs) <= stack_page + THREAD_SIZE - 32) {
+        } else {
-                        regs = (struct pt_regs *)*sp;
+                high = stack_page + THREAD_SIZE - 32;
-                        pc = regs->cp0_epc;
+                irq_stack_high = 0;
-                        if (!user_mode(regs) && __kernel_text_address(pc)) {
+        }
-                                *sp = regs->regs[29];
-                                *ra = regs->regs[31];
+        /*
-                                return pc;
+         * If we reached the top of the interrupt stack, start unwinding
-                        }
+         * the interrupted task stack.
+         */
+        if (unlikely(*sp == irq_stack_high)) {
+                unsigned long task_sp = *(unsigned long *)*sp;
+                /*
+                 * Check that the pointer saved in the IRQ stack head points to
+                 * something within the stack of the current task
+                 */
+                if (!object_is_on_stack((void *)task_sp))
+                        return 0;
+                /*
+                 * Follow pointer to tasks kernel stack frame where interrupted
+                 * state was saved.
+                 */
+                regs = (struct pt_regs *)task_sp;
+                pc = regs->cp0_epc;
+                if (!user_mode(regs) && __kernel_text_address(pc)) {
+                        *sp = regs->regs[29];
+                        *ra = regs->regs[31];
+                        return pc;
                }
                return 0;
        }
@@ -533,8 +554,7 @@ unsigned long notrace unwind_stack_by_address(unsigned long stack_page,
        if (leaf < 0)
                return 0;
-        if (*sp < stack_page ||
+        if (*sp < low || *sp + info.frame_size > high)
-            *sp + info.frame_size > stack_page + THREAD_SIZE - 32)
                return 0;
        if (leaf)

diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index fb6b6b650719..b68e10fc453d 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c
@@ -488,31 +488,52 @@ unsigned long notrace unwind_stack_by_address(unsigned long stack_page,
488	unsigned long pc,	488	unsigned long pc,
489	unsigned long *ra)	489	unsigned long *ra)
490	{	490	{
		491	unsigned long low, high, irq_stack_high;
491	struct mips_frame_info info;	492	struct mips_frame_info info;
492	unsigned long size, ofs;	493	unsigned long size, ofs;
		494	struct pt_regs *regs;
493	int leaf;	495	int leaf;
494	extern void ret_from_irq(void);
495	extern void ret_from_exception(void);
496		496
497	if (!stack_page)	497	if (!stack_page)
498	return 0;	498	return 0;
499		499
500	/*	500	/*
501	* If we reached the bottom of interrupt context,	501	* IRQ stacks start at IRQ_STACK_START
502	* return saved pc in pt_regs.	502	* task stacks at THREAD_SIZE - 32
503	*/	503	*/
504	if (pc == (unsigned long)ret_from_irq \|\|	504	low = stack_page;
505	pc == (unsigned long)ret_from_exception) {	505	if (!preemptible() && on_irq_stack(raw_smp_processor_id(), *sp)) {
506	struct pt_regs *regs;	506	high = stack_page + IRQ_STACK_START;
507	if (*sp >= stack_page &&	507	irq_stack_high = high;
508	sp + sizeof(regs) <= stack_page + THREAD_SIZE - 32) {	508	} else {
509	regs = (struct pt_regs )sp;	509	high = stack_page + THREAD_SIZE - 32;
510	pc = regs->cp0_epc;	510	irq_stack_high = 0;
511	if (!user_mode(regs) && __kernel_text_address(pc)) {	511	}
512	*sp = regs->regs[29];	512
513	*ra = regs->regs[31];	513	/*
514	return pc;	514	* If we reached the top of the interrupt stack, start unwinding
515	}	515	* the interrupted task stack.
		516	*/
		517	if (unlikely(*sp == irq_stack_high)) {
		518	unsigned long task_sp = (unsigned long )*sp;
		519
		520	/*
		521	* Check that the pointer saved in the IRQ stack head points to
		522	* something within the stack of the current task
		523	*/
		524	if (!object_is_on_stack((void *)task_sp))
		525	return 0;
		526
		527	/*
		528	* Follow pointer to tasks kernel stack frame where interrupted
		529	* state was saved.
		530	*/
		531	regs = (struct pt_regs *)task_sp;
		532	pc = regs->cp0_epc;
		533	if (!user_mode(regs) && __kernel_text_address(pc)) {
		534	*sp = regs->regs[29];
		535	*ra = regs->regs[31];
		536	return pc;
516	}	537	}
517	return 0;	538	return 0;
518	}	539	}
@@ -533,8 +554,7 @@ unsigned long notrace unwind_stack_by_address(unsigned long stack_page,
533	if (leaf < 0)	554	if (leaf < 0)
534	return 0;	555	return 0;
535		556
536	if (*sp < stack_page \|\|	557	if (sp < low \|\| sp + info.frame_size > high)
537	*sp + info.frame_size > stack_page + THREAD_SIZE - 32)
538	return 0;	558	return 0;
539		559
540	if (leaf)	560	if (leaf)