KVADDR: Add sanity checks

Dumping process core may fail if readmem encounters invalid kernel virtual addresses.
dczhu · Jul 16, 2019 · c462c56 · c462c56
1 parent e47e886
commit c462c56
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 1 deletion.
diff --git a/extensions/libgcore/gcore_coredump.c b/extensions/libgcore/gcore_coredump.c
@@ -152,6 +152,9 @@ void gcore_coredump(void)
 		uint64_t p_offset, p_filesz;
 		uint32_t p_flags;
 
+		if (!IS_KVADDR(vma))
+			continue;
+
 		vma_cache = fill_vma_cache(vma);
 		vm_start = ULONG(vma_cache + OFFSET(vm_area_struct_vm_start));
 		vm_end   = ULONG(vma_cache + OFFSET(vm_area_struct_vm_end));
@@ -204,6 +207,9 @@ void gcore_coredump(void)
 	FOR_EACH_VMA_OBJECT(vma, index, mmap, gate_vma) {
 		ulong addr, end, vm_start;
 
+		if (!IS_KVADDR(vma))
+			continue;
+
 		vm_start = ULONG(fill_vma_cache(vma) +
 				 OFFSET(vm_area_struct_vm_start));
 
@@ -659,6 +665,9 @@ ulong next_vma(ulong this_vma, ulong gate_vma)
 {
 	ulong next;
 
+	if (!IS_KVADDR(this_vma))
+		return 0UL;
+
 	next = ULONG(fill_vma_cache(this_vma) + OFFSET(vm_area_struct_vm_next));
 	if (next)
 		return next;
@@ -863,6 +872,9 @@ fill_auxv_note(struct elf_note_info *info, struct task_context *tc,
 
 	auxv = (ulong *)GETBUF(GCORE_SIZE(mm_struct_saved_auxv));
 
+	if (!IS_KVADDR(task_mm(tc->task, FALSE)))
+		return;
+
 	readmem(task_mm(tc->task, FALSE) +
 		GCORE_OFFSET(mm_struct_saved_auxv), KVADDR, auxv,
 		GCORE_SIZE(mm_struct_saved_auxv), "fill_auxv_note",

diff --git a/extensions/libgcore/gcore_coredump_table.c b/extensions/libgcore/gcore_coredump_table.c
@@ -220,6 +220,9 @@ __task_pid_nr_ns(ulong task, enum pid_type type)
 		sizeof(nsproxy), "__task_pid_nr_ns: nsproxy",
 		gcore_verbose_error_handle());
 
+	if (!IS_KVADDR(nsproxy))
+		return 0;
+
 	readmem(nsproxy + GCORE_OFFSET(nsproxy_pid_ns), KVADDR, &ns,
 		sizeof(ns), "__task_pid_nr_ns: ns", gcore_verbose_error_handle());
 

diff --git a/mips.c b/mips.c
@@ -422,10 +422,14 @@ mips_uvtop(struct task_context *tc, ulong vaddr, physaddr_t *paddr, int verbose)
 		mm = task_mm(tc->task, TRUE);
 		if (mm)
 			pgd = ULONG_PTR(tt->mm_struct + OFFSET(mm_struct_pgd));
-		else
+		else {
+			if (!IS_KVADDR(tc->mm_struct))
+				return FALSE;
+
 			readmem(tc->mm_struct + OFFSET(mm_struct_pgd),
 				KVADDR, &pgd, sizeof(long), "mm_struct pgd",
 				FAULT_ON_ERROR);
+		}
 	}
 
 	return mips_pgd_vtop(pgd, vaddr, paddr, verbose);