mirror of
https://github.com/SerenityOS/serenity
synced 2024-10-06 16:09:30 +00:00
Kernel: Note if the page fault address is a destroyed smart pointer
While I was working on LibWeb, I got a page fault at 0xe0e0e0e4. This indicates a destroyed RefPtr if compiled with SANITIZE_PTRS defined. However, the page fault handler didn't print out this indication. This makes the page fault handler print out a note if the faulting address looks like a recently destroyed RefPtr, OwnPtr, NonnullRefPtr, NonnullOwnPtr, ThreadSafeRefPtr or ThreadSafeNonnullRefPtr. It will only do this if SANITIZE_PTRS is defined, as smart pointers don't get scrubbed without it being defined.
This commit is contained in:
parent
350c5a751d
commit
49259777ef
|
@ -13,6 +13,8 @@
|
||||||
#include <AK/Traits.h>
|
#include <AK/Traits.h>
|
||||||
#include <AK/Types.h>
|
#include <AK/Types.h>
|
||||||
|
|
||||||
|
#define NONNULLOWNPTR_SCRUB_BYTE 0xf1
|
||||||
|
|
||||||
namespace AK {
|
namespace AK {
|
||||||
|
|
||||||
template<typename T, typename PtrTraits>
|
template<typename T, typename PtrTraits>
|
||||||
|
@ -51,7 +53,7 @@ public:
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
#ifdef SANITIZE_PTRS
|
#ifdef SANITIZE_PTRS
|
||||||
m_ptr = (T*)(explode_byte(0xe3));
|
m_ptr = (T*)(explode_byte(NONNULLOWNPTR_SCRUB_BYTE));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,8 @@
|
||||||
|
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
|
#define NONNULLREFPTR_SCRUB_BYTE 0xe1
|
||||||
|
|
||||||
#ifdef KERNEL
|
#ifdef KERNEL
|
||||||
# include <Kernel/Library/ThreadSafeNonnullRefPtr.h>
|
# include <Kernel/Library/ThreadSafeNonnullRefPtr.h>
|
||||||
#else
|
#else
|
||||||
|
@ -97,7 +99,7 @@ public:
|
||||||
unref_if_not_null(m_ptr);
|
unref_if_not_null(m_ptr);
|
||||||
m_ptr = nullptr;
|
m_ptr = nullptr;
|
||||||
# ifdef SANITIZE_PTRS
|
# ifdef SANITIZE_PTRS
|
||||||
m_ptr = reinterpret_cast<T*>(explode_byte(0xb0));
|
m_ptr = reinterpret_cast<T*>(explode_byte(NONNULLREFPTR_SCRUB_BYTE));
|
||||||
# endif
|
# endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,8 @@
|
||||||
# include <Kernel/API/KResult.h>
|
# include <Kernel/API/KResult.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define OWNPTR_SCRUB_BYTE 0xf0
|
||||||
|
|
||||||
namespace AK {
|
namespace AK {
|
||||||
|
|
||||||
template<typename T>
|
template<typename T>
|
||||||
|
@ -43,7 +45,7 @@ public:
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
#ifdef SANITIZE_PTRS
|
#ifdef SANITIZE_PTRS
|
||||||
m_ptr = (T*)(explode_byte(0xe1));
|
m_ptr = (T*)(explode_byte(OWNPTR_SCRUB_BYTE));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,8 @@
|
||||||
|
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
|
#define REFPTR_SCRUB_BYTE 0xe0
|
||||||
|
|
||||||
#ifdef KERNEL
|
#ifdef KERNEL
|
||||||
# include <Kernel/Library/ThreadSafeRefPtr.h>
|
# include <Kernel/Library/ThreadSafeRefPtr.h>
|
||||||
#else
|
#else
|
||||||
|
@ -100,7 +102,7 @@ public:
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
# ifdef SANITIZE_PTRS
|
# ifdef SANITIZE_PTRS
|
||||||
m_ptr = reinterpret_cast<T*>(explode_byte(0xe0));
|
