CVS commit: src/sys/arch

Mon, 12 Feb 2018 20:10:58 -0800 

Module Name:    src
Committed By:   ozaki-r
Date:           Tue Feb 13 04:10:41 UTC 2018

Modified Files:
        src/sys/arch/amd64/amd64: db_interface.c
        src/sys/arch/i386/i386: db_interface.c

Log Message:
Fix NULL pointer dereference via ddb_regs

ddb_regs can be *ddb_regp (see db_machdep.h) so ddb_regp should be NULL-ed
after dereference to ddb_regs.

Also dbreg should be restored to ddb_regp because ddb_regp can be changed
by db_mach_cpu during db_trap.

Fix PR 52964
Helped by nonaka@


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/sys/arch/amd64/amd64/db_interface.c
cvs rdiff -u -r1.78 -r1.79 src/sys/arch/i386/i386/db_interface.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/amd64/amd64/db_interface.c
diff -u src/sys/arch/amd64/amd64/db_interface.c:1.29 src/sys/arch/amd64/amd64/db_interface.c:1.30
--- src/sys/arch/amd64/amd64/db_interface.c:1.29	Sat Feb 10 03:55:58 2018
+++ src/sys/arch/amd64/amd64/db_interface.c	Tue Feb 13 04:10:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: db_interface.c,v 1.29 2018/02/10 03:55:58 christos Exp $	*/
+/*	$NetBSD: db_interface.c,v 1.30 2018/02/13 04:10:41 ozaki-r Exp $	*/
 
 /*
  * Mach Operating System
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.29 2018/02/10 03:55:58 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.30 2018/02/13 04:10:41 ozaki-r Exp $");
 
 #include "opt_ddb.h"
 #include "opt_multiprocessor.h"
@@ -189,6 +189,9 @@ int
 kdb_trap(int type, int code, db_regs_t *regs)
 {
 	int s;
+#ifdef MULTIPROCESSOR
+	db_regs_t dbreg;
+#endif
 
 	switch (type) {
 	case T_NMI:	/* NMI */
@@ -210,7 +213,6 @@ kdb_trap(int type, int code, db_regs_t *
 	}
 
 #ifdef MULTIPROCESSOR
-	db_regs_t dbreg;
 	if (!db_suspend_others()) {
 		ddb_suspend(regs);
 	} else {
@@ -237,10 +239,12 @@ kdb_trap(int type, int code, db_regs_t *
 #ifdef MULTIPROCESSOR
 	db_resume_others();
 	}
+	/* Restore dbreg because ddb_regp can be changed by db_mach_cpu */
+	ddb_regp = &dbreg;
 #endif
-	ddb_regp = NULL;
 
 	*regs = ddb_regs;
+	ddb_regp = NULL;
 
 	return (1);
 }

Index: src/sys/arch/i386/i386/db_interface.c
diff -u src/sys/arch/i386/i386/db_interface.c:1.78 src/sys/arch/i386/i386/db_interface.c:1.79
--- src/sys/arch/i386/i386/db_interface.c:1.78	Sat Feb 10 11:50:39 2018
+++ src/sys/arch/i386/i386/db_interface.c	Tue Feb 13 04:10:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: db_interface.c,v 1.78 2018/02/10 11:50:39 kre Exp $	*/
+/*	$NetBSD: db_interface.c,v 1.79 2018/02/13 04:10:41 ozaki-r Exp $	*/
 
 /*
  * Mach Operating System
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.78 2018/02/10 11:50:39 kre Exp $");
+__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.79 2018/02/13 04:10:41 ozaki-r Exp $");
 
 #include "opt_ddb.h"
 #include "opt_multiprocessor.h"
@@ -255,8 +255,9 @@ kdb_trap(int type, int code, db_regs_t *
 #ifdef MULTIPROCESSOR
 	db_resume_others();
 	}
+	/* Restore dbreg because ddb_regp can be changed by db_mach_cpu */
+	ddb_regp = &dbreg;
 #endif
-	ddb_regp = NULL;
 
 	regs->tf_gs     = ddb_regs.tf_gs;
 	regs->tf_fs     = ddb_regs.tf_fs;
@@ -278,6 +279,8 @@ kdb_trap(int type, int code, db_regs_t *
 		regs->tf_ss     = ddb_regs.tf_ss;
 	}
 
+	ddb_regp = NULL;
+
 	return (1);
 }

Reply via email to