kdb: Permit a NULL thread credential in kdb_backend_permitted()
Early during boot, thread0 runs with td->td_ucred == NULL. This is
fixed up in proc0_init() at SI_SUB_INTRINSIC. If a panic occurs before
then, rather than dereference a NULL pointer, simply allow the thread to
enter KDB.
Reported by: stevek
Reviewed by: mhorne, stevek
MFC after: 1 week
Fixes: cab1056105 ("kdb: Modify securelevel policy")
Differential Revision: https://reviews.freebsd.org/D41280
This commit is contained in:
+10
-2
@@ -503,11 +503,19 @@ kdb_dbbe_select(const char *name)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
kdb_backend_permitted(struct kdb_dbbe *be, struct ucred *cred)
|
kdb_backend_permitted(struct kdb_dbbe *be, struct thread *td)
|
||||||
{
|
{
|
||||||
|
struct ucred *cred;
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
|
cred = td->td_ucred;
|
||||||
|
if (cred == NULL) {
|
||||||
|
KASSERT(td == &thread0 && cold,
|
||||||
|
("%s: missing cred for %p", __func__, td));
|
||||||
|
error = 0;
|
||||||
|
} else {
|
||||||
error = securelevel_gt(cred, kdb_enter_securelevel);
|
error = securelevel_gt(cred, kdb_enter_securelevel);
|
||||||
|
}
|
||||||
#ifdef MAC
|
#ifdef MAC
|
||||||
/*
|
/*
|
||||||
* Give MAC a chance to weigh in on the policy: if the securelevel is
|
* Give MAC a chance to weigh in on the policy: if the securelevel is
|
||||||
@@ -776,7 +784,7 @@ kdb_trap(int type, int code, struct trapframe *tf)
|
|||||||
cngrab();
|
cngrab();
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
if (!kdb_backend_permitted(be, curthread->td_ucred)) {
|
if (!kdb_backend_permitted(be, curthread)) {
|
||||||
/* Unhandled breakpoint traps are fatal. */
|
/* Unhandled breakpoint traps are fatal. */
|
||||||
handled = 1;
|
handled = 1;
|
||||||
break;
|
break;
|
||||||
|
|||||||
Reference in New Issue
Block a user