m_ptr = reinterpret_cast<T*>(explode_byte(REFPTR_SCRUB_BYTE));
|
||||||
# endif
|
# endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -357,12 +357,12 @@ void page_fault_handler(TrapFrame* trap)
|
||||||
regs.exception_code & PageFaultFlags::InstructionFetch ? "instruction fetch / " : "",
|
regs.exception_code & PageFaultFlags::InstructionFetch ? "instruction fetch / " : "",
|
||||||
regs.exception_code & PageFaultFlags::Write ? "write to" : "read from",
|
regs.exception_code & PageFaultFlags::Write ? "write to" : "read from",
|
||||||
VirtualAddress(fault_address));
|
VirtualAddress(fault_address));
|
||||||
FlatPtr malloc_scrub_pattern = explode_byte(MALLOC_SCRUB_BYTE);
|
constexpr FlatPtr malloc_scrub_pattern = explode_byte(MALLOC_SCRUB_BYTE);
|
||||||
FlatPtr free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE);
|
constexpr FlatPtr free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE);
|
||||||
FlatPtr kmalloc_scrub_pattern = explode_byte(KMALLOC_SCRUB_BYTE);
|
constexpr FlatPtr kmalloc_scrub_pattern = explode_byte(KMALLOC_SCRUB_BYTE);
|
||||||
FlatPtr kfree_scrub_pattern = explode_byte(KFREE_SCRUB_BYTE);
|
constexpr FlatPtr kfree_scrub_pattern = explode_byte(KFREE_SCRUB_BYTE);
|
||||||
FlatPtr slab_alloc_scrub_pattern = explode_byte(SLAB_ALLOC_SCRUB_BYTE);
|
constexpr FlatPtr slab_alloc_scrub_pattern = explode_byte(SLAB_ALLOC_SCRUB_BYTE);
|
||||||
FlatPtr slab_dealloc_scrub_pattern = explode_byte(SLAB_DEALLOC_SCRUB_BYTE);
|
constexpr FlatPtr slab_dealloc_scrub_pattern = explode_byte(SLAB_DEALLOC_SCRUB_BYTE);
|
||||||
if ((fault_address & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) {
|
if ((fault_address & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) {
|
||||||
dbgln("Note: Address {} looks like it may be uninitialized malloc() memory", VirtualAddress(fault_address));
|
dbgln("Note: Address {} looks like it may be uninitialized malloc() memory", VirtualAddress(fault_address));
|
||||||
} else if ((fault_address & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) {
|
} else if ((fault_address & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) {
|
||||||
|
@ -377,6 +377,27 @@ void page_fault_handler(TrapFrame* trap)
|
||||||
dbgln("Note: Address {} looks like it may be recently slab_dealloc()'d memory", VirtualAddress(fault_address));
|
dbgln("Note: Address {} looks like it may be recently slab_dealloc()'d memory", VirtualAddress(fault_address));
|
||||||
} else if (fault_address < 4096) {
|
} else if (fault_address < 4096) {
|
||||||
dbgln("Note: Address {} looks like a possible nullptr dereference", VirtualAddress(fault_address));
|
dbgln("Note: Address {} looks like a possible nullptr dereference", VirtualAddress(fault_address));
|
||||||
|
} else if constexpr (SANITIZE_PTRS) {
|
||||||
|
constexpr FlatPtr refptr_scrub_pattern = explode_byte(REFPTR_SCRUB_BYTE);
|
||||||
|
constexpr FlatPtr nonnullrefptr_scrub_pattern = explode_byte(NONNULLREFPTR_SCRUB_BYTE);
|
||||||
|
constexpr FlatPtr ownptr_scrub_pattern = explode_byte(OWNPTR_SCRUB_BYTE);
|
||||||
|
constexpr FlatPtr nonnullownptr_scrub_pattern = explode_byte(NONNULLOWNPTR_SCRUB_BYTE);
