Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 17 Dec 2009 18:17:46 +0000 (UTC)
From:      Marius Strobl <marius@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r200640 - in stable/7/sys: sparc64/sparc64 sun4v/sun4v
Message-ID:  <200912171817.nBHIHkF2044586@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: marius
Date: Thu Dec 17 18:17:46 2009
New Revision: 200640
URL: http://svn.freebsd.org/changeset/base/200640

Log:
  MFC: r200272
  
  Add additional checks of the kernel stack addresses in order to
  ensure we don't overrun the beginning of the call chain.

Modified:
  stable/7/sys/sparc64/sparc64/stack_machdep.c
  stable/7/sys/sun4v/sun4v/stack_machdep.c
Directory Properties:
  stable/7/sys/   (props changed)
  stable/7/sys/cddl/contrib/opensolaris/   (props changed)
  stable/7/sys/contrib/dev/acpica/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)

Modified: stable/7/sys/sparc64/sparc64/stack_machdep.c
==============================================================================
--- stable/7/sys/sparc64/sparc64/stack_machdep.c	Thu Dec 17 18:03:05 2009	(r200639)
+++ stable/7/sys/sparc64/sparc64/stack_machdep.c	Thu Dec 17 18:17:46 2009	(r200640)
@@ -36,15 +36,20 @@ __FBSDID("$FreeBSD$");
 #include <machine/stack.h>
 #include <machine/vmparam.h>
 
-static void stack_capture(struct stack *st, struct frame *fp);
+static void stack_capture(struct stack *st, struct frame *frame);
 
 static void
-stack_capture(struct stack *st, struct frame *fp)
+stack_capture(struct stack *st, struct frame *frame)
 {
+	struct frame *fp;
 	vm_offset_t callpc;
 
 	stack_zero(st);
-	while (1) {
+	fp = frame;
+	for (;;) {
+		if (!INKERNEL((vm_offset_t)fp) ||
+		    !ALIGNED_POINTER(fp, uint64_t))
+                        break;
 		callpc = fp->fr_pc;
 		if (!INKERNEL(callpc))
 			break;
@@ -56,6 +61,9 @@ stack_capture(struct stack *st, struct f
 			break;
 		if (stack_put(st, callpc) == -1)
 			break;
+		if (v9next_frame(fp) <= fp ||
+		    v9next_frame(fp) >= frame + KSTACK_PAGES * PAGE_SIZE)
+			break;
 		fp = v9next_frame(fp);
 	}
 }

Modified: stable/7/sys/sun4v/sun4v/stack_machdep.c
==============================================================================
--- stable/7/sys/sun4v/sun4v/stack_machdep.c	Thu Dec 17 18:03:05 2009	(r200639)
+++ stable/7/sys/sun4v/sun4v/stack_machdep.c	Thu Dec 17 18:17:46 2009	(r200640)
@@ -36,20 +36,28 @@ __FBSDID("$FreeBSD$");
 #include <machine/stack.h>
 #include <machine/vmparam.h>
 
-static void stack_capture(struct stack *st, struct frame *fp);
+static void stack_capture(struct stack *st, struct frame *frame);
 
 static void
-stack_capture(struct stack *st, struct frame *fp)
+stack_capture(struct stack *st, struct frame *frame)
 {
+	struct frame *fp;
 	vm_offset_t callpc;
 
 	stack_zero(st);
-	while (1) {
+	fp = frame;
+	for (;;) {
+		if (!INKERNEL((vm_offset_t)fp) ||
+		    !ALIGNED_POINTER(fp, uint64_t))
+                        break;
 		callpc = fp->fr_pc;
 		if (!INKERNEL(callpc))
 			break;
 		if (stack_put(st, callpc) == -1)
 			break;
+		if (v9next_frame(fp) <= fp ||
+		    v9next_frame(fp) >= frame + KSTACK_PAGES * PAGE_SIZE)
+			break;
 		fp = v9next_frame(fp);
 	}
 }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912171817.nBHIHkF2044586>