CVSROOT: /cvs
Module name: src
Changes by: sas...@cvs.openbsd.org 2025/05/22 21:13:33
Modified files:
sys/arch/i386/i386: db_trace.c
sys/arch/amd64/amd64: db_trace.c
Log message:
stacktrace_save_utrace() should be more robust
Currently the function assumes the frame pointer address which comes from
userland is always valid frame pointer address. Unfortunately if the frame
address gets corrupted such it fits a kernel memory address range, then
stacktrace_save_utrace() function just dereferences the address causing
a kernel crash. The fix makes sure that as soon as stack unwinding crosses
kernel<->userland boundary it never attempts to interpret the frame address to
be coming from kernel. So after crossing the boundary all frame pointer
addresses
are passed to copyin(9f) to obtain a next frame. copyin(9f) then may fail
with error indicating the stack is corrupted and stack unwinding process
should stop.
The fix was discussed at tech@. The idea to use two loops comes from tedu@
There is also a todo note from claudio@: skip iteration over kernel frames
just find the first userland's frame and start there.
OK tedu@
