git: 40e0fa10f58d - main - Check alignment of fp in unwind_frame
Date: Tue, 15 Nov 2022 00:26:09 UTC
The branch main has been updated by brooks:
URL: https://cgit.FreeBSD.org/src/commit/?id=40e0fa10f58d90744c2857b57adf0ddbce1a1e1c
commit 40e0fa10f58d90744c2857b57adf0ddbce1a1e1c
Author: Dapeng Gao <dapeng@dpgao.cn>
AuthorDate: 2022-11-15 00:21:38 +0000
Commit: Brooks Davis <brooks@FreeBSD.org>
CommitDate: 2022-11-15 00:25:46 +0000
Check alignment of fp in unwind_frame
A misaligned frame pointer is certainly not a valid frame pointer and
with strict alignment enabled (as on CHERI) can cause panics when it is
loaded from later in the code.
Reviewed By: jhb
Differential Revision: https://reviews.freebsd.org/D34646
---
sys/arm64/arm64/unwind.c | 3 ++-
sys/riscv/riscv/unwind.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/sys/arm64/arm64/unwind.c b/sys/arm64/arm64/unwind.c
index 470b64c00540..81431e109494 100644
--- a/sys/arm64/arm64/unwind.c
+++ b/sys/arm64/arm64/unwind.c
@@ -41,7 +41,8 @@ unwind_frame(struct thread *td, struct unwind_state *frame)
fp = frame->fp;
- if (!kstack_contains(td, fp, sizeof(uintptr_t) * 2))
+ if (!is_aligned(fp, sizeof(fp)) ||
+ !kstack_contains(td, fp, sizeof(fp) * 2))
return (false);
/* FP to previous frame (X29) */
diff --git a/sys/riscv/riscv/unwind.c b/sys/riscv/riscv/unwind.c
index 9efb1fef9451..a66ffebcdc35 100644
--- a/sys/riscv/riscv/unwind.c
+++ b/sys/riscv/riscv/unwind.c
@@ -47,7 +47,8 @@ unwind_frame(struct thread *td, struct unwind_state *frame)
fp = frame->fp;
- if (!kstack_contains(td, fp - sizeof(fp) * 2, sizeof(fp) * 2))
+ if (!is_aligned(fp, sizeof(fp)) ||
+ !kstack_contains(td, fp - sizeof(fp) * 2, sizeof(fp) * 2))
return (false);
frame->sp = fp;