From: Mikulas Patocka <mpatocka@xxxxxxxxxx>
Date: Tue, 12 Aug 2008 21:21:31 -0400 (EDT)
> This patch fixes crash on boot when both CONFIG_LOCKDEP and
> CONFIG_DEBUG_PAGEALLOC are enabled.
Linus's tree already has this fixed, see:
commit 433c5f706856689be25928a99636e724fb3ea7cf
Author: David S. Miller <davem@xxxxxxxxxxxxx>
Date: Thu Aug 7 23:04:37 2008 -0700
sparc64: Fix end-of-stack checking in save_stack_trace().
Bug reported by Alexander Beregalov.
Before we dereference the stack frame or try to peek at the
pt_regs magic value, make sure the entire object is within
the kernel stack bounds.
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
diff --git a/arch/sparc64/kernel/stacktrace.c b/arch/sparc64/kernel/stacktrace.c
index b3e3737..e9d7f06 100644
--- a/arch/sparc64/kernel/stacktrace.c
+++ b/arch/sparc64/kernel/stacktrace.c
@@ -26,13 +26,15 @@ void save_stack_trace(struct stack_trace *trace)
/* Bogus frame pointer? */
if (fp < (thread_base + sizeof(struct thread_info)) ||
- fp >= (thread_base + THREAD_SIZE))
+ fp > (thread_base + THREAD_SIZE - sizeof(struct sparc_stackf)))
break;
sf = (struct sparc_stackf *) fp;
regs = (struct pt_regs *) (sf + 1);
- if ((regs->magic & ~0x1ff) == PT_REGS_MAGIC) {
+ if (((unsigned long)regs <=
+ (thread_base + THREAD_SIZE - sizeof(*regs))) &&
+ (regs->magic & ~0x1ff) == PT_REGS_MAGIC) {
if (!(regs->tstate & TSTATE_PRIV))
break;
pc = regs->tpc;
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
