Fix infinite loop in ARM user perf_event backtrace code

The ARM user backtrace code can get into an infinite loop if it runs into an invalid stack frame which points back to itself. This situation has been observed in practice. Fix it by capping the number of entries in the backtrace. This is also what other architectures do in their backtrace code. Signed-off-by: Sonny Rao <sonnyrao@chromium.org> Acked-by: Jamie Iles <jamie@jamieiles.com> Acked-by: Will Deacon <will.deacon@arm.com> Acked-by: Olof Johansson <olof@lixom.net> Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
author: Sonny Rao <sonnyrao@chromium.org> 2011-04-15 20:27:25 -0700
committer: Nicolas Pitre <nicolas.pitre@linaro.org> 2011-04-18 14:56:29 -0400
commit: 4fcd294d4a6e156cccd077f24c6a255298df0fd8 (patch)
tree: 88436da6495eb733ff11e6ceecae11ee24a3c7ea
parent: 457520e3fbce80812c6901c226ec242fdb906c63 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
index f8510182c48..1a0d6afbb35 100644
--- a/arch/arm/kernel/perf_event.c
+++ b/arch/arm/kernel/perf_event.c
@@ -755,7 +755,8 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
 
 	tail = (struct frame_tail __user *)regs->ARM_fp - 1;
 
-	while (tail && !((unsigned long)tail & 0x3))
+	while ((entry->nr < PERF_MAX_STACK_DEPTH) &&
+	       tail && !((unsigned long)tail & 0x3))
 		tail = user_backtrace(tail, entry);
 }
author	Sonny Rao <sonnyrao@chromium.org>	2011-04-15 20:27:25 -0700
committer	Nicolas Pitre <nicolas.pitre@linaro.org>	2011-04-18 14:56:29 -0400
commit	4fcd294d4a6e156cccd077f24c6a255298df0fd8 (patch)
tree	88436da6495eb733ff11e6ceecae11ee24a3c7ea
parent	457520e3fbce80812c6901c226ec242fdb906c63 (diff)