Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 Dec 2009 20:00:34 +0000 (UTC)
From:      Marius Strobl <marius@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r200585 - in stable/8/sys: sparc64/sparc64 sun4v/sun4v
Message-ID:  <200912152000.nBFK0YFO073628@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: marius
Date: Tue Dec 15 20:00:34 2009
New Revision: 200585
URL: http://svn.freebsd.org/changeset/base/200585

Log:
  MFC: r200272
  
  Add additional checks of the kernel stack addresses in order to
  ensure we don't overrun the beginning of the call chain.

Modified:
  stable/8/sys/sparc64/sparc64/stack_machdep.c
  stable/8/sys/sun4v/sun4v/stack_machdep.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)

Modified: stable/8/sys/sparc64/sparc64/stack_machdep.c
==============================================================================
--- stable/8/sys/sparc64/sparc64/stack_machdep.c	Tue Dec 15 19:58:23 2009	(r200584)
+++ stable/8/sys/sparc64/sparc64/stack_machdep.c	Tue Dec 15 20:00:34 2009	(r200585)
@@ -36,15 +36,20 @@ __FBSDID("$FreeBSD$");
 #include <machine/stack.h>
 #include <machine/vmparam.h>
 
-static void stack_capture(struct stack *st, struct frame *fp);
+static void stack_capture(struct stack *st, struct frame *frame);
 
 static void
-stack_capture(struct stack *st, struct frame *fp)
+stack_capture(struct stack *st, struct frame *frame)
 {
+	struct frame *fp;
 	vm_offset_t callpc;
 
 	stack_zero(st);
-	while (1) {
+	fp = frame;
+	for (;;) {
+		if (!INKERNEL((vm_offset_t)fp) ||
+		    !ALIGNED_POINTER(fp, uint64_t))
+                        break;
 		callpc = fp->fr_pc;
 		if (!INKERNEL(callpc))
 			break;
@@ -56,6 +61,9 @@ stack_capture(struct stack *st, struct f
 			break;
 		if (stack_put(st, callpc) == -1)
 			break;
+		if (v9next_frame(fp) <= fp ||
+		    v9next_frame(fp) >= frame + KSTACK_PAGES * PAGE_SIZE)
+			break;
 		fp = v9next_frame(fp);
 	}
 }

Modified: stable/8/sys/sun4v/sun4v/stack_machdep.c
==============================================================================
--- stable/8/sys/sun4v/sun4v/stack_machdep.c	Tue Dec 15 19:58:23 2009	(r200584)
+++ stable/8/sys/sun4v/sun4v/stack_machdep.c	Tue Dec 15 20:00:34 2009	(r200585)
@@ -36,20 +36,28 @@ __FBSDID("$FreeBSD$");
 #include <machine/stack.h>
 #include <machine/vmparam.h>
 
-static void stack_capture(struct stack *st, struct frame *fp);
+static void stack_capture(struct stack *st, struct frame *frame);
 
 static void
-stack_capture(struct stack *st, struct frame *fp)
+stack_capture(struct stack *st, struct frame *frame)
 {
+	struct frame *fp;
 	vm_offset_t callpc;
 
 	stack_zero(st);
-	while (1) {
+	fp = frame;
+	for (;;) {
+		if (!INKERNEL((vm_offset_t)fp) ||
+		    !ALIGNED_POINTER(fp, uint64_t))
+                        break;
 		callpc = fp->fr_pc;
 		if (!INKERNEL(callpc))
 			break;
 		if (stack_put(st, callpc) == -1)
 			break;
+		if (v9next_frame(fp) <= fp ||
+		    v9next_frame(fp) >= frame + KSTACK_PAGES * PAGE_SIZE)
+			break;
 		fp = v9next_frame(fp);
 	}
 }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912152000.nBFK0YFO073628>