首页 发现 帮助
注册 登录
phyus
/
linux-vybrid_public
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

sparc64: Fix end-of-stack checking in save_stack_trace().

Bug reported by Alexander Beregalov.

Before we dereference the stack frame or try to peek at the
pt_regs magic value, make sure the entire object is within
the kernel stack bounds.

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller 17 年之前
父节点
764f2579d9
当前提交
433c5f7068
共有 1 个文件被更改,包括 4 次插入2 次删除
合并视图 显示文件统计
  1. 4 2
      arch/sparc64/kernel/stacktrace.c

+ 4 - 2
arch/sparc64/kernel/stacktrace.c
查看文件 

@@ -26,13 +26,15 @@ void save_stack_trace(struct stack_trace *trace)
 
 
 
 		/* Bogus frame pointer? */
 
 		/* Bogus frame pointer? */
 
 		if (fp < (thread_base + sizeof(struct thread_info)) ||
 
 		if (fp < (thread_base + sizeof(struct thread_info)) ||
 
-		    fp >= (thread_base + THREAD_SIZE))
 
+		    fp > (thread_base + THREAD_SIZE - sizeof(struct sparc_stackf)))
 
 			break;
 
 			break;
 
 
 
 		sf = (struct sparc_stackf *) fp;
 
 		sf = (struct sparc_stackf *) fp;
 
 		regs = (struct pt_regs *) (sf + 1);
 
 		regs = (struct pt_regs *) (sf + 1);
 
 
 
-		if ((regs->magic & ~0x1ff) == PT_REGS_MAGIC) {
 
+		if (((unsigned long)regs <=
 
+		     (thread_base + THREAD_SIZE - sizeof(*regs))) &&
 
+		    (regs->magic & ~0x1ff) == PT_REGS_MAGIC) {
 
 			if (!(regs->tstate & TSTATE_PRIV))
 
 			if (!(regs->tstate & TSTATE_PRIV))
 
 				break;
 
 				break;
 
 			pc = regs->tpc;
 
 			pc = regs->tpc;