MFC r285643:

When checking for the valid value of the frame pointer, verify that it
belongs to the kernel stack address range for the thread.

sys/amd64/amd64/stack_machdep.c

@@ -40,7 +40,7 @@ __FBSDID("$FreeBSD$");
 #include <vm/pmap.h>
 
 static void
-stack_capture(struct stack *st, register_t rbp)
+stack_capture(struct thread *td, struct stack *st, register_t rbp)
 {
 	struct amd64_frame *frame;
 	vm_offset_t callpc;
@@ -56,8 +56,8 @@ stack_capture(struct stack *st, register_t rbp)
 		if (stack_put(st, callpc) == -1)
 			break;
 		if (frame->f_frame <= frame ||
-		    (vm_offset_t)frame->f_frame >=
-		    (vm_offset_t)rbp + KSTACK_PAGES * PAGE_SIZE)
+		    (vm_offset_t)frame->f_frame >= td->td_kstack +
+		    td->td_kstack_pages * PAGE_SIZE)
 			break;
 		frame = frame->f_frame;
 	}
@@ -74,7 +74,7 @@ stack_save_td(struct stack *st, struct thread *td)
 		panic("stack_save_td: running");
 
 	rbp = td->td_pcb->pcb_rbp;
-	stack_capture(st, rbp);
+	stack_capture(td, st, rbp);
 }
 
 void
@@ -83,5 +83,5 @@ stack_save(struct stack *st)
 	register_t rbp;
 
 	__asm __volatile("movq %%rbp,%0" : "=r" (rbp));
-	stack_capture(st, rbp);
+	stack_capture(curthread, st, rbp);
 }

sys/cddl/dev/dtrace/amd64/dtrace_isa.c

@@ -89,8 +89,8 @@ dtrace_getpcstack(pc_t *pcstack, int pcstack_limit, int aframes,
 		}
 
 		if (frame->f_frame <= frame ||
-		    (vm_offset_t)frame->f_frame >=
-		    (vm_offset_t)rbp + KSTACK_PAGES * PAGE_SIZE)
+		    (vm_offset_t)frame->f_frame >= curthread->td_kstack +
+		    curthread->td_kstack_pages * PAGE_SIZE)
 			break;
 		frame = frame->f_frame;
 	}
@@ -469,8 +469,8 @@ dtrace_getstackdepth(int aframes)
 			break;
 		depth++;
 		if (frame->f_frame <= frame ||
-		    (vm_offset_t)frame->f_frame >=
-		    (vm_offset_t)rbp + KSTACK_PAGES * PAGE_SIZE)
+		    (vm_offset_t)frame->f_frame >= curthread->td_kstack +
+		    curthread->td_kstack_pages * PAGE_SIZE)
 			break;
 		frame = frame->f_frame;
 	}

sys/cddl/dev/dtrace/i386/dtrace_isa.c

@@ -92,8 +92,8 @@ dtrace_getpcstack(pc_t *pcstack, int pcstack_limit, int aframes,
 		}
 
 		if (frame->f_frame <= frame ||
-		    (vm_offset_t)frame->f_frame >=
-		    (vm_offset_t)ebp + KSTACK_PAGES * PAGE_SIZE)
+		    (vm_offset_t)frame->f_frame >= curthread->td_kstack +
+		    curthread->td_kstack_pages * PAGE_SIZE)
 			break;
 		frame = frame->f_frame;
 	}
@@ -485,8 +485,8 @@ dtrace_getstackdepth(int aframes)
 			break;
 		depth++;
 		if (frame->f_frame <= frame ||
-		    (vm_offset_t)frame->f_frame >=
-		    (vm_offset_t)ebp + KSTACK_PAGES * PAGE_SIZE)
+		    (vm_offset_t)frame->f_frame >= curthread->td_kstack +
+		    curthread->td_kstack_pages * PAGE_SIZE)
 			break;
 		frame = frame->f_frame;
 	}

sys/i386/i386/stack_machdep.c

@@ -40,7 +40,7 @@ __FBSDID("$FreeBSD$");
 #include <vm/pmap.h>
 
 static void
-stack_capture(struct stack *st, register_t ebp)
+stack_capture(struct thread *td, struct stack *st, register_t ebp)
 {
 	struct i386_frame *frame;
 	vm_offset_t callpc;
@@ -56,8 +56,8 @@ stack_capture(struct stack *st, register_t ebp)
 		if (stack_put(st, callpc) == -1)
 			break;
 		if (frame->f_frame <= frame ||
-		    (vm_offset_t)frame->f_frame >=
-		    (vm_offset_t)ebp + KSTACK_PAGES * PAGE_SIZE)
+		    (vm_offset_t)frame->f_frame >= td->td_kstack +
+		    td->td_kstack_pages * PAGE_SIZE)
 			break;
 		frame = frame->f_frame;
 	}
@@ -74,7 +74,7 @@ stack_save_td(struct stack *st, struct thread *td)
 		panic("stack_save_td: running");
 
 	ebp = td->td_pcb->pcb_ebp;
-	stack_capture(st, ebp);
+	stack_capture(td, st, ebp);
 }
 
 void
@@ -83,5 +83,5 @@ stack_save(struct stack *st)
 	register_t ebp;
 
 	__asm __volatile("movl %%ebp,%0" : "=r" (ebp));
-	stack_capture(st, ebp);
+	stack_capture(curthread, st, ebp);
 }