Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7-1]: src/sys Pull up the following, requested by christos in tic...
details: https://anonhg.NetBSD.org/src/rev/64c33cc1ffa1
branches: netbsd-7-1
changeset: 801016:64c33cc1ffa1
user: martin <martin%NetBSD.org@localhost>
date: Tue Jan 21 19:23:36 2020 +0000
description:
Pull up the following, requested by christos in ticket #1720:
sys/compat/common/kern_sig_43.c 1.36
sys/compat/linux/arch/amd64/linux_machdep.c 1.59
sys/compat/linux/common/linux_fcntl.h 1.18
sys/compat/linux/common/linux_file64.c 1.62
sys/compat/linux/common/linux_ipc.c 1.57
sys/compat/linux/common/linux_misc.c 1.243
sys/compat/linux/common/linux_signal.c 1.81
sys/compat/linux/common/linux_socket.c 1.149 (patch)
sys/compat/linux/common/linux_socket.h 1.24
sys/compat/linux/common/linux_statfs.h 1.7
sys/compat/linux/common/linux_termios.c 1.38
sys/compat/linux/common/linux_termios.h 1.22
sys/compat/linux32/common/linux32_dirent.c 1.20
sys/compat/linux32/common/linux32_ioctl.c 1.14
sys/compat/linux32/common/linux32_misc.c 1.27
sys/compat/linux32/common/linux32_signal.c 1.20
sys/compat/linux32/common/linux32_sysinfo.c 1.8
sys/compat/linux32/common/linux32_termios.c 1.15
sys/compat/linux32/common/linux32_utsname.c 1.10
sys/compat/netbsd32/netbsd32_compat_20.c 1.39
sys/compat/netbsd32/netbsd32_compat_43.c 1.59
sys/compat/netbsd32/netbsd32_compat_50.c 1.44
sys/compat/ossaudio/ossaudio.c 1.75
sys/kern/sysv_shm.c 1.138
sys/miscfs/procfs/procfs_linux.c 1.75 (patch)
sys/sys/shm.h 1.54 (patch)
Fix various info leaks, out of bound access, usage of uninitialized
values and direct access to userland variables from kernel space
and memory leaks in system calls implemented for the compatibility
subsystems.
diffstat:
sys/compat/common/kern_sig_43.c | 5 +++--
sys/compat/linux/arch/amd64/linux_machdep.c | 5 ++---
sys/compat/linux/common/linux_fcntl.h | 5 ++++-
sys/compat/linux/common/linux_file64.c | 6 ++++--
sys/compat/linux/common/linux_ipc.c | 10 +++++++---
sys/compat/linux/common/linux_misc.c | 7 +++++--
sys/compat/linux/common/linux_signal.c | 5 +++--
sys/compat/linux/common/linux_socket.c | 16 ++++++++++------
sys/compat/linux/common/linux_socket.h | 12 ++++++------
sys/compat/linux/common/linux_statfs.h | 8 +++++---
sys/compat/linux/common/linux_termios.c | 5 +++--
sys/compat/linux/common/linux_termios.h | 4 +++-
sys/compat/linux32/common/linux32_dirent.c | 5 +++--
sys/compat/linux32/common/linux32_ioctl.c | 6 ++++--
sys/compat/linux32/common/linux32_misc.c | 6 ++++--
sys/compat/linux32/common/linux32_signal.c | 5 +++--
sys/compat/linux32/common/linux32_sysinfo.c | 5 +++--
sys/compat/linux32/common/linux32_termios.c | 5 +++--
sys/compat/linux32/common/linux32_utsname.c | 7 +++++--
sys/compat/netbsd32/netbsd32_compat_20.c | 5 +++--
sys/compat/netbsd32/netbsd32_compat_43.c | 9 +++++----
sys/compat/netbsd32/netbsd32_compat_50.c | 8 ++++----
sys/compat/ossaudio/ossaudio.c | 8 ++++----
sys/kern/sysv_shm.c | 24 ++++++++++++++++++++++--
sys/miscfs/procfs/procfs_linux.c | 5 +++--
sys/sys/shm.h | 3 ++-
26 files changed, 123 insertions(+), 66 deletions(-)
diffs (truncated from 826 to 300 lines):
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/common/kern_sig_43.c
--- a/sys/compat/common/kern_sig_43.c Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/common/kern_sig_43.c Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_sig_43.c,v 1.34 2011/01/19 10:21:16 tsutsui Exp $ */
+/* $NetBSD: kern_sig_43.c,v 1.34.44.1 2020/01/21 19:23:36 martin Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sig_43.c,v 1.34 2011/01/19 10:21:16 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sig_43.c,v 1.34.44.1 2020/01/21 19:23:36 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -115,6 +115,7 @@
void
compat_43_sigaltstack_to_sigstack(const struct sigaltstack *sa, struct sigstack *ss)
{
+ memset(ss, 0, sizeof(*ss));
ss->ss_sp = sa->ss_sp;
if (sa->ss_flags & SS_ONSTACK)
ss->ss_onstack = 1;
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/arch/amd64/linux_machdep.c
--- a/sys/compat/linux/arch/amd64/linux_machdep.c Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/arch/amd64/linux_machdep.c Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_machdep.c,v 1.48.4.1 2017/02/14 16:54:24 snj Exp $ */
+/* $NetBSD: linux_machdep.c,v 1.48.4.1.2.1 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 2005 Emmanuel Dreyfus, all rights reserved.
