HomeFreeBSD
Diffusion FreeBSD src repository 8ad93f44a5da

dtrace: Fix a kernel panic in printm()
8ad93f44a5da
Actions

Description

dtrace: Fix a kernel panic in printm()

When using printm(), one should always pass a scratch pointer to it.
This is achieved by calling printm with memref

BEGIN { printm(fixed_len, memref(ptr, var_len)); }

which will return a pointer to the DTrace scratch space of size
sizeof(uintptr_t) * 2. However, one can easily call printm() as follows

BEGIN { printm(10, (void *)NULL); }

and panic the kernel as a result. This commit does two things:

(1) adds a new macro DTRACE_INSCRATCHPTR(mstate, ptr, howmany) which
    checks if a certain pointer is in the DTrace scratch space;
(2) uses DTRACE_INSCRATCHPTR() to implement a check on printm()'s DIFO
    return value in order to avoid the panic and sets CPU_DTRACE_BADADDR
    if the address is not in the scratch space.

Approved by: re (gjb)
Reviewed by: markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D41722

(cherry picked from commit 8527bb2aee6ca9013c34445de88217a954b6628d)
(cherry picked from commit 49c1b353390cf498bcd9a3e548039e2a64f654fe)

Details

Provenance
domagoj.stolfa_gmail.comAuthored on Sep 6 2023, 1:25 PM
markjCommitted on Sep 28 2023, 8:41 PM
Reviewer
markj
Differential Revision
D41722: dtrace: Fix a kernel panic in printm().
Parents
rGd7ee24d0d5ae: sockets: re-check socket state after call to pr_rcvd()
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
cddl/
contrib/
opensolaris/
uts/
common/
dtrace/

rG8ad93f44a5da

View Options

sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c

Loading...