From: Sonny Rao <sonnyrao@chromium.org>
Date: Mon, 18 Apr 2011 21:12:59 +0000 (+0100)
Subject: ARM: 6884/1: Fix infinite loop in ARM user perf_event backtrace code
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=860ad7823fdc00cd61dc70e7f35e07fb327cc9a4;p=linux-beck.git

ARM: 6884/1: Fix infinite loop in ARM user perf_event backtrace code

The ARM user backtrace code can get into an infinite loop if it
runs into an invalid stack frame which points back to itself.
This situation has been observed in practice.  Fix it by capping
the number of entries in the backtrace.  This is also what other
architectures do in their backtrace code.

Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Acked-by: Jamie Iles <jamie@jamieiles.com>
Acked-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
---

diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
index 979da3947f42..139e3c827369 100644
--- a/arch/arm/kernel/perf_event.c
+++ b/arch/arm/kernel/perf_event.c
@@ -746,7 +746,8 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
 
 	tail = (struct frame_tail __user *)regs->ARM_fp - 1;
 
-	while (tail && !((unsigned long)tail & 0x3))
+	while ((entry->nr < PERF_MAX_STACK_DEPTH) &&
+	       tail && !((unsigned long)tail & 0x3))
 		tail = user_backtrace(tail, entry);
 }