@@ -33,7 +33,7 @@
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_machdep.c,v 1.48.4.1 2017/02/14 16:54:24 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_machdep.c,v 1.48.4.1.2.1 2020/01/21 19:23:37 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -254,7 +254,6 @@
int
linux_sys_modify_ldt(struct lwp *l, const struct linux_sys_modify_ldt_args *v, register_t *retval)
{
- printf("linux_sys_modify_ldt\n");
return 0;
}
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/common/linux_fcntl.h
--- a/sys/compat/linux/common/linux_fcntl.h Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/common/linux_fcntl.h Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_fcntl.h,v 1.16 2014/06/01 13:42:12 njoly Exp $ */
+/* $NetBSD: linux_fcntl.h,v 1.16.10.1 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -122,6 +122,9 @@
case src_f##_WRLCK: \
dst->l_type = dst_f##_WRLCK; \
break; \
+ default: \
+ dst->l_type = -1; \
+ break; \
} \
}
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/common/linux_file64.c
--- a/sys/compat/linux/common/linux_file64.c Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/common/linux_file64.c Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_file64.c,v 1.55.14.1 2017/08/12 04:16:52 snj Exp $ */
+/* $NetBSD: linux_file64.c,v 1.55.14.2 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 1995, 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_file64.c,v 1.55.14.1 2017/08/12 04:16:52 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_file64.c,v 1.55.14.2 2020/01/21 19:23:37 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -80,6 +80,7 @@
static void
bsd_to_linux_stat(struct stat *bsp, struct linux_stat64 *lsp)
{
+ memset(lsp, 0, sizeof(*lsp));
lsp->lst_dev = linux_fakedev(bsp->st_dev, 0);
lsp->lst_ino = bsp->st_ino;
lsp->lst_mode = (linux_mode_t)bsp->st_mode;
@@ -352,6 +353,7 @@
* we have to worry about touching user memory outside of
* the copyout() call).
*/
+ memset(&idb, 0, sizeof(idb));
idb.d_ino = bdp->d_fileno;
idb.d_type = bdp->d_type;
idb.d_off = off;
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/common/linux_ipc.c
--- a/sys/compat/linux/common/linux_ipc.c Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/common/linux_ipc.c Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_ipc.c,v 1.55.42.1 2019/02/23 07:04:12 martin Exp $ */
+/* $NetBSD: linux_ipc.c,v 1.55.42.2 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.55.42.1 2019/02/23 07:04:12 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.55.42.2 2020/01/21 19:23:37 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_sysv.h"
@@ -568,6 +568,7 @@
syscallarg(struct linux_shmid_ds *) buf;
} */
struct shmid_ds bs;
+ struct ipc_perm perm;
struct linux_shmid_ds ls;
struct linux_shmid64_ds ls64;
struct linux_shminfo64 lsi64;
@@ -582,7 +583,10 @@
switch (cmd & ~LINUX_IPC_64) {
case LINUX_SHM_STAT:
- shmid = IXSEQ_TO_IPCID(shmid, shmsegs[shmid].shm_perm);
+ error = shm_find_segment_perm_by_index(shmid, &perm);
+ if (error)
+ return error;
+ shmid = IXSEQ_TO_IPCID(shmid, perm);
retval[0] = shmid;
/*FALLTHROUGH*/
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/common/linux_misc.c
--- a/sys/compat/linux/common/linux_misc.c Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/common/linux_misc.c Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_misc.c,v 1.229.8.1 2017/08/12 04:16:52 snj Exp $ */
+/* $NetBSD: linux_misc.c,v 1.229.8.2 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 1995, 1998, 1999, 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_misc.c,v 1.229.8.1 2017/08/12 04:16:52 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_misc.c,v 1.229.8.2 2020/01/21 19:23:37 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -349,6 +349,7 @@
} */
struct linux_utsname luts;
+ memset(&luts, 0, sizeof(luts));
strlcpy(luts.l_sysname, linux_sysname, sizeof(luts.l_sysname));
strlcpy(luts.l_nodename, hostname, sizeof(luts.l_nodename));
strlcpy(luts.l_release, linux_release, sizeof(luts.l_release));
@@ -768,6 +769,7 @@
* we have to worry about touching user memory outside of
* the copyout() call).
*/
+ memset(&idb, 0, sizeof(idb));
idb.d_ino = bdp->d_fileno;
/*
* The old readdir() call misuses the offset and reclen fields.
