RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-22 19:45:08 +00:00
Code Issues Activity Actions

Kernel: Fully validate pointers when walking stack during profiling

Browse source 
It's not enough to just check that things wouldn't page fault, we also
need to verify that addresses are accessible to the profiled thread.
This commit is contained in:
Andreas Kling 2020-02-22 09:56:22 +01:00
parent f020081a38
commit 94652fd2fb
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Thread.cpp
View file

@ -813,7 +813,7 @@ Vector<uintptr_t> Thread::raw_backtrace(uintptr_t ebp) const
ProcessPagingScope paging_scope(process);
Vector<uintptr_t, Profiling::max_stack_frame_count> backtrace;
backtrace.append(ebp);
for (uintptr_t* stack_ptr = (uintptr_t*)ebp; MM.can_read_without_faulting(process, VirtualAddress(stack_ptr), sizeof(uintptr_t) * 2); stack_ptr = (uintptr_t*)*stack_ptr) {
for (uintptr_t* stack_ptr = (uintptr_t*)ebp; process.validate_read_from_kernel(VirtualAddress(stack_ptr), sizeof(uintptr_t) * 2) && MM.can_read_without_faulting(process, VirtualAddress(stack_ptr), sizeof(uintptr_t) * 2); stack_ptr = (uintptr_t*)*stack_ptr) {
uintptr_t retaddr = stack_ptr[1];
backtrace.append(retaddr);
if (backtrace.size() == Profiling::max_stack_frame_count)