Date: Thu, 16 Jul 2015 19:40:19 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285643 - in head/sys: amd64/amd64 cddl/dev/dtrace/amd64 cddl/dev/dtrace/i386 i386/i386 Message-ID: <201507161940.t6GJeJ9F049372@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Thu Jul 16 19:40:18 2015 New Revision: 285643 URL: https://svnweb.freebsd.org/changeset/base/285643 Log: When checking for the valid value of the frame pointer, verify that it belongs to the kernel stack address range for the thread. Right now, code checks that new frame is not farther then KSTACK_PAGES pages from the current frame, which allows the address to point past the top of the stack. Reviewed by: andrew, emaste, markj Differential revision: https://reviews.freebsd.org/D3108 Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Modified: head/sys/amd64/amd64/stack_machdep.c head/sys/cddl/dev/dtrace/amd64/dtrace_isa.c head/sys/cddl/dev/dtrace/i386/dtrace_isa.c head/sys/i386/i386/stack_machdep.c Modified: head/sys/amd64/amd64/stack_machdep.c ============================================================================== --- head/sys/amd64/amd64/stack_machdep.c Thu Jul 16 18:44:18 2015 (r285642) +++ head/sys/amd64/amd64/stack_machdep.c Thu Jul 16 19:40:18 2015 (r285643) @@ -40,7 +40,7 @@ __FBSDID("$FreeBSD$"); #include <vm/pmap.h> static void -stack_capture(struct stack *st, register_t rbp) +stack_capture(struct thread *td, struct stack *st, register_t rbp) { struct amd64_frame *frame; vm_offset_t callpc; @@ -56,8 +56,8 @@ stack_capture(struct stack *st, register if (stack_put(st, callpc) == -1) break; if (frame->f_frame <= frame || - (vm_offset_t)frame->f_frame >= - (vm_offset_t)rbp + KSTACK_PAGES * PAGE_SIZE) + (vm_offset_t)frame->f_frame >= td->td_kstack + + td->td_kstack_pages * PAGE_SIZE) break; frame = frame->f_frame; } @@ -74,7 +74,7 @@ stack_save_td(struct stack *st, struct t panic("stack_save_td: running"); rbp = td->td_pcb->pcb_rbp; - stack_capture(st, rbp); + stack_capture(td, st, rbp); } void @@ -83,5 +83,5 @@ stack_save(struct stack *st) register_t rbp; __asm __volatile("movq %%rbp,%0" : "=r" (rbp)); - stack_capture(st, rbp); + stack_capture(curthread, st, rbp); } Modified: head/sys/cddl/dev/dtrace/amd64/dtrace_isa.c ============================================================================== --- head/sys/cddl/dev/dtrace/amd64/dtrace_isa.c Thu Jul 16 18:44:18 2015 (r285642) +++ head/sys/cddl/dev/dtrace/amd64/dtrace_isa.c Thu Jul 16 19:40:18 2015 (r285643) @@ -89,8 +89,8 @@ dtrace_getpcstack(pc_t *pcstack, int pcs } if (frame->f_frame <= frame || - (vm_offset_t)frame->f_frame >= - (vm_offset_t)rbp + KSTACK_PAGES * PAGE_SIZE) + (vm_offset_t)frame->f_frame >= curthread->td_kstack + + curthread->td_kstack_pages * PAGE_SIZE) break; frame = frame->f_frame; } @@ -469,8 +469,8 @@ dtrace_getstackdepth(int aframes) break; depth++; if (frame->f_frame <= frame || - (vm_offset_t)frame->f_frame >= - (vm_offset_t)rbp + KSTACK_PAGES * PAGE_SIZE) + (vm_offset_t)frame->f_frame >= curthread->td_kstack + + curthread->td_kstack_pages * PAGE_SIZE) break; frame = frame->f_frame; } Modified: head/sys/cddl/dev/dtrace/i386/dtrace_isa.c ============================================================================== --- head/sys/cddl/dev/dtrace/i386/dtrace_isa.c Thu Jul 16 18:44:18 2015 (r285642) +++ head/sys/cddl/dev/dtrace/i386/dtrace_isa.c Thu Jul 16 19:40:18 2015 (r285643) @@ -92,8 +92,8 @@ dtrace_getpcstack(pc_t *pcstack, int pcs } if (frame->f_frame <= frame || - (vm_offset_t)frame->f_frame >= - (vm_offset_t)ebp + KSTACK_PAGES * PAGE_SIZE) + (vm_offset_t)frame->f_frame >= curthread->td_kstack + + curthread->td_kstack_pages * PAGE_SIZE) break; frame = frame->f_frame; } @@ -485,8 +485,8 @@ dtrace_getstackdepth(int aframes) break; depth++; if (frame->f_frame <= frame || - (vm_offset_t)frame->f_frame >= - (vm_offset_t)ebp + KSTACK_PAGES * PAGE_SIZE) + (vm_offset_t)frame->f_frame >= curthread->td_kstack + + curthread->td_kstack_pages * PAGE_SIZE) break; frame = frame->f_frame; } Modified: head/sys/i386/i386/stack_machdep.c ============================================================================== --- head/sys/i386/i386/stack_machdep.c Thu Jul 16 18:44:18 2015 (r285642) +++ head/sys/i386/i386/stack_machdep.c Thu Jul 16 19:40:18 2015 (r285643) @@ -40,7 +40,7 @@ __FBSDID("$FreeBSD$"); #include <vm/pmap.h> static void -stack_capture(struct stack *st, register_t ebp) +stack_capture(struct thread *td, struct stack *st, register_t ebp) { struct i386_frame *frame; vm_offset_t callpc; @@ -56,8 +56,8 @@ stack_capture(struct stack *st, register if (stack_put(st, callpc) == -1) break; if (frame->f_frame <= frame || - (vm_offset_t)frame->f_frame >= - (vm_offset_t)ebp + KSTACK_PAGES * PAGE_SIZE) + (vm_offset_t)frame->f_frame >= td->td_kstack + + td->td_kstack_pages * PAGE_SIZE) break; frame = frame->f_frame; } @@ -74,7 +74,7 @@ stack_save_td(struct stack *st, struct t panic("stack_save_td: running"); ebp = td->td_pcb->pcb_ebp; - stack_capture(st, ebp); + stack_capture(td, st, ebp); } void @@ -83,5 +83,5 @@ stack_save(struct stack *st) register_t ebp; __asm __volatile("movl %%ebp,%0" : "=r" (ebp)); - stack_capture(st, ebp); + stack_capture(curthread, st, ebp); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507161940.t6GJeJ9F049372>