| #
331749 |
|
29-Mar-2018 |
emaste |
MF11 r331330: Fix kernel memory disclosure in svr4_sys_getdents64
svr4_sys_getdents64() copies a dirent structure to userland. When
calculating the record length for any given dirent entry alignment is
performed. However, the aligned bytes are not cleared, this will
trigger an info leak.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Security: Kernel memory disclosure (801)
Sponsored by: The FreeBSD Foundation
|
| #
293473 |
|
09-Jan-2016 |
dchagin |
To facillitate an upcoming Linuxulator merging partially
MFC r275121 (by kib). Only merge the syntax changes from r275121,
PROC_*LOCK() macros still lock the same proc spinlock.
The process spin lock currently has the following distinct uses:
- Threads lifetime cycle, in particular, counting of the threads in
the process, and interlocking with process mutex and thread lock.
The main reason of this is that turnstile locks are after thread
locks, so you e.g. cannot unlock blockable mutex (think process
mutex) while owning thread lock.
- Virtual and profiling itimers, since the timers activation is done
from the clock interrupt context. Replace the p_slock by p_itimmtx
and PROC_ITIMLOCK().
- Profiling code (profil(2)), for similar reason. Replace the p_slock
by p_profmtx and PROC_PROFLOCK().
- Resource usage accounting. Need for the spinlock there is subtle,
my understanding is that spinlock blocks context switching for the
current thread, which prevents td_runtime and similar fields from
changing (updates are done at the mi_switch()). Replace the p_slock
by p_statmtx and PROC_STATLOCK().
Discussed with: kib
|