kdb: Permit a NULL thread credential in kdb_backend_permitted()

Early during boot, thread0 runs with td->td_ucred == NULL.  This is
fixed up in proc0_init() at SI_SUB_INTRINSIC.  If a panic occurs before
then, rather than dereference a NULL pointer, simply allow the thread to
enter KDB.

Reported by:	stevek
Reviewed by:	mhorne, stevek
MFC after:	1 week
Fixes:		cab1056105 ("kdb: Modify securelevel policy")
Differential Revision:	https://reviews.freebsd.org/D41280
This commit is contained in:
Mark Johnston
2023-08-01 17:58:42 -04:00
parent 29eab3e4e0
commit bd16c274c3
+10 -2
View File
@@ -503,11 +503,19 @@ kdb_dbbe_select(const char *name)
}
static bool
kdb_backend_permitted(struct kdb_dbbe *be, struct ucred *cred)
kdb_backend_permitted(struct kdb_dbbe *be, struct thread *td)
{
struct ucred *cred;
int error;
cred = td->td_ucred;
if (cred == NULL) {
KASSERT(td == &thread0 && cold,
("%s: missing cred for %p", __func__, td));
error = 0;
} else {
error = securelevel_gt(cred, kdb_enter_securelevel);
}
#ifdef MAC
/*
* Give MAC a chance to weigh in on the policy: if the securelevel is
@@ -776,7 +784,7 @@ kdb_trap(int type, int code, struct trapframe *tf)
cngrab();
for (;;) {
if (!kdb_backend_permitted(be, curthread->td_ucred)) {
if (!kdb_backend_permitted(be, curthread)) {
/* Unhandled breakpoint traps are fatal. */
handled = 1;
break;