Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys Pull up the following, requested by christos in ticke...
details: https://anonhg.NetBSD.org/src/rev/5ec1f29fef60
branches: netbsd-8
changeset: 852713:5ec1f29fef60
user: martin <martin%NetBSD.org@localhost>
date: Tue Jan 21 18:12:53 2020 +0000
description:
Pull up the following, requested by christos in ticket #1487:
sys/compat/common/kern_sig_43.c 1.36
sys/compat/linux/arch/amd64/linux_machdep.c 1.59
sys/compat/linux/common/linux_fcntl.h 1.18
sys/compat/linux/common/linux_file64.c 1.62
sys/compat/linux/common/linux_ipc.c 1.57
sys/compat/linux/common/linux_misc.c 1.243
sys/compat/linux/common/linux_signal.c 1.81
sys/compat/linux/common/linux_socket.c 1.149
sys/compat/linux/common/linux_socket.h 1.24
sys/compat/linux/common/linux_statfs.h 1.7
sys/compat/linux/common/linux_termios.c 1.38
sys/compat/linux/common/linux_termios.h 1.22
sys/compat/linux32/common/linux32_dirent.c 1.20
sys/compat/linux32/common/linux32_ioctl.c 1.14
sys/compat/linux32/common/linux32_misc.c 1.27
sys/compat/linux32/common/linux32_signal.c 1.20
sys/compat/linux32/common/linux32_sysinfo.c 1.8
sys/compat/linux32/common/linux32_termios.c 1.15
sys/compat/linux32/common/linux32_utsname.c 1.10
sys/compat/netbsd32/netbsd32_compat_20.c 1.39
sys/compat/netbsd32/netbsd32_compat_43.c 1.59
sys/compat/netbsd32/netbsd32_compat_50.c 1.44
sys/compat/ossaudio/ossaudio.c 1.75
sys/kern/sysv_shm.c 1.138
sys/miscfs/procfs/procfs_linux.c 1.75 (patch)
sys/sys/shm.h 1.54
Fix various info leaks, out of bound access, usage of uninitialized
values and direct access to userland variables from kernel space
and memory leaks in system calls implemented for the compatibility
subsystems.
diffstat:
sys/compat/common/kern_sig_43.c | 5 +++--
sys/compat/linux/arch/amd64/linux_machdep.c | 5 ++---
sys/compat/linux/common/linux_fcntl.h | 5 ++++-
sys/compat/linux/common/linux_file64.c | 6 ++++--
sys/compat/linux/common/linux_ipc.c | 10 +++++++---
sys/compat/linux/common/linux_misc.c | 7 +++++--
sys/compat/linux/common/linux_signal.c | 5 +++--
sys/compat/linux/common/linux_socket.c | 19 ++++++++++---------
sys/compat/linux/common/linux_socket.h | 12 ++++++------
sys/compat/linux/common/linux_statfs.h | 8 +++++---
sys/compat/linux/common/linux_termios.c | 5 +++--
sys/compat/linux/common/linux_termios.h | 4 +++-
sys/compat/linux32/common/linux32_dirent.c | 5 +++--
sys/compat/linux32/common/linux32_ioctl.c | 6 ++++--
sys/compat/linux32/common/linux32_misc.c | 6 ++++--
sys/compat/linux32/common/linux32_signal.c | 5 +++--
sys/compat/linux32/common/linux32_sysinfo.c | 5 +++--
sys/compat/linux32/common/linux32_termios.c | 5 +++--
sys/compat/linux32/common/linux32_utsname.c | 7 +++++--
sys/compat/netbsd32/netbsd32_compat_20.c | 5 +++--
sys/compat/netbsd32/netbsd32_compat_43.c | 9 +++++----
sys/compat/netbsd32/netbsd32_compat_50.c | 8 ++++----
sys/compat/ossaudio/ossaudio.c | 8 ++++----
sys/kern/sysv_shm.c | 24 ++++++++++++++++++++++--
sys/miscfs/procfs/procfs_linux.c | 6 ++++--
sys/sys/shm.h | 4 +++-
26 files changed, 125 insertions(+), 69 deletions(-)
diffs (truncated from 845 to 300 lines):
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/common/kern_sig_43.c
--- a/sys/compat/common/kern_sig_43.c Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/common/kern_sig_43.c Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_sig_43.c,v 1.34 2011/01/19 10:21:16 tsutsui Exp $ */
+/* $NetBSD: kern_sig_43.c,v 1.34.50.1 2020/01/21 18:12:53 martin Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sig_43.c,v 1.34 2011/01/19 10:21:16 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sig_43.c,v 1.34.50.1 2020/01/21 18:12:53 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -115,6 +115,7 @@
void
compat_43_sigaltstack_to_sigstack(const struct sigaltstack *sa, struct sigstack *ss)
{
+ memset(ss, 0, sizeof(*ss));
ss->ss_sp = sa->ss_sp;
if (sa->ss_flags & SS_ONSTACK)
ss->ss_onstack = 1;
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/arch/amd64/linux_machdep.c
--- a/sys/compat/linux/arch/amd64/linux_machdep.c Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/arch/amd64/linux_machdep.c Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_machdep.c,v 1.51.6.2 2019/04/05 07:48:05 martin Exp $ */
+/* $NetBSD: linux_machdep.c,v 1.51.6.3 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 2005 Emmanuel Dreyfus, all rights reserved.