|
||||||
|
constexpr FlatPtr threadsaferefptr_scrub_pattern = explode_byte(THREADSAFEREFPTR_SCRUB_BYTE);
|
||||||
|
constexpr FlatPtr threadsafenonnullrefptr_scrub_pattern = explode_byte(THREADSAFENONNULLREFPTR_SCRUB_BYTE);
|
||||||
|
|
||||||
|
if ((fault_address & 0xffff0000) == (refptr_scrub_pattern & 0xffff0000)) {
|
||||||
|
dbgln("Note: Address {} looks like it may be a recently destroyed RefPtr", VirtualAddress(fault_address));
|
||||||
|
} else if ((fault_address & 0xffff0000) == (nonnullrefptr_scrub_pattern & 0xffff0000)) {
|
||||||
|
dbgln("Note: Address {} looks like it may be a recently destroyed NonnullRefPtr", VirtualAddress(fault_address));
|
||||||
|
} else if ((fault_address & 0xffff0000) == (ownptr_scrub_pattern & 0xffff0000)) {
|
||||||
|
dbgln("Note: Address {} looks like it may be a recently destroyed OwnPtr", VirtualAddress(fault_address));
|
||||||
|
} else if ((fault_address & 0xffff0000) == (nonnullownptr_scrub_pattern & 0xffff0000)) {
|
||||||
|
dbgln("Note: Address {} looks like it may be a recently destroyed NonnullOwnPtr", VirtualAddress(fault_address));
|
||||||
|
} else if ((fault_address & 0xffff0000) == (threadsaferefptr_scrub_pattern & 0xffff0000)) {
|
||||||
|
dbgln("Note: Address {} looks like it may be a recently destroyed ThreadSafeRefPtr", VirtualAddress(fault_address));
|
||||||
|
} else if ((fault_address & 0xffff0000) == (threadsafenonnullrefptr_scrub_pattern & 0xffff0000)) {
|
||||||
|
dbgln("Note: Address {} looks like it may be a recently destroyed ThreadSafeNonnullRefPtr", VirtualAddress(fault_address));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (current_thread) {
|
if (current_thread) {
|
||||||
|
|
|
@ -16,6 +16,8 @@
|
||||||
# include <Kernel/Arch/x86/ScopedCritical.h>
|
# include <Kernel/Arch/x86/ScopedCritical.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define THREADSAFENONNULLREFPTR_SCRUB_BYTE 0xa1
|
||||||
|
|
||||||
namespace AK {
|
namespace AK {
|
||||||
|
|
||||||
template<typename T>
|
template<typename T>
|
||||||
|
@ -95,7 +97,7 @@ public:
|
||||||
{
|
{
|
||||||
assign(nullptr);
|
assign(nullptr);
|
||||||
#ifdef SANITIZE_PTRS
|
#ifdef SANITIZE_PTRS
|
||||||
m_bits.store(explode_byte(0xb0), AK::MemoryOrder::memory_order_relaxed);
|
m_bits.store(explode_byte(THREADSAFENONNULLREFPTR_SCRUB_BYTE), AK::MemoryOrder::memory_order_relaxed);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,8 @@
|
||||||
# include <Kernel/Arch/x86/ScopedCritical.h>
|
# include <Kernel/Arch/x86/ScopedCritical.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define THREADSAFEREFPTR_SCRUB_BYTE 0xa0
|
||||||
|
|
||||||
namespace AK {
|
namespace AK {
|
||||||
|
|
||||||
template<typename T>
|
template<typename T>
|
||||||
|
@ -182,7 +184,7 @@ public:
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
#ifdef SANITIZE_PTRS
|
#ifdef SANITIZE_PTRS
|
||||||
m_bits.store(explode_byte(0xe0), AK::MemoryOrder::memory_order_relaxed);
|
m_bits.store(explode_byte(THREADSAFEREFPTR_SCRUB_BYTE), AK::MemoryOrder::memory_order_relaxed);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue