[src/trunk]: src/sys/compat/netbsd32 Fix netbsd32 compatibility bug in kevent()

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/compat/netbsd32 Fix netbsd32 compatibility bug in kevent()
From: manu <manu%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 01:52:57 +0000

details:   https://anonhg.NetBSD.org/src/rev/866f036938bd
branches:  trunk
changeset: 792984:866f036938bd
user:      manu <manu%NetBSD.org@localhost>
date:      Thu Jan 23 10:50:14 2014 +0000

description:
Fix netbsd32 compatibility bug in kevent()

The keo_put_events() callback copies the events from kernel to userland.
It is called for sets of up to 8 events (constant chosen in kevbuf
definitition in kevent1()). The callback is called with pointer to userland
buffer, count of events to copy, and an index parameter which tracks where
we are in userland buffer when called multiple time.

COMPAT_NETBSD32's flavor of keo_put_events() is netbsd32_kevent_put_events().
It did not honour the index parameter, which caused invalid event data to
be returned when userland requested more that 8 events. This caused many
reliability problems, and the obvious startup crash of dovecot log process
when it accessed udata in the nineth event in its buffer, which was NULL.

diffstat:

 sys/compat/netbsd32/netbsd32_event.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 3dfb8c5ee89a -r 866f036938bd sys/compat/netbsd32/netbsd32_event.c
--- a/sys/compat/netbsd32/netbsd32_event.c      Thu Jan 23 10:13:55 2014 +0000
+++ b/sys/compat/netbsd32/netbsd32_event.c      Thu Jan 23 10:50:14 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32_event.c,v 1.9 2011/05/23 21:34:47 joerg Exp $ */
+/*     $NetBSD: netbsd32_event.c,v 1.10 2014/01/23 10:50:14 manu Exp $ */
 
 /*
  *  Copyright (c) 2005 The NetBSD Foundation.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_event.c,v 1.9 2011/05/23 21:34:47 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_event.c,v 1.10 2014/01/23 10:50:14 manu Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -86,7 +86,7 @@
 
        for (i = 0, kev32 = events32; i < n; i++, kev32++, events++)
                netbsd32_from_kevent(events, kev32);
-       kev32 = (struct netbsd32_kevent *)eventlist;
+       kev32 = ((struct netbsd32_kevent *)eventlist) + index;
        return  copyout(events32, kev32, n * sizeof(*events32));
 }

Prev by Date: [src/trunk]: src/common/lib/libc/arch/arm/string PR port-arm/48543: do provid...
Next by Date: [src/trunk]: src/share/man/man4 Add urndis(4), bump date, and copyright year
Previous by Thread: [src/trunk]: src/common/lib/libc/arch/arm/string PR port-arm/48543: do provid...
Next by Thread: [src/trunk]: src/share/man/man4 Add urndis(4), bump date, and copyright year
Indexes:

Home | Main Index | Thread Index | Old Index