summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorLuck, Tony <tony.luck@intel.com>2009-12-09 23:29:36 +0100
committerIngo Molnar <mingo@elte.hu>2009-12-10 08:29:33 +0100
commitea5b41f9d595be354f7a50e56b28c2d72e6e88a5 (patch)
treecfb23bea9059df20c1c64da92f3619dc0a1038ec /kernel
parentfutex: Take mmap_sem for get_user_pages in fault_in_user_writeable (diff)
downloadlinux-ea5b41f9d595be354f7a50e56b28c2d72e6e88a5.tar.xz
linux-ea5b41f9d595be354f7a50e56b28c2d72e6e88a5.zip
lockdep: Avoid out of bounds array reference in save_trace()
ia64 found this the hard way (because we currently have a stub for save_stack_trace() that does nothing). But it would be a good idea to be cautious in case a real save_stack_trace() bailed out with an error before it set trace->nr_entries. Signed-off-by: Tony Luck <tony.luck@intel.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: luming.yu@intel.com LKML-Reference: <4b2024d085302c2a2@agluck-desktop.sc.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/lockdep.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/lockdep.c b/kernel/lockdep.c
index 7a3ae56b3a7f..4f8df01dbe51 100644
--- a/kernel/lockdep.c
+++ b/kernel/lockdep.c
@@ -386,7 +386,8 @@ static int save_trace(struct stack_trace *trace)
* complete trace that maxes out the entries provided will be reported
* as incomplete, friggin useless </rant>
*/
- if (trace->entries[trace->nr_entries-1] == ULONG_MAX)
+ if (trace->nr_entries != 0 &&
+ trace->entries[trace->nr_entries-1] == ULONG_MAX)
trace->nr_entries--;
trace->max_entries = trace->nr_entries;