[PATCH] Fix infinite loop in ARM user perf

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] Fix infinite loop in ARM user perf_event backtrace code
@ 2011-04-16  3:27 Sonny Rao
  2011-04-18 10:42 ` Jamie Iles
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Sonny Rao @ 2011-04-16  3:27 UTC (permalink / raw)
  To: linux-arm-kernel

The ARM user backtrace code can get into an infinite loop if it
runs into an invalid stack frame which points back to itself.
This situation has been observed in practice.  Fix it by capping
the number of entries in the backtrace.  This is also what other
architectures do in their backtrace code.

Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
---
 arch/arm/kernel/perf_event.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
index 69cfee0..1e61d60 100644
--- a/arch/arm/kernel/perf_event.c
+++ b/arch/arm/kernel/perf_event.c
@@ -746,7 +746,8 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
 
 	tail = (struct frame_tail __user *)regs->ARM_fp - 1;
 
-	while (tail && !((unsigned long)tail & 0x3))
+	while ((entry->nr < PERF_MAX_STACK_DEPTH) &&
+	       tail && !((unsigned long)tail & 0x3))
 		tail = user_backtrace(tail, entry);
 }
 
-- 
1.7.3.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH] Fix infinite loop in ARM user perf_event backtrace code
  2011-04-16  3:27 [PATCH] Fix infinite loop in ARM user perf_event backtrace code Sonny Rao
@ 2011-04-18 10:42 ` Jamie Iles
  2011-04-18 17:42 ` Will Deacon
  2011-04-18 18:31 ` Olof Johansson
  2 siblings, 0 replies; 5+ messages in thread
From: Jamie Iles @ 2011-04-18 10:42 UTC (permalink / raw)
  To: linux-arm-kernel

Hi,

On Fri, Apr 15, 2011 at 08:27:25PM -0700, Sonny Rao wrote:
> The ARM user backtrace code can get into an infinite loop if it
> runs into an invalid stack frame which points back to itself.
> This situation has been observed in practice.  Fix it by capping
> the number of entries in the backtrace.  This is also what other
> architectures do in their backtrace code.

Tested on my v6k board and looks good.

> Signed-off-by: Sonny Rao <sonnyrao@chromium.org>

Acked-by: Jamie Iles <jamie@jamieiles.com>

Jamie

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] Fix infinite loop in ARM user perf_event backtrace code
  2011-04-16  3:27 [PATCH] Fix infinite loop in ARM user perf_event backtrace code Sonny Rao
  2011-04-18 10:42 ` Jamie Iles
@ 2011-04-18 17:42 ` Will Deacon
  2011-04-18 21:02   ` Sonny Rao
  2011-04-18 18:31 ` Olof Johansson
  2 siblings, 1 reply; 5+ messages in thread
From: Will Deacon @ 2011-04-18 17:42 UTC (permalink / raw)
  To: linux-arm-kernel

Hi Sonny,

On Sat, 2011-04-16 at 04:27 +0100, Sonny Rao wrote:
> The ARM user backtrace code can get into an infinite loop if it
> runs into an invalid stack frame which points back to itself.
> This situation has been observed in practice.  Fix it by capping
> the number of entries in the backtrace.  This is also what other
> architectures do in their backtrace code.
> 
> Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
> ---
>  arch/arm/kernel/perf_event.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
> index 69cfee0..1e61d60 100644
> --- a/arch/arm/kernel/perf_event.c
> +++ b/arch/arm/kernel/perf_event.c
> @@ -746,7 +746,8 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
> 
>         tail = (struct frame_tail __user *)regs->ARM_fp - 1;
> 
> -       while (tail && !((unsigned long)tail & 0x3))
> +       while ((entry->nr < PERF_MAX_STACK_DEPTH) &&
> +              tail && !((unsigned long)tail & 0x3))
>                 tail = user_backtrace(tail, entry);
>  }

Ok. Please can you put this into Russell's patch system?

Will

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] Fix infinite loop in ARM user perf_event backtrace code
  2011-04-16  3:27 [PATCH] Fix infinite loop in ARM user perf_event backtrace code Sonny Rao
  2011-04-18 10:42 ` Jamie Iles
  2011-04-18 17:42 ` Will Deacon
@ 2011-04-18 18:31 ` Olof Johansson
  2 siblings, 0 replies; 5+ messages in thread
From: Olof Johansson @ 2011-04-18 18:31 UTC (permalink / raw)
  To: linux-arm-kernel

On Fri, Apr 15, 2011 at 8:27 PM, Sonny Rao <sonnyrao@chromium.org> wrote:
>
> The ARM user backtrace code can get into an infinite loop if it
> runs into an invalid stack frame which points back to itself.
> This situation has been observed in practice. ?Fix it by capping
> the number of entries in the backtrace. ?This is also what other
> architectures do in their backtrace code.
>
> Signed-off-by: Sonny Rao <sonnyrao@chromium.org>

Acked-by: Olof Johansson <olof@lixom.net>


-Olof

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] Fix infinite loop in ARM user perf_event backtrace code
  2011-04-18 17:42 ` Will Deacon
@ 2011-04-18 21:02   ` Sonny Rao
  0 siblings, 0 replies; 5+ messages in thread
From: Sonny Rao @ 2011-04-18 21:02 UTC (permalink / raw)
  To: linux-arm-kernel

On Mon, Apr 18, 2011 at 10:42 AM, Will Deacon <will.deacon@arm.com> wrote:
> Hi Sonny,
>
> On Sat, 2011-04-16 at 04:27 +0100, Sonny Rao wrote:
>> The ARM user backtrace code can get into an infinite loop if it
>> runs into an invalid stack frame which points back to itself.
>> This situation has been observed in practice. ?Fix it by capping
>> the number of entries in the backtrace. ?This is also what other
>> architectures do in their backtrace code.
>>
>> Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
>> ---
>> ?arch/arm/kernel/perf_event.c | ? ?3 ++-
>> ?1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
>> index 69cfee0..1e61d60 100644
>> --- a/arch/arm/kernel/perf_event.c
>> +++ b/arch/arm/kernel/perf_event.c
>> @@ -746,7 +746,8 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
>>
>> ? ? ? ? tail = (struct frame_tail __user *)regs->ARM_fp - 1;
>>
>> - ? ? ? while (tail && !((unsigned long)tail & 0x3))
>> + ? ? ? while ((entry->nr < PERF_MAX_STACK_DEPTH) &&
>> + ? ? ? ? ? ? ?tail && !((unsigned long)tail & 0x3))
>> ? ? ? ? ? ? ? ? tail = user_backtrace(tail, entry);
>> ?}
>
> Ok. Please can you put this into Russell's patch system?
>
> Will
>

Ok, sent it to patches at arm.linux.org.uk
hope that'll be sufficient

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2011-04-18 21:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-04-16  3:27 [PATCH] Fix infinite loop in ARM user perf_event backtrace code Sonny Rao
2011-04-18 10:42 ` Jamie Iles
2011-04-18 17:42 ` Will Deacon
2011-04-18 21:02   ` Sonny Rao
2011-04-18 18:31 ` Olof Johansson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).