sparc64: Fix end-of-stack checking in save_stack_trace().
Bug reported by Alexander Beregalov. Before we dereference the stack frame or try to peek at the pt_regs magic value, make sure the entire object is within the kernel stack bounds. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
764f2579d9
commit
433c5f7068
|
@ -26,13 +26,15 @@ void save_stack_trace(struct stack_trace *trace)
|
|||
|
||||
/* Bogus frame pointer? */
|
||||
if (fp < (thread_base + sizeof(struct thread_info)) ||
|
||||
fp >= (thread_base + THREAD_SIZE))
|
||||
fp > (thread_base + THREAD_SIZE - sizeof(struct sparc_stackf)))
|
||||
break;
|
||||
|
||||
sf = (struct sparc_stackf *) fp;
|
||||
regs = (struct pt_regs *) (sf + 1);
|
||||
|
||||
if ((regs->magic & ~0x1ff) == PT_REGS_MAGIC) {
|
||||
if (((unsigned long)regs <=
|
||||
(thread_base + THREAD_SIZE - sizeof(*regs))) &&
|
||||
(regs->magic & ~0x1ff) == PT_REGS_MAGIC) {
|
||||
if (!(regs->tstate & TSTATE_PRIV))
|
||||
break;
|
||||
pc = regs->tpc;
|
||||
|
|
Loading…
Reference in New Issue