From: tip-bot for Eiichi Tsukata <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: torvalds@linux-foundation.org, devel@etsukata.com,
tglx@linutronix.de, mingo@kernel.org,
linux-kernel@vger.kernel.org, hpa@zytor.com
Subject: [tip:x86/urgent] x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
Date: Wed, 10 Jul 2019 23:25:14 -0700 [thread overview]
Message-ID: <tip-cbf5b73d162b22e044fe0b7d51dcaa33be065253@git.kernel.org> (raw)
In-Reply-To: <20190711023501.963-1-devel@etsukata.com>
Commit-ID: cbf5b73d162b22e044fe0b7d51dcaa33be065253
Gitweb: https://git.kernel.org/tip/cbf5b73d162b22e044fe0b7d51dcaa33be065253
Author: Eiichi Tsukata <devel@etsukata.com>
AuthorDate: Thu, 11 Jul 2019 11:35:01 +0900
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Thu, 11 Jul 2019 08:22:03 +0200
x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
arch_stack_walk_user() checks `if (fp == frame.next_fp)` to prevent a
infinite loop by self reference but it's not enogh for circular reference.
Once a lack of return address is found, there is no point to continue the
loop, so break out.
Fixes: 02b67518e2b1 ("tracing: add support for userspace stacktraces in tracing/iter_ctrl")
Signed-off-by: Eiichi Tsukata <devel@etsukata.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lkml.kernel.org/r/20190711023501.963-1-devel@etsukata.com
---
arch/x86/kernel/stacktrace.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index 2abf27d7df6b..4f36d3241faf 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -129,11 +129,9 @@ void arch_stack_walk_user(stack_trace_consume_fn consume_entry, void *cookie,
break;
if ((unsigned long)fp < regs->sp)
break;
- if (frame.ret_addr) {
- if (!consume_entry(cookie, frame.ret_addr, false))
- return;
- }
- if (fp == frame.next_fp)
+ if (!frame.ret_addr)
+ break;
+ if (!consume_entry(cookie, frame.ret_addr, false))
break;
fp = frame.next_fp;
}
prev parent reply other threads:[~2019-07-11 6:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-11 2:35 [PATCH] x86/stacktrace: Fix infinite loop in arch_stack_walk_user() Eiichi Tsukata
2019-07-11 4:10 ` Linus Torvalds
2019-07-11 6:25 ` tip-bot for Eiichi Tsukata [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-cbf5b73d162b22e044fe0b7d51dcaa33be065253@git.kernel.org \
--to=tipbot@zytor.com \
--cc=devel@etsukata.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.