Kernel: Mask kernel addresses in backtraces and profiles

Addresses outside the userspace virtual range will now show up as
0xdeadc0de in backtraces and profiles generated by unprivileged users.

Kernel/FileSystem/ProcFS.cpp

@@ -365,6 +365,7 @@ Optional<KBuffer> procfs$profile(InodeIdentifier)
     InterruptDisabler disabler;
     KBufferBuilder builder;
     JsonArraySerializer array(builder);
+    bool mask_kernel_addresses = !current->process().is_superuser();
     Profiling::for_each_sample([&](auto& sample) {
         auto object = array.add_object();
         object.add("pid", sample.pid);
@@ -375,7 +376,10 @@ Optional<KBuffer> procfs$profile(InodeIdentifier)
             if (sample.frames[i] == 0)
                 break;
             auto frame_object = frames_array.add_object();
-            frame_object.add("address", JsonValue((u32)sample.frames[i]));
+            u32 address = (u32)sample.frames[i];
+            if (mask_kernel_addresses && !is_user_address(VirtualAddress(address)))
+                address = 0xdeadc0de;
+            frame_object.add("address", address);
             frame_object.add("symbol", sample.symbolicated_frames[i]);
             frame_object.add("offset", JsonValue((u32)sample.offsets[i]));
             frame_object.finish();

Kernel/Thread.cpp

@@ -714,21 +714,27 @@ String Thread::backtrace_impl() const
         recognized_symbols.append({ retaddr, ksymbolicate(retaddr) });
     }
 
+    bool mask_kernel_addresses = !current->process().is_superuser();
     for (auto& symbol : recognized_symbols) {
         if (!symbol.address)
             break;
         if (!symbol.ksym) {
-            if (!Scheduler::is_active() && process.elf_loader() && process.elf_loader()->has_symbols())
-                builder.appendf("%p  %s\n", symbol.address, process.elf_loader()->symbolicate(symbol.address).characters());
-            else
-                builder.appendf("%p\n", symbol.address);
+            if (!is_user_address(VirtualAddress(symbol.address))) {
+                builder.append("0xdeadc0de\n");
+            } else {
+                if (!Scheduler::is_active() && process.elf_loader() && process.elf_loader()->has_symbols())
+                    builder.appendf("%p  %s\n", symbol.address, process.elf_loader()->symbolicate(symbol.address).characters());
+                else
+                    builder.appendf("%p\n", symbol.address);
+            }
             continue;
         }
         unsigned offset = symbol.address - symbol.ksym->address;
-        if (symbol.ksym->address == ksym_highest_address && offset > 4096)
-            builder.appendf("%p\n", symbol.address);
-        else
-            builder.appendf("%p  %s +%u\n", symbol.address, demangle(symbol.ksym->name).characters(), offset);
+        if (symbol.ksym->address == ksym_highest_address && offset > 4096) {
+            builder.appendf("%p\n", mask_kernel_addresses ? 0xdeadc0de : symbol.address);
+        } else {
+            builder.appendf("%p  %s +%u\n", mask_kernel_addresses ? 0xdeadc0de : symbol.address, demangle(symbol.ksym->name).characters(), offset);
+        }
     }
     return builder.to_string();
 }

Kernel/VM/MemoryManager.cpp

@@ -601,11 +601,6 @@ void MemoryManager::unquickmap_page()
     m_quickmap_in_use = false;
 }
 
-static inline bool is_user_address(VirtualAddress vaddr)
-{
-    return vaddr.get() >= (8 * MB) && vaddr.get() < 0xc0000000;
-}
-
 template<MemoryManager::AccessSpace space, MemoryManager::AccessType access_type>
 bool MemoryManager::validate_range(const Process& process, VirtualAddress base_vaddr, size_t size) const
 {

Kernel/VM/MemoryManager.h

@@ -159,3 +159,8 @@ void VMObject::for_each_region(Callback callback)
             callback(region);
     }
 }
+
+inline bool is_user_address(VirtualAddress vaddr)
+{
+    return vaddr.get() >= (8 * MB) && vaddr.get() < 0xc0000000;
+}