diff options
author | Linus Torvalds <torvalds@woody.osdl.org> | 2006-11-17 14:14:56 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.osdl.org> | 2006-11-17 14:14:56 -0500 |
commit | 808dbbb6bb61173bf52946a28f99089d2efa4c55 (patch) | |
tree | 4d221ed1e66ea09d244b248bb27998ac2efda119 | |
parent | 1ff5683043196b9ad628a5de6bf8eeca52ee8bfd (diff) |
x86: be more careful when walking back the frame pointer chain
When showing the stack backtrace, make sure that we never accept not
only an unchanging frame pointer, but also a frame pointer that moves
back down the stack frame. It must always grow up (toward older stack
frames).
I doubt this has triggered, but a subtly corrupt stack with extremely
unlucky contents could cause us to loop forever on a bogus endless frame
pointer chain.
This review was triggered by much worse problems happening in some of
the other stack unwinding code.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | arch/i386/kernel/traps.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/arch/i386/kernel/traps.c b/arch/i386/kernel/traps.c index 00489b706d27..fe9c5e8e7e6f 100644 --- a/arch/i386/kernel/traps.c +++ b/arch/i386/kernel/traps.c | |||
@@ -129,15 +129,19 @@ static inline unsigned long print_context_stack(struct thread_info *tinfo, | |||
129 | 129 | ||
130 | #ifdef CONFIG_FRAME_POINTER | 130 | #ifdef CONFIG_FRAME_POINTER |
131 | while (valid_stack_ptr(tinfo, (void *)ebp)) { | 131 | while (valid_stack_ptr(tinfo, (void *)ebp)) { |
132 | unsigned long new_ebp; | ||
132 | addr = *(unsigned long *)(ebp + 4); | 133 | addr = *(unsigned long *)(ebp + 4); |
133 | ops->address(data, addr); | 134 | ops->address(data, addr); |
134 | /* | 135 | /* |
135 | * break out of recursive entries (such as | 136 | * break out of recursive entries (such as |
136 | * end_of_stack_stop_unwind_function): | 137 | * end_of_stack_stop_unwind_function). Also, |
138 | * we can never allow a frame pointer to | ||
139 | * move downwards! | ||
137 | */ | 140 | */ |
138 | if (ebp == *(unsigned long *)ebp) | 141 | new_ebp = *(unsigned long *)ebp; |
142 | if (new_ebp <= ebp) | ||
139 | break; | 143 | break; |
140 | ebp = *(unsigned long *)ebp; | 144 | ebp = new_ebp; |
141 | } | 145 | } |
142 | #else | 146 | #else |
143 | while (valid_stack_ptr(tinfo, stack)) { | 147 | while (valid_stack_ptr(tinfo, stack)) { |