@@ -33,7 +33,7 @@
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_machdep.c,v 1.51.6.2 2019/04/05 07:48:05 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_machdep.c,v 1.51.6.3 2020/01/21 18:12:54 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -261,7 +261,6 @@
int
linux_sys_modify_ldt(struct lwp *l, const struct linux_sys_modify_ldt_args *v, register_t *retval)
{
- printf("linux_sys_modify_ldt\n");
return 0;
}
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/common/linux_fcntl.h
--- a/sys/compat/linux/common/linux_fcntl.h Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/common/linux_fcntl.h Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_fcntl.h,v 1.17 2015/03/01 13:19:39 njoly Exp $ */
+/* $NetBSD: linux_fcntl.h,v 1.17.10.1 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -132,6 +132,9 @@
case src_f##_WRLCK: \
dst->l_type = dst_f##_WRLCK; \
break; \
+ default: \
+ dst->l_type = -1; \
+ break; \
} \
}
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/common/linux_file64.c
--- a/sys/compat/linux/common/linux_file64.c Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/common/linux_file64.c Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_file64.c,v 1.58.6.1 2017/08/09 05:12:18 snj Exp $ */
+/* $NetBSD: linux_file64.c,v 1.58.6.2 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 1995, 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_file64.c,v 1.58.6.1 2017/08/09 05:12:18 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_file64.c,v 1.58.6.2 2020/01/21 18:12:54 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -80,6 +80,7 @@
static void
bsd_to_linux_stat(struct stat *bsp, struct linux_stat64 *lsp)
{
+ memset(lsp, 0, sizeof(*lsp));
lsp->lst_dev = linux_fakedev(bsp->st_dev, 0);
lsp->lst_ino = bsp->st_ino;
lsp->lst_mode = (linux_mode_t)bsp->st_mode;
@@ -352,6 +353,7 @@
* we have to worry about touching user memory outside of
* the copyout() call).
*/
+ memset(&idb, 0, sizeof(idb));
idb.d_ino = bdp->d_fileno;
idb.d_type = bdp->d_type;
idb.d_off = off;
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/common/linux_ipc.c
--- a/sys/compat/linux/common/linux_ipc.c Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/common/linux_ipc.c Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_ipc.c,v 1.55.48.1 2019/02/23 06:58:14 martin Exp $ */
+/* $NetBSD: linux_ipc.c,v 1.55.48.2 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.55.48.1 2019/02/23 06:58:14 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.55.48.2 2020/01/21 18:12:54 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_sysv.h"
@@ -568,6 +568,7 @@
syscallarg(struct linux_shmid_ds *) buf;
} */
struct shmid_ds bs;
+ struct ipc_perm perm;
struct linux_shmid_ds ls;
struct linux_shmid64_ds ls64;
struct linux_shminfo64 lsi64;
@@ -582,7 +583,10 @@
switch (cmd & ~LINUX_IPC_64) {
case LINUX_SHM_STAT:
- shmid = IXSEQ_TO_IPCID(shmid, shmsegs[shmid].shm_perm);
+ error = shm_find_segment_perm_by_index(shmid, &perm);
+ if (error)
+ return error;
+ shmid = IXSEQ_TO_IPCID(shmid, perm);
retval[0] = shmid;
/*FALLTHROUGH*/
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/common/linux_misc.c
--- a/sys/compat/linux/common/linux_misc.c Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/common/linux_misc.c Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_misc.c,v 1.238.2.1 2017/08/09 05:12:18 snj Exp $ */
+/* $NetBSD: linux_misc.c,v 1.238.2.2 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 1995, 1998, 1999, 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_misc.c,v 1.238.2.1 2017/08/09 05:12:18 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_misc.c,v 1.238.2.2 2020/01/21 18:12:54 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -351,6 +351,7 @@
} */
struct linux_utsname luts;
+ memset(&luts, 0, sizeof(luts));
strlcpy(luts.l_sysname, linux_sysname, sizeof(luts.l_sysname));
strlcpy(luts.l_nodename, hostname, sizeof(luts.l_nodename));
strlcpy(luts.l_release, linux_release, sizeof(luts.l_release));
@@ -771,6 +772,7 @@
* we have to worry about touching user memory outside of
* the copyout() call).
