1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 14:17:36 +00:00

Kernel+LibC: Make page fault crashes a bit more readable.

We'll now try to detect crashes that were due to dereferencing nullptr,
uninitialized malloc() memory, or recently free()'d memory.
It's not perfect but I think it's pretty good. :^)

Also added some color to the most important parts of the crash log,
and added some more modes to /bin/crash for exercising this code.

Fixes #243.
This commit is contained in:
Andreas Kling 2019-06-19 20:52:12 +02:00
parent 15bea7153a
commit 8c0ae711d8
5 changed files with 76 additions and 11 deletions

View file

@ -7,6 +7,7 @@
#include <Kernel/Arch/i386/CPU.h>
#include <Kernel/KSyms.h>
#include <Kernel/VM/MemoryManager.h>
#include <LibC/mallocdefs.h>
//#define PAGE_FAULT_DEBUG
@ -254,9 +255,9 @@ void exception_14_handler(RegisterDumpWithExceptionCode& regs)
{
ASSERT(current);
dword faultAddress;
dword fault_address;
asm("movl %%cr2, %%eax"
: "=a"(faultAddress));
: "=a"(fault_address));
dword fault_page_directory;
asm("movl %%cr3, %%eax"
@ -270,22 +271,33 @@ void exception_14_handler(RegisterDumpWithExceptionCode& regs)
regs.exception_code & 1 ? "PV" : "NP",
fault_page_directory,
regs.exception_code & 2 ? "write" : "read",
faultAddress);
fault_address);
#endif
#ifdef PAGE_FAULT_DEBUG
dump(regs);
#endif
auto response = MM.handle_page_fault(PageFault(regs.exception_code, VirtualAddress(faultAddress)));
auto response = MM.handle_page_fault(PageFault(regs.exception_code, VirtualAddress(fault_address)));
if (response == PageFaultResponse::ShouldCrash) {
kprintf("%s(%u:%u) unrecoverable page fault, %s vaddr=%p\n",
dbgprintf("\033[31;1m%s(%u:%u) Unrecoverable page fault, %s address %p\033[0m\n",
current->process().name().characters(),
current->pid(),
current->tid(),
regs.exception_code & 2 ? "write" : "read",
faultAddress);
regs.exception_code & 2 ? "write to" : "read from",
fault_address);
dword malloc_scrub_pattern = explode_byte(MALLOC_SCRUB_BYTE);
dword free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE);
if ((fault_address & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) {
dbgprintf("\033[33;1mNote: Address %p looks like it may be uninitialized malloc() memory\033[0m\n", fault_address);
} else if ((fault_address & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) {
dbgprintf("\033[33;1mNote: Address %p looks like it may be recently free()'d memory\033[0m\n", fault_address);
} else if (fault_address < 4096) {
dbgprintf("\033[33;1mNote: Address %p looks like a possible nullptr dereference\033[0m\n", fault_address);
}
dump(regs);
current->process().crash(SIGSEGV, regs.eip);
} else if (response == PageFaultResponse::Continue) {