Date: Wed, 16 Nov 2022 18:31:14 GMT From: Brooks Davis <brooks@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 61b146ba43cd - main - Check alignment of fp in unwind_frame Message-ID: <202211161831.2AGIVEaD044851@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by brooks: URL: https://cgit.FreeBSD.org/src/commit/?id=61b146ba43cd3886c81e79b37fdc665d6e1d74b8 commit 61b146ba43cd3886c81e79b37fdc665d6e1d74b8 Author: Dapeng Gao <dapeng@dpgao.cn> AuthorDate: 2022-11-16 18:29:28 +0000 Commit: Brooks Davis <brooks@FreeBSD.org> CommitDate: 2022-11-16 18:29:28 +0000 Check alignment of fp in unwind_frame A misaligned frame pointer is certainly not a valid frame pointer and with strict alignment enabled (as on CHERI) can cause panics when it is loaded from later in the code. This is a recommit of 40e0fa10f58d90744c2857b57adf0ddbce1a1e1c with is_aligned() corrected to __is_aligned(). Reviewed By: jhb Differential Revision: https://reviews.freebsd.org/D34646 --- sys/arm64/arm64/unwind.c | 3 ++- sys/riscv/riscv/unwind.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/arm64/arm64/unwind.c b/sys/arm64/arm64/unwind.c index 470b64c00540..32590da5fc46 100644 --- a/sys/arm64/arm64/unwind.c +++ b/sys/arm64/arm64/unwind.c @@ -41,7 +41,8 @@ unwind_frame(struct thread *td, struct unwind_state *frame) fp = frame->fp; - if (!kstack_contains(td, fp, sizeof(uintptr_t) * 2)) + if (!__is_aligned(fp, sizeof(fp)) || + !kstack_contains(td, fp, sizeof(fp) * 2)) return (false); /* FP to previous frame (X29) */ diff --git a/sys/riscv/riscv/unwind.c b/sys/riscv/riscv/unwind.c index 9efb1fef9451..175e6423a59c 100644 --- a/sys/riscv/riscv/unwind.c +++ b/sys/riscv/riscv/unwind.c @@ -47,7 +47,8 @@ unwind_frame(struct thread *td, struct unwind_state *frame) fp = frame->fp; - if (!kstack_contains(td, fp - sizeof(fp) * 2, sizeof(fp) * 2)) + if (!__is_aligned(fp, sizeof(fp)) || + !kstack_contains(td, fp - sizeof(fp) * 2, sizeof(fp) * 2)) return (false); frame->sp = fp;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202211161831.2AGIVEaD044851>