CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Tue Dec 4 19:16:27 UTC 2018 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7]: machdep.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1662): sys/arch/amd64/amd64/machdep.c: revision 1.321 Fix stack info leak. There is a big padding in struct sigframe_siginfo. [ 224.006287] kleak: Possible leak in copyout: [len=920, leaked=92] [ 224.016977] #0 0x80224d0a in kleak_note [ 224.026268] #1 0x80224d8a in kleak_copyout [ 224.026268] #2 0x802224b5 in sendsig_siginfo [ 224.036261] #3 0x80b51564 in sendsig [ 224.046475] #4 0x80b51282 in postsig [ 224.046475] #5 0x80b2fc5d in lwp_userret [ 224.056273] #6 0x8025a951 in mi_userret [ 224.066277] #7 0x8025ab89 in syscall To generate a diff of this commit: cvs rdiff -u -r1.211.2.2 -r1.211.2.3 src/sys/arch/amd64/amd64/machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/machdep.c diff -u src/sys/arch/amd64/amd64/machdep.c:1.211.2.2 src/sys/arch/amd64/amd64/machdep.c:1.211.2.3 --- src/sys/arch/amd64/amd64/machdep.c:1.211.2.2 Mon Jan 22 19:41:08 2018 +++ src/sys/arch/amd64/amd64/machdep.c Tue Dec 4 19:16:27 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.211.2.2 2018/01/22 19:41:08 snj Exp $ */ +/* $NetBSD: machdep.c,v 1.211.2.3 2018/12/04 19:16:27 martin Exp $ */ /*- * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011 @@ -111,7 +111,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.2.2 2018/01/22 19:41:08 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.2.3 2018/12/04 19:16:27 martin Exp $"); /* #define XENDEBUG_LOW */ @@ -570,6 +570,7 @@ sendsig_siginfo(const ksiginfo_t *ksi, c /* Round down the stackpointer to a multiple of 16 for the ABI. */ fp = (struct sigframe_siginfo *)(((unsigned long)sp & ~15) - 8); + memset(&frame, 0, sizeof(frame)); frame.sf_ra = (uint64_t)ps->sa_sigdesc[sig].sd_tramp; frame.sf_si._info = ksi->ksi_info; frame.sf_uc.uc_flags = _UC_SIGMASK; @@ -577,7 +578,6 @@ sendsig_siginfo(const ksiginfo_t *ksi, c frame.sf_uc.uc_link = l->l_ctxlink; frame.sf_uc.uc_flags |= (l->l_sigstk.ss_flags & SS_ONSTACK) ? _UC_SETSTACK : _UC_CLRSTACK; - memset(&frame.sf_uc.uc_stack, 0, sizeof(frame.sf_uc.uc_stack)); sendsig_reset(l, sig); mutex_exit(p->p_lock);
CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src
Committed By: martin
Date: Wed Apr 26 14:54:57 UTC 2017
Modified Files:
src/sys/arch/amd64/amd64 [netbsd-7]: trap.c
Log Message:
Pull up following revision(s) (requested by chs in ticket #1410):
sys/arch/amd64/amd64/trap.c: revision 1.96
restore the ability to run netbsd 1.0 32-bit executables
by checking for the relevant lcall instruction in the trap handler
and treating it as a syscall.
To generate a diff of this commit:
cvs rdiff -u -r1.78.4.2 -r1.78.4.3 src/sys/arch/amd64/amd64/trap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/amd64/trap.c
diff -u src/sys/arch/amd64/amd64/trap.c:1.78.4.2 src/sys/arch/amd64/amd64/trap.c:1.78.4.3
--- src/sys/arch/amd64/amd64/trap.c:1.78.4.2 Wed Apr 26 14:52:50 2017
+++ src/sys/arch/amd64/amd64/trap.c Wed Apr 26 14:54:57 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $ */
+/* $NetBSD: trap.c,v 1.78.4.3 2017/04/26 14:54:57 martin Exp $ */
/*-
* Copyright (c) 1998, 2000 The NetBSD Foundation, Inc.
