Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/arch Fix NULL pointer dereference via ddb_regs



details:   https://anonhg.NetBSD.org/src/rev/e9b0802d2a0d
branches:  trunk
changeset: 359495:e9b0802d2a0d
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Tue Feb 13 04:10:41 2018 +0000

description:
Fix NULL pointer dereference via ddb_regs

ddb_regs can be *ddb_regp (see db_machdep.h) so ddb_regp should be NULL-ed
after dereference to ddb_regs.

Also dbreg should be restored to ddb_regp because ddb_regp can be changed
by db_mach_cpu during db_trap.

Fix PR 52964
Helped by nonaka@

diffstat:

 sys/arch/amd64/amd64/db_interface.c |  12 ++++++++----
 sys/arch/i386/i386/db_interface.c   |   9 ++++++---
 2 files changed, 14 insertions(+), 7 deletions(-)

diffs (88 lines):

diff -r 4cb52c530c70 -r e9b0802d2a0d sys/arch/amd64/amd64/db_interface.c
--- a/sys/arch/amd64/amd64/db_interface.c       Tue Feb 13 01:05:18 2018 +0000
+++ b/sys/arch/amd64/amd64/db_interface.c       Tue Feb 13 04:10:41 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: db_interface.c,v 1.29 2018/02/10 03:55:58 christos Exp $       */
+/*     $NetBSD: db_interface.c,v 1.30 2018/02/13 04:10:41 ozaki-r Exp $        */
 
 /*
  * Mach Operating System
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.29 2018/02/10 03:55:58 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.30 2018/02/13 04:10:41 ozaki-r Exp $");
 
 #include "opt_ddb.h"
 #include "opt_multiprocessor.h"
@@ -189,6 +189,9 @@
 kdb_trap(int type, int code, db_regs_t *regs)
 {
        int s;
+#ifdef MULTIPROCESSOR
+       db_regs_t dbreg;
+#endif
 
        switch (type) {
        case T_NMI:     /* NMI */
@@ -210,7 +213,6 @@
        }
 
 #ifdef MULTIPROCESSOR
-       db_regs_t dbreg;
        if (!db_suspend_others()) {
                ddb_suspend(regs);
        } else {
@@ -237,10 +239,12 @@
 #ifdef MULTIPROCESSOR
        db_resume_others();
        }
+       /* Restore dbreg because ddb_regp can be changed by db_mach_cpu */
+       ddb_regp = &dbreg;
 #endif
-       ddb_regp = NULL;
 
        *regs = ddb_regs;
+       ddb_regp = NULL;
 
        return (1);
 }
diff -r 4cb52c530c70 -r e9b0802d2a0d sys/arch/i386/i386/db_interface.c
--- a/sys/arch/i386/i386/db_interface.c Tue Feb 13 01:05:18 2018 +0000
+++ b/sys/arch/i386/i386/db_interface.c Tue Feb 13 04:10:41 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: db_interface.c,v 1.78 2018/02/10 11:50:39 kre Exp $    */
+/*     $NetBSD: db_interface.c,v 1.79 2018/02/13 04:10:41 ozaki-r Exp $        */
 
 /*
  * Mach Operating System
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.78 2018/02/10 11:50:39 kre Exp $");
+__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.79 2018/02/13 04:10:41 ozaki-r Exp $");
 
 #include "opt_ddb.h"
 #include "opt_multiprocessor.h"
@@ -255,8 +255,9 @@
 #ifdef MULTIPROCESSOR
        db_resume_others();
        }
+       /* Restore dbreg because ddb_regp can be changed by db_mach_cpu */
+       ddb_regp = &dbreg;
 #endif
-       ddb_regp = NULL;
 
        regs->tf_gs     = ddb_regs.tf_gs;
        regs->tf_fs     = ddb_regs.tf_fs;
@@ -278,6 +279,8 @@
                regs->tf_ss     = ddb_regs.tf_ss;
        }
 
+       ddb_regp = NULL;
+
        return (1);
 }
 



Home | Main Index | Thread Index | Old Index