| commit | 7b5ef4a7fce145fc42670451a6a2f28c10f3d54e | |
| author | Philippe Elie <phil.el@wanadoo.fr> | |
| Sat, 10 Nov 2007 00:26:33 +0000 (10 00:26 +0000) | ||
| committer | Matthias Urlichs <smurf@hera.kernel.org> | |
| Wed, 14 Nov 2007 11:11:22 +0000 (14 11:11 +0000) | ||
| tree | f42ce8906728bf582784dc48a7aad7093d11b9b4 | treesnapshot (tar.gz zip) |
| parent | 7b11cd89b3df03d57757224567fbad40fc4d6de4 | commitdiff |
oprofile-oops-when-profile_pc-return-0lu
Instruction pointer returned by profile_pc() can be a random value. This
break the assumption than we can safely set struct op_sample.eip field to a
magic value to signal to the per-cpu buffer reader side special event like
task switch ending up in a segfault in get_task_mm() when profile_pc()
return ~0UL. Fixed by sanitizing the sampled eip and reject/log invalid
eip.
Problem reported by Sami Farin, patch tested by him.
Signed-off-by: Philippe Elie <phil.el@wanadoo.fr>
Tested-by: Sami Farin <safari-kernel@safari.iki.fi>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Instruction pointer returned by profile_pc() can be a random value. This
break the assumption than we can safely set struct op_sample.eip field to a
magic value to signal to the per-cpu buffer reader side special event like
task switch ending up in a segfault in get_task_mm() when profile_pc()
return ~0UL. Fixed by sanitizing the sampled eip and reject/log invalid
eip.
Problem reported by Sami Farin, patch tested by him.
Signed-off-by: Philippe Elie <phil.el@wanadoo.fr>
Tested-by: Sami Farin <safari-kernel@safari.iki.fi>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
| drivers/oprofile/cpu_buffer.c | diffblobblamehistory | |
| drivers/oprofile/cpu_buffer.h | diffblobblamehistory | |
| drivers/oprofile/oprofile_stats.c | diffblobblamehistory |