Kernel: Use copy_from_user() when appropriate during thread backtracing

2025-05-31 19:48:12 +00:00 · 2020-01-19 10:10:46 +01:00 · 2020-01-19 10:10:46 +01:00 · 87583aea9c
commit 87583aea9c
parent 38fc31ff11
1 changed files with 47 additions and 30 deletions
--- a/Kernel/Thread.cpp
+++ b/Kernel/Thread.cpp
@ -722,40 +722,17 @@ String Thread::backtrace(ProcessInspectionHandle&) const
    return backtrace_impl();
 }

-String Thread::backtrace_impl() const
-{
-    u32 start_frame;
-    if (current == this) {
-        asm volatile("movl %%ebp, %%eax"
-                     : "=a"(start_frame));
-    } else {
-        start_frame = frame_ptr();
-    }
-
-    auto& process = const_cast<Process&>(this->process());
-    ProcessPagingScope paging_scope(process);
-    struct RecognizedSymbol {
+struct RecognizedSymbol {
    u32 address;
    const KSym* ksym;
-    };
-    StringBuilder builder;
-    Vector<RecognizedSymbol, 128> recognized_symbols;
-    if (current != this)
-        recognized_symbols.append({ tss().eip, ksymbolicate(tss().eip) });
-    u32 stack_ptr = start_frame;
-    for (;;) {
-        if (!process.validate_read_from_kernel(VirtualAddress((u32)stack_ptr), sizeof(void*) * 2))
-            break;
-        u32 retaddr;
-        copy_from_user(&retaddr, &((u32*)stack_ptr)[1]);
-        recognized_symbols.append({ retaddr, ksymbolicate(retaddr) });
-        copy_from_user(&stack_ptr, (u32*)stack_ptr);
-    }
+};

-    bool mask_kernel_addresses = !current->process().is_superuser();
-    for (auto& symbol : recognized_symbols) {
+static bool symbolicate(const RecognizedSymbol& symbol, const Process& process, StringBuilder& builder)
+{
    if (!symbol.address)
-            break;
+        return false;
+
+    bool mask_kernel_addresses = !process.is_superuser();
    if (!symbol.ksym) {
        if (!is_user_address(VirtualAddress(symbol.address))) {
            builder.append("0xdeadc0de\n");
@ -765,7 +742,7 @@ String Thread::backtrace_impl() const
            else
                builder.appendf("%p\n", symbol.address);
        }
-            continue;
+        return true;
    }
    unsigned offset = symbol.address - symbol.ksym->address;
    if (symbol.ksym->address == ksym_highest_address && offset > 4096) {
@ -773,6 +750,46 @@ String Thread::backtrace_impl() const
    } else {
        builder.appendf("%p  %s +%u\n", mask_kernel_addresses ? 0xdeadc0de : symbol.address, demangle(symbol.ksym->name).characters(), offset);
    }
+    return true;
+}
+
+String Thread::backtrace_impl() const
+{
+    Vector<RecognizedSymbol, 128> recognized_symbols;
+
+    u32 start_frame;
+    if (current == this) {
+        asm volatile("movl %%ebp, %%eax"
+                     : "=a"(start_frame));
+    } else {
+        start_frame = frame_ptr();
+        recognized_symbols.append({ tss().eip, ksymbolicate(tss().eip) });
+    }
+
+    auto& process = const_cast<Process&>(this->process());
+    ProcessPagingScope paging_scope(process);
+
+    u32 stack_ptr = start_frame;
+    for (;;) {
+        if (!process.validate_read_from_kernel(VirtualAddress((u32)stack_ptr), sizeof(void*) * 2))
+            break;
+        u32 retaddr;
+
+        if (is_user_range(VirtualAddress(stack_ptr), sizeof(void*) * 2)) {
+            copy_from_user(&retaddr, &((u32*)stack_ptr)[1]);
+            recognized_symbols.append({ retaddr, ksymbolicate(retaddr) });
+            copy_from_user(&stack_ptr, (u32*)stack_ptr);
+        } else {
+            memcpy(&retaddr, &((u32*)stack_ptr)[1], sizeof(void*));
+            recognized_symbols.append({ retaddr, ksymbolicate(retaddr) });
+            memcpy(&stack_ptr, (u32*)stack_ptr, sizeof(void*));
+        }
+    }
+
+    StringBuilder builder;
+    for (auto& symbol : recognized_symbols) {
+        if (!symbolicate(symbol, process, builder))
+            break;
    }
    return builder.to_string();
 }