aboutsummaryrefslogtreecommitdiffstats
path: root/arch/sparc64
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2008-08-08 02:04:37 -0400
committerDavid S. Miller <davem@davemloft.net>2008-08-08 02:04:37 -0400
commit433c5f706856689be25928a99636e724fb3ea7cf (patch)
tree4a76f75ebec4adf1140a6f7930ce701b11d42d98 /arch/sparc64
parent764f2579d95120e1c76b7af1256d02466ddd00bf (diff)
sparc64: Fix end-of-stack checking in save_stack_trace().
Bug reported by Alexander Beregalov. Before we dereference the stack frame or try to peek at the pt_regs magic value, make sure the entire object is within the kernel stack bounds. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/sparc64')
-rw-r--r--arch/sparc64/kernel/stacktrace.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/arch/sparc64/kernel/stacktrace.c b/arch/sparc64/kernel/stacktrace.c
index b3e3737750d8..e9d7f0660f2e 100644
--- a/arch/sparc64/kernel/stacktrace.c
+++ b/arch/sparc64/kernel/stacktrace.c
@@ -26,13 +26,15 @@ void save_stack_trace(struct stack_trace *trace)
26 26
27 /* Bogus frame pointer? */ 27 /* Bogus frame pointer? */
28 if (fp < (thread_base + sizeof(struct thread_info)) || 28 if (fp < (thread_base + sizeof(struct thread_info)) ||
29 fp >= (thread_base + THREAD_SIZE)) 29 fp > (thread_base + THREAD_SIZE - sizeof(struct sparc_stackf)))
30 break; 30 break;
31 31
32 sf = (struct sparc_stackf *) fp; 32 sf = (struct sparc_stackf *) fp;
33 regs = (struct pt_regs *) (sf + 1); 33 regs = (struct pt_regs *) (sf + 1);
34 34
35 if ((regs->magic & ~0x1ff) == PT_REGS_MAGIC) { 35 if (((unsigned long)regs <=
36 (thread_base + THREAD_SIZE - sizeof(*regs))) &&
37 (regs->magic & ~0x1ff) == PT_REGS_MAGIC) {
36 if (!(regs->tstate & TSTATE_PRIV)) 38 if (!(regs->tstate & TSTATE_PRIV))
37 break; 39 break;
38 pc = regs->tpc; 40 pc = regs->tpc;