CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Tue Dec 4 19:16:27 UTC 2018 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7]: machdep.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1662): sys/arch/amd64/amd64/machdep.c: revision 1.321 Fix stack info leak. There is a big padding in struct sigframe_siginfo. [ 224.006287] kleak: Possible leak in copyout: [len=920, leaked=92] [ 224.016977] #0 0x80224d0a in kleak_note [ 224.026268] #1 0x80224d8a in kleak_copyout [ 224.026268] #2 0x802224b5 in sendsig_siginfo [ 224.036261] #3 0x80b51564 in sendsig [ 224.046475] #4 0x80b51282 in postsig [ 224.046475] #5 0x80b2fc5d in lwp_userret [ 224.056273] #6 0x8025a951 in mi_userret [ 224.066277] #7 0x8025ab89 in syscall To generate a diff of this commit: cvs rdiff -u -r1.211.2.2 -r1.211.2.3 src/sys/arch/amd64/amd64/machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/machdep.c diff -u src/sys/arch/amd64/amd64/machdep.c:1.211.2.2 src/sys/arch/amd64/amd64/machdep.c:1.211.2.3 --- src/sys/arch/amd64/amd64/machdep.c:1.211.2.2 Mon Jan 22 19:41:08 2018 +++ src/sys/arch/amd64/amd64/machdep.c Tue Dec 4 19:16:27 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.211.2.2 2018/01/22 19:41:08 snj Exp $ */ +/* $NetBSD: machdep.c,v 1.211.2.3 2018/12/04 19:16:27 martin Exp $ */ /*- * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011 @@ -111,7 +111,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.2.2 2018/01/22 19:41:08 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.2.3 2018/12/04 19:16:27 martin Exp $"); /* #define XENDEBUG_LOW */ @@ -570,6 +570,7 @@ sendsig_siginfo(const ksiginfo_t *ksi, c /* Round down the stackpointer to a multiple of 16 for the ABI. */ fp = (struct sigframe_siginfo *)(((unsigned long)sp & ~15) - 8); + memset(&frame, 0, sizeof(frame)); frame.sf_ra = (uint64_t)ps->sa_sigdesc[sig].sd_tramp; frame.sf_si._info = ksi->ksi_info; frame.sf_uc.uc_flags = _UC_SIGMASK; @@ -577,7 +578,6 @@ sendsig_siginfo(const ksiginfo_t *ksi, c frame.sf_uc.uc_link = l->l_ctxlink; frame.sf_uc.uc_flags |= (l->l_sigstk.ss_flags & SS_ONSTACK) ? _UC_SETSTACK : _UC_CLRSTACK; - memset(&frame.sf_uc.uc_stack, 0, sizeof(frame.sf_uc.uc_stack)); sendsig_reset(l, sig); mutex_exit(p->p_lock);
CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Wed Apr 26 14:54:57 UTC 2017 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7]: trap.c Log Message: Pull up following revision(s) (requested by chs in ticket #1410): sys/arch/amd64/amd64/trap.c: revision 1.96 restore the ability to run netbsd 1.0 32-bit executables by checking for the relevant lcall instruction in the trap handler and treating it as a syscall. To generate a diff of this commit: cvs rdiff -u -r1.78.4.2 -r1.78.4.3 src/sys/arch/amd64/amd64/trap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/trap.c diff -u src/sys/arch/amd64/amd64/trap.c:1.78.4.2 src/sys/arch/amd64/amd64/trap.c:1.78.4.3 --- src/sys/arch/amd64/amd64/trap.c:1.78.4.2 Wed Apr 26 14:52:50 2017 +++ src/sys/arch/amd64/amd64/trap.c Wed Apr 26 14:54:57 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $ */ +/* $NetBSD: trap.c,v 1.78.4.3 2017/04/26 14:54:57 martin Exp $ */ /*- * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc. @@ -68,12 +68,14 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.3 2017/04/26 14:54:57 martin Exp $"); #include "opt_ddb.h" #include "opt_kgdb.h" #include "opt_xen.h" #include "opt_dtrace.h" +#include "opt_compat_netbsd.h" +#include "opt_compat_netbsd32.h" #include #include @@ -90,6 +92,11 @@ __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.7 #include +#ifdef COMPAT_NETBSD32 +#include +#include +#endif + #include #include #include @@ -389,6 +396,27 @@ kernelfault: #endif case T_PROTFLT|T_USER: /* protection fault */ +#if defined(COMPAT_NETBSD32) && defined(COMPAT_10) + { + static const char lcall[7] = { 0x9a, 0, 0, 0, 0, 7, 0 }; + const size_t sz = sizeof(lcall); + char tmp[sz]; + + /* Check for the oosyscall lcall instruction. */ + if (p->p_emul == &emul_netbsd32 && + frame->tf_rip < VM_MAXUSER_ADDRESS32 - sz && + copyin((void *)frame->tf_rip, tmp, sz) == 0 && + memcmp(tmp, lcall, sz) == 0) { + + /* Advance past the lcall. */ + frame->tf_rip += sz; + + /* Do the syscall. */ + p->p_md.md_syscall(frame); + goto out; + } + } +#endif case T_TSSFLT|T_USER: case T_SEGNPFLT|T_USER: case T_STKFLT|T_USER:
CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Wed Apr 26 14:52:50 UTC 2017 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7]: locore.S machdep.c trap.c Log Message: Pull up following revision(s) (requested by bsiegert in ticket #1397): sys/arch/amd64/amd64/locore.S 1.122 (via patch) sys/arch/amd64/amd64/machdep.c 1.254 (via patch) sys/arch/amd64/amd64/trap.c 1.95 (via patch) Remove the call gate on amd64, it is useless and vulnerable. To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.76.2.1 src/sys/arch/amd64/amd64/locore.S cvs rdiff -u -r1.211 -r1.211.2.1 src/sys/arch/amd64/amd64/machdep.c cvs rdiff -u -r1.78.4.1 -r1.78.4.2 src/sys/arch/amd64/amd64/trap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/locore.S diff -u src/sys/arch/amd64/amd64/locore.S:1.76 src/sys/arch/amd64/amd64/locore.S:1.76.2.1 --- src/sys/arch/amd64/amd64/locore.S:1.76 Fri May 16 00:48:41 2014 +++ src/sys/arch/amd64/amd64/locore.S Wed Apr 26 14:52:50 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: locore.S,v 1.76 2014/05/16 00:48:41 rmind Exp $ */ +/* $NetBSD: locore.S,v 1.76.2.1 2017/04/26 14:52:50 martin Exp $ */ /* * Copyright-o-rama! @@ -1287,27 +1287,6 @@ NENTRY(lwp_trampoline) END(lwp_trampoline) /* - * oosyscall() - * - * Old call gate entry for syscall. only needed if we're - * going to support running old i386 NetBSD 1.0 or ibcs2 binaries, etc, - * on NetBSD/amd64. - * The 64bit call gate can't request that arguments be copied from the - * user stack (which the i386 code uses to get a gap for the flags). - * push/pop are :: cycles. - */ -IDTVEC(oosyscall) - /* Set rflags in trap frame. */ - pushq (%rsp) # move user's %eip - pushq 16(%rsp) # and %cs - popq 8(%rsp) - pushfq - popq 16(%rsp) - pushq $7 # size of instruction for restart - jmp osyscall1 -IDTVEC_END(oosyscall) - -/* * osyscall() * * Trap gate entry for int $80 syscall, also used by sigreturn. Index: src/sys/arch/amd64/amd64/machdep.c diff -u src/sys/arch/amd64/amd64/machdep.c:1.211 src/sys/arch/amd64/amd64/machdep.c:1.211.2.1 --- src/sys/arch/amd64/amd64/machdep.c:1.211 Mon May 12 22:50:03 2014 +++ src/sys/arch/amd64/amd64/machdep.c Wed Apr 26 14:52:50 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.211 2014/05/12 22:50:03 uebayasi Exp $ */ +/* $NetBSD: machdep.c,v 1.211.2.1 2017/04/26 14:52:50 martin Exp $ */ /*- * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011 @@ -111,7 +111,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211 2014/05/12 22:50:03 uebayasi Exp $"); +__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.2.1 2017/04/26 14:52:50 martin Exp $"); /* #define XENDEBUG_LOW */ @@ -1696,10 +1696,7 @@ init_x86_64(paddr_t first_avail) set_mem_segment(GDT_ADDR_MEM(gdtstore, GUDATA_SEL), 0, x86_btop(VM_MAXUSER_ADDRESS) - 1, SDT_MEMRWA, SEL_UPL, 1, 0, 1); - /* make ldt gates and memory segments */ - setgate((struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL), - &IDTVEC(oosyscall), 0, SDT_SYS386CGT, SEL_UPL, - GSEL(GCODE_SEL, SEL_KPL)); + /* make ldt memory segments */ *(struct mem_segment_descriptor *)(ldtstore + LUCODE_SEL) = *GDT_ADDR_MEM(gdtstore, GUCODE_SEL); *(struct mem_segment_descriptor *)(ldtstore + LUDATA_SEL) = @@ -1731,16 +1728,6 @@ init_x86_64(paddr_t first_avail) set_mem_segment(ldt_segp, 0, x86_btop(VM_MAXUSER_ADDRESS32) - 1, SDT_MEMRWA, SEL_UPL, 1, 1, 0); - /* - * Other entries. - */ - memcpy((struct gate_descriptor *)(ldtstore + LSOL26CALLS_SEL), - (struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL), - sizeof (struct gate_descriptor)); - memcpy((struct gate_descriptor *)(ldtstore + LBSDICALLS_SEL), - (struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL), - sizeof (struct gate_descriptor)); - /* exceptions */ for (x = 0; x < 32; x++) { #ifndef XEN Index: src/sys/arch/amd64/amd64/trap.c diff -u src/sys/arch/amd64/amd64/trap.c:1.78.4.1 src/sys/arch/amd64/amd64/trap.c:1.78.4.2 --- src/sys/arch/amd64/amd64/trap.c:1.78.4.1 Sat Mar 25 16:57:39 2017 +++ src/sys/arch/amd64/amd64/trap.c Wed Apr 26 14:52:50 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: trap.c,v 1.78.4.1 2017/03/25 16:57:39 snj Exp $ */ +/* $NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $ */ /*- * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.1 2017/03/25 16:57:39 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $"); #include "opt_ddb.h" #include "opt_kgdb.h" @@ -222,7 +222,6 @@ trap(struct trapframe *frame) struct proc *p; struct pcb *pcb; extern char fusuintrfailure[], kcopy_fault[]; - extern char IDTVEC(oosyscall)[]; extern char IDTVEC(osyscall)[]; extern char IDTVEC(syscall32)[]; #ifndef XEN @@ -647,8 +646,7 @@
CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src Committed By: snj Date: Sat Dec 24 04:07:25 UTC 2016 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7]: copy.S Log Message: Apply patch (requested by maxv in ticket #1278): suword: Don't allow 4 bytes to overflow beyond the userland space. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.18.34.1 src/sys/arch/amd64/amd64/copy.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/copy.S diff -u src/sys/arch/amd64/amd64/copy.S:1.18 src/sys/arch/amd64/amd64/copy.S:1.18.34.1 --- src/sys/arch/amd64/amd64/copy.S:1.18 Wed Jul 7 01:13:29 2010 +++ src/sys/arch/amd64/amd64/copy.S Sat Dec 24 04:07:25 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: copy.S,v 1.18 2010/07/07 01:13:29 chs Exp $ */ +/* $NetBSD: copy.S,v 1.18.34.1 2016/12/24 04:07:25 snj Exp $ */ /* * Copyright (c) 2001 Wasabi Systems, Inc. @@ -413,7 +413,7 @@ ENTRY(fubyte) ENTRY(suword) DEFERRED_SWITCH_CHECK - movq $VM_MAXUSER_ADDRESS-4,%r11 + movq $VM_MAXUSER_ADDRESS-8,%r11 cmpq %r11,%rdi ja _C_LABEL(fusuaddrfault)