From: Nick Alcock <nick.alcock@oracle.com>
Date: Fri, 29 Jan 2016 14:47:03 +0000 (+0000)
Subject: dtrace: do not overrun the start of the user stack
X-Git-Tag: v4.1.12-111.0.20170907_2225~3^2~3^2~52
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=fda8f00c97f148317032847639744c42217b02f3;p=users%2Fjedix%2Flinux-maple.git

dtrace: do not overrun the start of the user stack

When scanning user stacks in dtrace_getufpstack(), we iterate from the
current stack pointer back to the start of the stack, getting the
unsigned long at each location and seeing if we can interpret it as a
pointer.

However, since the stack grows down on all platforms supported by
DTrace, the 'start' of the stack is the end of the VMA -- so we should
stop one unsigned long before the beginning, or we'll try to read off
the end (harmlessly, but still.)

Orabug: 22629102
Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Acked-by: Kris Van Hees <kris.van.hees@oracle.com>
---

diff --git a/dtrace/dtrace_isa.c b/dtrace/dtrace_isa.c
index 1a75be2fbae41..ae5d5c09082a8 100644
--- a/dtrace/dtrace_isa.c
+++ b/dtrace/dtrace_isa.c
@@ -21,7 +21,7 @@
  *
  * CDDL HEADER END
  *
- * Copyright 2010, 2011, 2012, 2013, 2014 Oracle, Inc.  All rights reserved.
+ * Copyright 2010 -- 2016 Oracle, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -257,7 +257,7 @@ unsigned long dtrace_getufpstack(uint64_t *pcstack, uint64_t *fpstack,
 	 * Otherwise, loop until we run out of stack.
 	 */
 	for (sp = (unsigned long *)tos;
-	     sp <= (unsigned long *)bos &&
+	     sp <= ((unsigned long *)bos - sizeof(unsigned long)) &&
 		     ((pcstack && pcstack_limit > 0) ||
 		      !pcstack);
 	     sp++) {