Re: [perf/x86] 75925e1ad7: BUG: unable to handle kernel paging request at 000045b8
From: Andi Kleen
Date: Fri Jan 22 2016 - 20:27:45 EST
On Fri, Jan 22, 2016 at 12:33:24PM +0800, kernel test robot wrote:
> Greetings,
>
> 0day kernel testing robot got the below dmesg and the first bad commit is
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Thanks. I managed to break 32bit kernels. The appended patch should
fix it.
----
x86, perf: Fix perf user stack trace walking
Fix 75925e1ad7 (perf/x86: Optimize stack walk user accesses)
Replace the hard coded 64bit frame pointer sizes, with sizeof depending
on the size of unsigned long on the host.
This avoids a stack smash on 32bit kernels, which was dutifully reported
by the 0day kbuild robot.
Signed-off-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index 1b443db..ea4eb5c 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -2328,13 +2328,16 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
frame.next_frame = NULL;
frame.return_address = 0;
- if (!access_ok(VERIFY_READ, fp, 16))
+ if (!access_ok(VERIFY_READ, fp, sizeof(frame)))
break;
- bytes = __copy_from_user_nmi(&frame.next_frame, fp, 8);
+ bytes = __copy_from_user_nmi(&frame.next_frame, fp,
+ sizeof(frame.next_frame));
if (bytes != 0)
break;
- bytes = __copy_from_user_nmi(&frame.return_address, fp+8, 8);
+ bytes = __copy_from_user_nmi(&frame.return_address,
+ fp + sizeof(frame.next_frame),
+ sizeof(frame.return_address));
if (bytes != 0)
break;