aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndi Kleen <ak@suse.de>2006-07-28 14:44:42 +0200
committerLinus Torvalds <torvalds@g5.osdl.org>2006-07-28 19:28:00 -0700
commitd5a2601734bcc740ee78dc4cb0c56b5687da7bd9 (patch)
tree42146e7eda57909a475ad69cee5cacbf39033cff
parent5d2edfe004f5d0f3d805967bd6b4ada95e6aa419 (diff)
downloadkernel_samsung_crespo-d5a2601734bcc740ee78dc4cb0c56b5687da7bd9.zip
kernel_samsung_crespo-d5a2601734bcc740ee78dc4cb0c56b5687da7bd9.tar.gz
kernel_samsung_crespo-d5a2601734bcc740ee78dc4cb0c56b5687da7bd9.tar.bz2
[PATCH] i386/x86-64: Add user_mode checks to profile_pc for oprofile
Fixes a obscure user space triggerable crash during oprofiling. Oprofile calls profile_pc from NMIs even when user_mode(regs) is not true and the program counter is inside the kernel lock section. This opens a race - when a user program jumps to a kernel lock address and a NMI happens before the illegal page fault exception is raised and the program has a unmapped esp or ebp then the kernel could oops. NMIs have a higher priority than exceptions so that could happen. Add user_mode checks to i386/x86-64 profile_pc to prevent that. Cc: John Levon <levon@movementarian.org> Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--arch/i386/kernel/time.c2
-rw-r--r--arch/x86_64/kernel/time.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/arch/i386/kernel/time.c b/arch/i386/kernel/time.c
index 8705c0f..edd00f6 100644
--- a/arch/i386/kernel/time.c
+++ b/arch/i386/kernel/time.c
@@ -135,7 +135,7 @@ unsigned long profile_pc(struct pt_regs *regs)
{
unsigned long pc = instruction_pointer(regs);
- if (in_lock_functions(pc))
+ if (!user_mode_vm(regs) && in_lock_functions(pc))
return *(unsigned long *)(regs->ebp + 4);
return pc;
diff --git a/arch/x86_64/kernel/time.c b/arch/x86_64/kernel/time.c
index b9ff759..e0341c6 100644
--- a/arch/x86_64/kernel/time.c
+++ b/arch/x86_64/kernel/time.c
@@ -193,7 +193,7 @@ unsigned long profile_pc(struct pt_regs *regs)
is just accounted to the spinlock function.
Better would be to write these functions in assembler again
and check exactly. */
- if (in_lock_functions(pc)) {
+ if (!user_mode(regs) && in_lock_functions(pc)) {
char *v = *(char **)regs->rsp;
if ((v >= _stext && v <= _etext) ||
(v >= _sinittext && v <= _einittext) ||