git: bd16c274c382 - main - kdb: Permit a NULL thread credential in kdb_backend_permitted()

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Wed, 02 Aug 2023 13:15:43 UTC 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=bd16c274c3826926108f0539b5043c5a811cad43

commit bd16c274c3826926108f0539b5043c5a811cad43
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-08-01 21:58:42 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-02 13:15:08 +0000

    kdb: Permit a NULL thread credential in kdb_backend_permitted()
    
    Early during boot, thread0 runs with td->td_ucred == NULL.  This is
    fixed up in proc0_init() at SI_SUB_INTRINSIC.  If a panic occurs before
    then, rather than dereference a NULL pointer, simply allow the thread to
    enter KDB.
    
    Reported by:    stevek
    Reviewed by:    mhorne, stevek
    MFC after:      1 week
    Fixes:          cab1056105e3 ("kdb: Modify securelevel policy")
    Differential Revision:  https://reviews.freebsd.org/D41280
---
 sys/kern/subr_kdb.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c
index 2f419b4d8ad5..dda21d53b6a5 100644
--- a/sys/kern/subr_kdb.c
+++ b/sys/kern/subr_kdb.c
@@ -503,11 +503,19 @@ kdb_dbbe_select(const char *name)
 }
 
 static bool
-kdb_backend_permitted(struct kdb_dbbe *be, struct ucred *cred)
+kdb_backend_permitted(struct kdb_dbbe *be, struct thread *td)
 {
+	struct ucred *cred;
 	int error;
 
-	error = securelevel_gt(cred, kdb_enter_securelevel);
+	cred = td->td_ucred;
+	if (cred == NULL) {
+		KASSERT(td == &thread0 && cold,
+		    ("%s: missing cred for %p", __func__, td));
+		error = 0;
+	} else {
+		error = securelevel_gt(cred, kdb_enter_securelevel);
+	}
 #ifdef MAC
 	/*
 	 * Give MAC a chance to weigh in on the policy: if the securelevel is
@@ -776,7 +784,7 @@ kdb_trap(int type, int code, struct trapframe *tf)
 	cngrab();
 
 	for (;;) {
-		if (!kdb_backend_permitted(be, curthread->td_ucred)) {
+		if (!kdb_backend_permitted(be, curthread)) {
 			/* Unhandled breakpoint traps are fatal. */
 			handled = 1;
 			break;