@@ -1260,6 +1262,7 @@
struct linux_sysinfo si;
struct loadavg *la;
+ memset(&si, 0, sizeof(si));
si.uptime = time_uptime;
la = &averunnable;
si.loads[0] = la->ldavg[0] * LINUX_SYSINFO_LOADS_SCALE / la->fscale;
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/common/linux_signal.c
--- a/sys/compat/linux/common/linux_signal.c Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/common/linux_signal.c Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_signal.c,v 1.75.26.1 2015/01/17 12:10:54 martin Exp $ */
+/* $NetBSD: linux_signal.c,v 1.75.26.1.6.1 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_signal.c,v 1.75.26.1 2015/01/17 12:10:54 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_signal.c,v 1.75.26.1.6.1 2020/01/21 19:23:37 martin Exp $");
#define COMPAT_LINUX 1
@@ -674,6 +674,7 @@
void
native_to_linux_sigaltstack(struct linux_sigaltstack *lss, const struct sigaltstack *bss)
{
+ memset(lss, 0, sizeof(*lss));
lss->ss_sp = bss->ss_sp;
lss->ss_size = bss->ss_size;
if (bss->ss_flags & SS_ONSTACK)
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/common/linux_socket.c
--- a/sys/compat/linux/common/linux_socket.c Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/common/linux_socket.c Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_socket.c,v 1.119.2.1.6.1 2019/04/19 16:02:24 martin Exp $ */
+/* $NetBSD: linux_socket.c,v 1.119.2.1.6.2 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.119.2.1.6.1 2019/04/19 16:02:24 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.119.2.1.6.2 2020/01/21 19:23:37 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -542,6 +542,8 @@
case LINUX_SCM_CREDENTIALS:
/* no native equivalent, just drop it */
+ if (control != mtod(ctl_mbuf, void *))
+ free(control, M_MBUF);
m_free(ctl_mbuf);
ctl_mbuf = NULL;
msg.msg_control = NULL;
@@ -564,14 +566,15 @@
/* Check the buffer is big enough */
if (__predict_false(cidx + cspace > clen)) {
u_int8_t *nc;
+ size_t nclen;
- clen = cidx + cspace;
- if (clen >= PAGE_SIZE) {
+ nclen = cidx + cspace;
+ if (nclen >= PAGE_SIZE) {
error = EINVAL;
goto done;
}
nc = realloc(clen <= MLEN ? NULL : control,
- clen, M_TEMP, M_WAITOK);
+ nclen, M_TEMP, M_WAITOK);
if (!nc) {
error = ENOMEM;
goto done;
@@ -580,6 +583,7 @@
/* Old buffer was in mbuf... */
memcpy(nc, control, cidx);
control = nc;
+ clen = nclen;
}
/* Copy header */
@@ -601,7 +605,7 @@
resid -= LINUX_CMSG_ALIGN(l_cmsg.cmsg_len);
cidx += cspace;
- } while ((l_cc = LINUX_CMSG_NXTHDR(&msg, l_cc)) && resid > 0);
+ } while ((l_cc = LINUX_CMSG_NXTHDR(&msg, l_cc, &l_cmsg)) && resid > 0);
/* If we allocated a buffer, attach to mbuf */
if (cidx > MLEN) {
diff -r 373d0409a832 -r 64c33cc1ffa1 sys/compat/linux/common/linux_socket.h
--- a/sys/compat/linux/common/linux_socket.h Thu Jan 02 09:57:40 2020 +0000
+++ b/sys/compat/linux/common/linux_socket.h Tue Jan 21 19:23:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_socket.h,v 1.22 2014/01/27 19:19:15 njoly Exp $ */
+/* $NetBSD: linux_socket.h,v 1.22.16.1 2020/01/21 19:23:37 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -181,13 +181,13 @@
/* Linux either uses this, or &((cmsg)->__cmsg_data) */
#define LINUX_CMSG_DATA(cmsg) \
((u_char *)((struct linux_cmsghdr *)(cmsg) + 1))
-#define LINUX_CMSG_NXTHDR(mhdr, cmsg) \
- ((((char *)(cmsg) + LINUX_CMSG_ALIGN((cmsg)->cmsg_len) + \
- sizeof(*(cmsg))) > \
+#define LINUX_CMSG_NXTHDR(mhdr, ucmsg, kcmsg) \
+ ((((char *)(ucmsg) + LINUX_CMSG_ALIGN((kcmsg)->cmsg_len) + \
+ sizeof(*(ucmsg))) > \
(((char *)(mhdr)->msg_control) + (mhdr)->msg_controllen)) ? \
(struct linux_cmsghdr *)NULL : \
- (struct linux_cmsghdr *)((char *)(cmsg) + \
- LINUX_CMSG_ALIGN((cmsg)->cmsg_len)))
+ (struct linux_cmsghdr *)((char *)(ucmsg) + \
+ LINUX_CMSG_ALIGN((kcmsg)->cmsg_len)))
/* This the number of bytes removed from each item (excl. final padding) */
Home |
Main Index |
Thread Index |
Old Index