@@ -68,12 +68,14 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.3 2017/04/26 14:54:57 martin Exp $");
#include "opt_ddb.h"
#include "opt_kgdb.h"
#include "opt_xen.h"
#include "opt_dtrace.h"
+#include "opt_compat_netbsd.h"
+#include "opt_compat_netbsd32.h"
#include
#include
@@ -90,6 +92,11 @@ __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.7
#include
+#ifdef COMPAT_NETBSD32
+#include
+#include
+#endif
+
#include
#include
#include
@@ -389,6 +396,27 @@ kernelfault:
#endif
case T_PROTFLT|T_USER: /* protection fault */
+#if defined(COMPAT_NETBSD32) && defined(COMPAT_10)
+ {
+ static const char lcall[7] = { 0x9a, 0, 0, 0, 0, 7, 0 };
+ const size_t sz = sizeof(lcall);
+ char tmp[sz];
+
+ /* Check for the oosyscall lcall instruction. */
+ if (p->p_emul == &emul_netbsd32 &&
+ frame->tf_rip < VM_MAXUSER_ADDRESS32 - sz &&
+ copyin((void *)frame->tf_rip, tmp, sz) == 0 &&
+ memcmp(tmp, lcall, sz) == 0) {
+
+ /* Advance past the lcall. */
+ frame->tf_rip += sz;
+
+ /* Do the syscall. */
+ p->p_md.md_syscall(frame);
+ goto out;
+ }
+ }
+#endif
case T_TSSFLT|T_USER:
case T_SEGNPFLT|T_USER:
case T_STKFLT|T_USER:
CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src
Committed By: martin
Date: Wed Apr 26 14:52:50 UTC 2017
Modified Files:
src/sys/arch/amd64/amd64 [netbsd-7]: locore.S machdep.c trap.c
Log Message:
Pull up following revision(s) (requested by bsiegert in ticket #1397):
sys/arch/amd64/amd64/locore.S 1.122 (via patch)
sys/arch/amd64/amd64/machdep.c 1.254 (via patch)
sys/arch/amd64/amd64/trap.c 1.95 (via patch)
Remove the call gate on amd64, it is useless and vulnerable.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.76.2.1 src/sys/arch/amd64/amd64/locore.S
cvs rdiff -u -r1.211 -r1.211.2.1 src/sys/arch/amd64/amd64/machdep.c
cvs rdiff -u -r1.78.4.1 -r1.78.4.2 src/sys/arch/amd64/amd64/trap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/amd64/locore.S
diff -u src/sys/arch/amd64/amd64/locore.S:1.76 src/sys/arch/amd64/amd64/locore.S:1.76.2.1
--- src/sys/arch/amd64/amd64/locore.S:1.76 Fri May 16 00:48:41 2014
+++ src/sys/arch/amd64/amd64/locore.S Wed Apr 26 14:52:50 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: locore.S,v 1.76 2014/05/16 00:48:41 rmind Exp $ */
+/* $NetBSD: locore.S,v 1.76.2.1 2017/04/26 14:52:50 martin Exp $ */
/*
* Copyright-o-rama!
@@ -1287,27 +1287,6 @@ NENTRY(lwp_trampoline)
END(lwp_trampoline)
/*
- * oosyscall()
- *
- * Old call gate entry for syscall. only needed if we're
- * going to support running old i386 NetBSD 1.0 or ibcs2 binaries, etc,
- * on NetBSD/amd64.
- * The 64bit call gate can't request that arguments be copied from the
- * user stack (which the i386 code uses to get a gap for the flags).
- * push/pop are :: cycles.
- */
-IDTVEC(oosyscall)
- /* Set rflags in trap frame. */
- pushq (%rsp) # move user's %eip
- pushq 16(%rsp) # and %cs
- popq 8(%rsp)
- pushfq
- popq 16(%rsp)
- pushq $7 # size of instruction for restart
- jmp osyscall1
-IDTVEC_END(oosyscall)
-
-/*
* osyscall()
*
* Trap gate entry for int $80 syscall, also used by sigreturn.
