From d33aadbf8e9ba0b844c2a4a03723969c913ab03a Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Thu, 4 Nov 2010 18:22:51 +0100 Subject: ARM: 6468/1: backtrace: fix calculation of thread stack base When unwinding stack frames we must take care not to unwind areas of memory that lie outside of the known extent of the stack. This patch fixes an incorrect calculation of the stack base where THREAD_SIZE is added to the stack pointer after it has already been aligned to this value. Since the ALIGN macro performs this addition internally, we end up overshooting the base by 8k. Acked-by: Catalin Marinas Signed-off-by: Will Deacon Signed-off-by: Russell King --- arch/arm/kernel/stacktrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/arm/kernel/stacktrace.c') diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c index 20b7411e47fd..c2e112e1a05f 100644 --- a/arch/arm/kernel/stacktrace.c +++ b/arch/arm/kernel/stacktrace.c @@ -28,7 +28,7 @@ int notrace unwind_frame(struct stackframe *frame) /* only go to a higher address on the stack */ low = frame->sp; - high = ALIGN(low, THREAD_SIZE) + THREAD_SIZE; + high = ALIGN(low, THREAD_SIZE); /* check current frame pointer is within bounds */ if (fp < (low + 12) || fp + 4 >= high) -- cgit v1.2.2 From d5996b2ff0e26cf7ed4c103084a2d6fc569e7216 Mon Sep 17 00:00:00 2001 From: Russell King Date: Sat, 15 Jan 2011 09:27:04 +0000 Subject: ARM: fix /proc/$PID/stack on SMP Rabin Vincent reports: | On SMP, this BUG() in save_stack_trace_tsk() can be easily triggered | from user space by reading /proc/$PID/stack, where $PID is any pid but | the current process: | | if (tsk != current) { | #ifdef CONFIG_SMP | /* | * What guarantees do we have here that 'tsk' | * is not running on another CPU? | */ | BUG(); | #else Fix this by replacing the BUG() with an entry to terminate the stack trace, returning an empty trace - I'd rather not expose the dwarf unwinder to a volatile stack of a running thread. Reported-by: Rabin Vincent Tested-by: Rabin Vincent Signed-off-by: Russell King --- arch/arm/kernel/stacktrace.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'arch/arm/kernel/stacktrace.c') diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c index c2e112e1a05f..381d23a497c1 100644 --- a/arch/arm/kernel/stacktrace.c +++ b/arch/arm/kernel/stacktrace.c @@ -94,10 +94,13 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace) if (tsk != current) { #ifdef CONFIG_SMP /* - * What guarantees do we have here that 'tsk' - * is not running on another CPU? + * What guarantees do we have here that 'tsk' is not + * running on another CPU? For now, ignore it as we + * can't guarantee we won't explode. */ - BUG(); + if (trace->nr_entries < trace->max_entries) + trace->entries[trace->nr_entries++] = ULONG_MAX; + return; #else data.no_sched_functions = 1; frame.fp = thread_saved_fp(tsk); -- cgit v1.2.2