*/
+ memset(&idb, 0, sizeof(idb));
idb.d_ino = bdp->d_fileno;
/*
* The old readdir() call misuses the offset and reclen fields.
@@ -1345,6 +1347,7 @@
struct linux_sysinfo si;
struct loadavg *la;
+ memset(&si, 0, sizeof(si));
si.uptime = time_uptime;
la = &averunnable;
si.loads[0] = la->ldavg[0] * LINUX_SYSINFO_LOADS_SCALE / la->fscale;
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/common/linux_signal.c
--- a/sys/compat/linux/common/linux_signal.c Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/common/linux_signal.c Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_signal.c,v 1.79 2017/02/20 16:30:41 rin Exp $ */
+/* $NetBSD: linux_signal.c,v 1.79.6.1 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_signal.c,v 1.79 2017/02/20 16:30:41 rin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_signal.c,v 1.79.6.1 2020/01/21 18:12:54 martin Exp $");
#define COMPAT_LINUX 1
@@ -674,6 +674,7 @@
void
native_to_linux_sigaltstack(struct linux_sigaltstack *lss, const struct sigaltstack *bss)
{
+ memset(lss, 0, sizeof(*lss));
lss->ss_sp = bss->ss_sp;
lss->ss_size = bss->ss_size;
if (bss->ss_flags & SS_ONSTACK)
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/common/linux_socket.c
--- a/sys/compat/linux/common/linux_socket.c Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/common/linux_socket.c Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_socket.c,v 1.138.6.4 2019/04/19 09:12:58 martin Exp $ */
+/* $NetBSD: linux_socket.c,v 1.138.6.5 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.138.6.4 2019/04/19 09:12:58 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.138.6.5 2020/01/21 18:12:54 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -561,6 +561,8 @@
case LINUX_SCM_CREDENTIALS:
/* no native equivalent, just drop it */
+ if (control != mtod(ctl_mbuf, void *))
+ free(control, M_MBUF);
m_free(ctl_mbuf);
ctl_mbuf = NULL;
msg.msg_control = NULL;
@@ -583,14 +585,15 @@
/* Check the buffer is big enough */
if (__predict_false(cidx + cspace > clen)) {
u_int8_t *nc;
+ size_t nclen;
- clen = cidx + cspace;
- if (clen >= PAGE_SIZE) {
+ nclen = cidx + cspace;
+ if (nclen >= PAGE_SIZE) {
error = EINVAL;
goto done;
}
nc = realloc(clen <= MLEN ? NULL : control,
- clen, M_TEMP, M_WAITOK);
+ nclen, M_TEMP, M_WAITOK);
if (!nc) {
error = ENOMEM;
goto done;
@@ -599,6 +602,7 @@
/* Old buffer was in mbuf... */
memcpy(nc, control, cidx);
control = nc;
+ clen = nclen;
}
/* Copy header */
@@ -620,7 +624,7 @@
resid -= LINUX_CMSG_ALIGN(l_cmsg.cmsg_len);
cidx += cspace;
- } while ((l_cc = LINUX_CMSG_NXTHDR(&msg, l_cc)) && resid > 0);
+ } while ((l_cc = LINUX_CMSG_NXTHDR(&msg, l_cc, &l_cmsg)) && resid > 0);
/* If we allocated a buffer, attach to mbuf */
if (cidx > MLEN) {
@@ -1621,9 +1625,6 @@
sin6->sin6_scope_id = 0;
}
- if (bdom == AF_INET)
- namelen = sizeof(struct sockaddr_in);
-
sb->sb_family = bdom;
sb->sb_len = namelen;
ktrkuser("mbsoname", sb, namelen);
diff -r 333865282b94 -r 5ec1f29fef60 sys/compat/linux/common/linux_socket.h
--- a/sys/compat/linux/common/linux_socket.h Tue Jan 21 16:59:57 2020 +0000
+++ b/sys/compat/linux/common/linux_socket.h Tue Jan 21 18:12:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_socket.h,v 1.23 2017/02/03 16:57:39 christos Exp $ */
+/* $NetBSD: linux_socket.h,v 1.23.6.1 2020/01/21 18:12:54 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -186,13 +186,13 @@
/* Linux either uses this, or &((cmsg)->__cmsg_data) */
#define LINUX_CMSG_DATA(cmsg) \
((u_char *)((struct linux_cmsghdr *)(cmsg) + 1))
-#define LINUX_CMSG_NXTHDR(mhdr, cmsg) \
- ((((char *)(cmsg) + LINUX_CMSG_ALIGN((cmsg)->cmsg_len) + \
- sizeof(*(cmsg))) > \
Home |
Main Index |
Thread Index |
Old Index