Index: src/sys/arch/amd64/amd64/machdep.c
diff -u src/sys/arch/amd64/amd64/machdep.c:1.211 src/sys/arch/amd64/amd64/machdep.c:1.211.2.1
--- src/sys/arch/amd64/amd64/machdep.c:1.211 Mon May 12 22:50:03 2014
+++ src/sys/arch/amd64/amd64/machdep.c Wed Apr 26 14:52:50 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: machdep.c,v 1.211 2014/05/12 22:50:03 uebayasi Exp $ */
+/* $NetBSD: machdep.c,v 1.211.2.1 2017/04/26 14:52:50 martin Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -111,7 +111,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211 2014/05/12 22:50:03 uebayasi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.2.1 2017/04/26 14:52:50 martin Exp $");
/* #define XENDEBUG_LOW */
@@ -1696,10 +1696,7 @@ init_x86_64(paddr_t first_avail)
set_mem_segment(GDT_ADDR_MEM(gdtstore, GUDATA_SEL), 0,
x86_btop(VM_MAXUSER_ADDRESS) - 1, SDT_MEMRWA, SEL_UPL, 1, 0, 1);
- /* make ldt gates and memory segments */
- setgate((struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
- &IDTVEC(oosyscall), 0, SDT_SYS386CGT, SEL_UPL,
- GSEL(GCODE_SEL, SEL_KPL));
+ /* make ldt memory segments */
*(struct mem_segment_descriptor *)(ldtstore + LUCODE_SEL) =
*GDT_ADDR_MEM(gdtstore, GUCODE_SEL);
*(struct mem_segment_descriptor *)(ldtstore + LUDATA_SEL) =
@@ -1731,16 +1728,6 @@ init_x86_64(paddr_t first_avail)
set_mem_segment(ldt_segp, 0, x86_btop(VM_MAXUSER_ADDRESS32) - 1,
SDT_MEMRWA, SEL_UPL, 1, 1, 0);
- /*
- * Other entries.
- */
- memcpy((struct gate_descriptor *)(ldtstore + LSOL26CALLS_SEL),
- (struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
- sizeof (struct gate_descriptor));
- memcpy((struct gate_descriptor *)(ldtstore + LBSDICALLS_SEL),
- (struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
- sizeof (struct gate_descriptor));
-
/* exceptions */
for (x = 0; x < 32; x++) {
#ifndef XEN
Index: src/sys/arch/amd64/amd64/trap.c
diff -u src/sys/arch/amd64/amd64/trap.c:1.78.4.1 src/sys/arch/amd64/amd64/trap.c:1.78.4.2
--- src/sys/arch/amd64/amd64/trap.c:1.78.4.1 Sat Mar 25 16:57:39 2017
+++ src/sys/arch/amd64/amd64/trap.c Wed Apr 26 14:52:50 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: trap.c,v 1.78.4.1 2017/03/25 16:57:39 snj Exp $ */
+/* $NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $ */
/*-
* Copyright (c) 1998, 2000 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.1 2017/03/25 16:57:39 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.78.4.2 2017/04/26 14:52:50 martin Exp $");
#include "opt_ddb.h"
#include "opt_kgdb.h"
@@ -222,7 +222,6 @@ trap(struct trapframe *frame)
struct proc *p;
struct pcb *pcb;
extern char fusuintrfailure[], kcopy_fault[];
- extern char IDTVEC(oosyscall)[];
extern char IDTVEC(osyscall)[];
extern char IDTVEC(syscall32)[];
#ifndef XEN
@@ -647,8 +646,7 @@
CVS commit: [netbsd-7] src/sys/arch/amd64/amd64
Module Name:src Committed By: snj Date: Sat Dec 24 04:07:25 UTC 2016 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7]: copy.S Log Message: Apply patch (requested by maxv in ticket #1278): suword: Don't allow 4 bytes to overflow beyond the userland space. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.18.34.1 src/sys/arch/amd64/amd64/copy.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/copy.S diff -u src/sys/arch/amd64/amd64/copy.S:1.18 src/sys/arch/amd64/amd64/copy.S:1.18.34.1 --- src/sys/arch/amd64/amd64/copy.S:1.18 Wed Jul 7 01:13:29 2010 +++ src/sys/arch/amd64/amd64/copy.S Sat Dec 24 04:07:25 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: copy.S,v 1.18 2010/07/07 01:13:29 chs Exp $ */ +/* $NetBSD: copy.S,v 1.18.34.1 2016/12/24 04:07:25 snj Exp $ */ /* * Copyright (c) 2001 Wasabi Systems, Inc. @@ -413,7 +413,7 @@ ENTRY(fubyte) ENTRY(suword) DEFERRED_SWITCH_CHECK - movq $VM_MAXUSER_ADDRESS-4,%r11 + movq $VM_MAXUSER_ADDRESS-8,%r11 cmpq %r11,%rdi ja _C_LABEL(fusuaddrfault)
