Page MenuHomeFreeBSD
Differential D16572

Tighten checks in the x86 stack unwinder.
ClosedPublic
Actions

Authored by markj on Aug 2 2018, 8:49 PM.
Tags
None
Referenced Files
Unknown Object (File)
Nov 11 2023, 12:26 PM
Unknown Object (File)
Nov 9 2023, 2:30 PM
Unknown Object (File)
Nov 4 2023, 2:42 PM
Unknown Object (File)
Oct 10 2023, 11:28 AM
Unknown Object (File)
Oct 8 2023, 1:22 PM
Unknown Object (File)
Oct 3 2023, 2:39 PM
Unknown Object (File)
Sep 29 2023, 2:40 PM
Unknown Object (File)
Sep 22 2023, 10:12 AM
View All 15 Files
Subscribers
cem
imp

Details

Reviewers
kib
Commits
rS337230: Verify that each frame pointer lies within the thread's kstack.
Summary

With the 4/4 split on i386, INKERNEL is always true, and so we do no
validation of the first frame pointer. This pointer will be NULL for a
thread that has been created but was never scheduled, so procstat -kka
reliably panics on i386. Fix the problem by reordering some checks in
the unwind loop: ensure that each frame pointer, including the first,
lies within the bounds of the kernel stack.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Aug 2 2018, 8:49 PM
Harbormaster completed remote builds in B18538: Diff 46215.Aug 2 2018, 8:49 PM
markj added a reviewer: kib.Aug 2 2018, 8:50 PM
kib accepted this revision.Aug 3 2018, 12:04 AM
This revision is now accepted and ready to land.Aug 3 2018, 12:04 AM
Closed by commit rS337230: Verify that each frame pointer lies within the thread's kstack. (authored by markj). · Explain WhyAug 3 2018, 2:51 AM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: imp. · View Herald TranscriptAug 3 2018, 2:51 AM
cem added a subscriber: cem.Aug 6 2019, 5:12 PM

Thanks!

Prior to this change, we could also take a second trap if the traced code used %rbp for a kernel pointer other than a framepointer. E.g., we have some proprietary assembly libraries that (ab)use rbp in this way.

Would it be possible to impose similar stricter requirements on callpc in an inexpensive way? The difficulty is loadable modules, I guess.

markj added a comment.Aug 6 2019, 5:20 PM
In D16572#460051, @cem wrote:

Thanks!

Prior to this change, we could also take a second trap if the traced code used %rbp for a kernel pointer other than a framepointer. E.g., we have some proprietary assembly libraries that (ab)use rbp in this way.

Would it be possible to impose similar stricter requirements on callpc in an inexpensive way? The difficulty is loadable modules, I guess.

On amd64 we require all kernel and module text to live in the last 2GB of KVA, so we could check that.

Revision Contents
Changeset List

PathSize
head/
sys/
x86/
x86/
10 lines

Diff 46227

View Options

head/sys/x86/x86/stack_machdep.c

Loading...