aboutsummaryrefslogtreecommitdiffstats
path: root/arch/ia64/kernel/unwind.c
diff options
context:
space:
mode:
authorRobin Holt <holt@sgi.com>2007-05-18 14:46:23 -0400
committerTony Luck <tony.luck@intel.com>2007-05-22 13:14:36 -0400
commite2e6fe7bb6e30621ad4e8a3acb1e711815c239bd (patch)
tree05d23c3efb52cf064134dd0425df1eb51bc4f5f5 /arch/ia64/kernel/unwind.c
parenta8c8be08e023cf65f103442d1c71710fad7a0905 (diff)
[IA64] Improve unwind checking.
This patch adds some sanity checks to keep register and memory stack pointers in the unw_frame_info structure within the tasks stack address range. Signed-off-by: Robin Holt <holt@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Diffstat (limited to 'arch/ia64/kernel/unwind.c')
-rw-r--r--arch/ia64/kernel/unwind.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/arch/ia64/kernel/unwind.c b/arch/ia64/kernel/unwind.c
index 7d3dd6cdafa4..b0b08b5f3eca 100644
--- a/arch/ia64/kernel/unwind.c
+++ b/arch/ia64/kernel/unwind.c
@@ -1860,7 +1860,7 @@ int
1860unw_unwind (struct unw_frame_info *info) 1860unw_unwind (struct unw_frame_info *info)
1861{ 1861{
1862 unsigned long prev_ip, prev_sp, prev_bsp; 1862 unsigned long prev_ip, prev_sp, prev_bsp;
1863 unsigned long ip, pr, num_regs; 1863 unsigned long ip, pr, num_regs, rp_loc, pfs_loc;
1864 STAT(unsigned long start, flags;) 1864 STAT(unsigned long start, flags;)
1865 int retval; 1865 int retval;
1866 1866
@@ -1870,14 +1870,16 @@ unw_unwind (struct unw_frame_info *info)
1870 prev_sp = info->sp; 1870 prev_sp = info->sp;
1871 prev_bsp = info->bsp; 1871 prev_bsp = info->bsp;
1872 1872
1873 /* restore the ip */ 1873 /* validate the return IP pointer */
1874 if (!info->rp_loc) { 1874 rp_loc = (unsigned long) info->rp_loc;
1875 if ((rp_loc < info->regstk.limit) || (rp_loc > info->regstk.top)) {
1875 /* FIXME: should really be level 0 but it occurs too often. KAO */ 1876 /* FIXME: should really be level 0 but it occurs too often. KAO */
1876 UNW_DPRINT(1, "unwind.%s: failed to locate return link (ip=0x%lx)!\n", 1877 UNW_DPRINT(1, "unwind.%s: failed to locate return link (ip=0x%lx)!\n",
1877 __FUNCTION__, info->ip); 1878 __FUNCTION__, info->ip);
1878 STAT(unw.stat.api.unwind_time += ia64_get_itc() - start; local_irq_restore(flags)); 1879 STAT(unw.stat.api.unwind_time += ia64_get_itc() - start; local_irq_restore(flags));
1879 return -1; 1880 return -1;
1880 } 1881 }
1882 /* restore the ip */
1881 ip = info->ip = *info->rp_loc; 1883 ip = info->ip = *info->rp_loc;
1882 if (ip < GATE_ADDR) { 1884 if (ip < GATE_ADDR) {
1883 UNW_DPRINT(2, "unwind.%s: reached user-space (ip=0x%lx)\n", __FUNCTION__, ip); 1885 UNW_DPRINT(2, "unwind.%s: reached user-space (ip=0x%lx)\n", __FUNCTION__, ip);
@@ -1885,12 +1887,14 @@ unw_unwind (struct unw_frame_info *info)
1885 return -1; 1887 return -1;
1886 } 1888 }
1887 1889
1888 /* restore the cfm: */ 1890 /* validate the previous stack frame pointer */
1889 if (!info->pfs_loc) { 1891 pfs_loc = (unsigned long) info->pfs_loc;
1892 if ((pfs_loc < info->regstk.limit) || (pfs_loc > info->regstk.top)) {
1890 UNW_DPRINT(0, "unwind.%s: failed to locate ar.pfs!\n", __FUNCTION__); 1893 UNW_DPRINT(0, "unwind.%s: failed to locate ar.pfs!\n", __FUNCTION__);
1891 STAT(unw.stat.api.unwind_time += ia64_get_itc() - start; local_irq_restore(flags)); 1894 STAT(unw.stat.api.unwind_time += ia64_get_itc() - start; local_irq_restore(flags));
1892 return -1; 1895 return -1;
1893 } 1896 }
1897 /* restore the cfm: */
1894 info->cfm_loc = info->pfs_loc; 1898 info->cfm_loc = info->pfs_loc;
1895 1899
1896 /* restore the bsp: */ 1900 /* restore the bsp: */
@@ -1992,13 +1996,16 @@ init_frame_info (struct unw_frame_info *info, struct task_struct *t,
1992 memset(info, 0, sizeof(*info)); 1996 memset(info, 0, sizeof(*info));
1993 1997
1994 rbslimit = (unsigned long) t + IA64_RBS_OFFSET; 1998 rbslimit = (unsigned long) t + IA64_RBS_OFFSET;
1999 stklimit = (unsigned long) t + IA64_STK_OFFSET;
2000
1995 rbstop = sw->ar_bspstore; 2001 rbstop = sw->ar_bspstore;
1996 if (rbstop - (unsigned long) t >= IA64_STK_OFFSET) 2002 if (rbstop > stklimit || rbstop < rbslimit)
1997 rbstop = rbslimit; 2003 rbstop = rbslimit;
1998 2004
1999 stklimit = (unsigned long) t + IA64_STK_OFFSET;
2000 if (stktop <= rbstop) 2005 if (stktop <= rbstop)
2001 stktop = rbstop; 2006 stktop = rbstop;
2007 if (stktop > stklimit)
2008 stktop = stklimit;
2002 2009
2003 info->regstk.limit = rbslimit; 2010 info->regstk.limit = rbslimit;
2004 info->regstk.top = rbstop; 2011 info->regstk.top = rbstop;