aboutsummaryrefslogtreecommitdiffstats
path: root/arch/i386
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@woody.osdl.org>2006-11-17 14:14:56 -0500
committerLinus Torvalds <torvalds@woody.osdl.org>2006-11-17 14:14:56 -0500
commit808dbbb6bb61173bf52946a28f99089d2efa4c55 (patch)
tree4d221ed1e66ea09d244b248bb27998ac2efda119 /arch/i386
parent1ff5683043196b9ad628a5de6bf8eeca52ee8bfd (diff)
x86: be more careful when walking back the frame pointer chain
When showing the stack backtrace, make sure that we never accept not only an unchanging frame pointer, but also a frame pointer that moves back down the stack frame. It must always grow up (toward older stack frames). I doubt this has triggered, but a subtly corrupt stack with extremely unlucky contents could cause us to loop forever on a bogus endless frame pointer chain. This review was triggered by much worse problems happening in some of the other stack unwinding code. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch/i386')
-rw-r--r--arch/i386/kernel/traps.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/arch/i386/kernel/traps.c b/arch/i386/kernel/traps.c
index 00489b706d27..fe9c5e8e7e6f 100644
--- a/arch/i386/kernel/traps.c
+++ b/arch/i386/kernel/traps.c
@@ -129,15 +129,19 @@ static inline unsigned long print_context_stack(struct thread_info *tinfo,
129 129
130#ifdef CONFIG_FRAME_POINTER 130#ifdef CONFIG_FRAME_POINTER
131 while (valid_stack_ptr(tinfo, (void *)ebp)) { 131 while (valid_stack_ptr(tinfo, (void *)ebp)) {
132 unsigned long new_ebp;
132 addr = *(unsigned long *)(ebp + 4); 133 addr = *(unsigned long *)(ebp + 4);
133 ops->address(data, addr); 134 ops->address(data, addr);
134 /* 135 /*
135 * break out of recursive entries (such as 136 * break out of recursive entries (such as
136 * end_of_stack_stop_unwind_function): 137 * end_of_stack_stop_unwind_function). Also,
138 * we can never allow a frame pointer to
139 * move downwards!
137 */ 140 */
138 if (ebp == *(unsigned long *)ebp) 141 new_ebp = *(unsigned long *)ebp;
142 if (new_ebp <= ebp)
139 break; 143 break;
140 ebp = *(unsigned long *)ebp; 144 ebp = new_ebp;
141 } 145 }
142#else 146#else
143 while (valid_stack_ptr(tinfo, stack)) { 147 while (valid_stack_ptr(tinfo, stack)) {