Source: linux Version: 3.16.7-ckt9-3~deb8u1 Severity: critical Tags: security patch Justification: breaks the whole system
We should cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH (currently 127), otherwise we can be lost in a infinite loop when using a ppc64el machine. :-( I am attaching the fix that I tested adding it to the following directory, and adding it to the debian/patch/series. debian/patches/bugfix/ppc64el/powerpc-perf-Cap-64bits-userspace-backtraces.patch Other than that, the patch submission could be seen at: https://patchwork.ozlabs.org/patch/460955/ Thanks Breno -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: ppc64el (ppc64le) Kernel: Linux 3.16.0-4-powerpc64le (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
>From patchwork Mon Apr 13 21:51:03 2015 From: Anton Blanchard <an...@samba.org> Subject: powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH To: linuxppc-...@lists.ozlabs.org Date: Tue, 14 Apr 2015 07:51:03 +1000 We cap 32bit userspace backtraces to PERF_MAX_STACK_DEPTH (currently 127), but we forgot to do the same for 64bit backtraces. Cc: sta...@vger.kernel.org Signed-off-by: Anton Blanchard <an...@samba.org> --- arch/powerpc/perf/callchain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/perf/callchain.c b/arch/powerpc/perf/callchain.c index 2396dda..ead5535 100644 --- a/arch/powerpc/perf/callchain.c +++ b/arch/powerpc/perf/callchain.c @@ -243,7 +243,7 @@ static void perf_callchain_user_64(struct perf_callchain_entry *entry, sp = regs->gpr[1]; perf_callchain_store(entry, next_ip); - for (;;) { + while (entry->nr < PERF_MAX_STACK_DEPTH) { fp = (unsigned long __user *) sp; if (!valid_user_sp(sp, 1) || read_user_stack_64(fp, &next_sp)) return;