CVS commit: src/sys

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys
From: "Maxime Villard" <maxv%netbsd.org@localhost>
Date: Thu, 19 Oct 2017 10:01:10 +0000

Module Name:    src
Committed By:   maxv
Date:           Thu Oct 19 10:01:10 UTC 2017

Modified Files:
        src/sys/arch/amd64/amd64: machdep.c netbsd32_machdep.c
        src/sys/compat/linux/arch/amd64: linux_machdep.c
        src/sys/compat/linux32/arch/amd64: linux32_machdep.c

Log Message:
Always mask the 16 bits of the segregs in the trapframe. We don't zero-
extend the uint64_t's when building it, so we're leaking 48 bits of kernel
stack to userland.

Having said that, it appears that I unintentionally fixed most of this
issue in locore.S::rev1.127 - by building the frame with interrupts
disabled, we are implicitly guaranteeing that the structure doesn't get
overwritten by the kernel. Which means, we are leaking to userland data
that comes from userland anyway.

(still other places with this issue, but I'll fix them differently)


To generate a diff of this commit:
cvs rdiff -u -r1.268 -r1.269 src/sys/arch/amd64/amd64/machdep.c
cvs rdiff -u -r1.111 -r1.112 src/sys/arch/amd64/amd64/netbsd32_machdep.c
cvs rdiff -u -r1.53 -r1.54 src/sys/compat/linux/arch/amd64/linux_machdep.c
cvs rdiff -u -r1.41 -r1.42 \
    src/sys/compat/linux32/arch/amd64/linux32_machdep.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/arch/amd64/amd64
Next by Date: CVS commit: src/sys/net
Previous by Thread: CVS commit: src/sys/arch/amd64/amd64
Next by Thread: CVS commit: src/sys/net
Indexes:

Home | Main Index | Thread Index | Old Index