CVS commit: src/sys/kern

Wed, 10 Jul 2019 10:52:55 -0700 

Module Name:    src
Committed By:   maxv
Date:           Wed Jul 10 17:52:22 UTC 2019

Modified Files:
        src/sys/kern: sys_lwp.c

Log Message:
Fix info leak: instead of using SS_INIT as a literal compound, use a global
variable from rodata. The compound gets pushed on the stack, the padding
of the structure was therefore not initialized, and was getting leaked to
userland in sys___sigaltstack14().


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/kern/sys_lwp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/sys_lwp.c
diff -u src/sys/kern/sys_lwp.c:1.68 src/sys/kern/sys_lwp.c:1.69
--- src/sys/kern/sys_lwp.c:1.68	Mon Jul  1 17:15:43 2019
+++ src/sys/kern/sys_lwp.c	Wed Jul 10 17:52:22 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $	*/
+/*	$NetBSD: sys_lwp.c,v 1.69 2019/07/10 17:52:22 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2001, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.69 2019/07/10 17:52:22 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -53,6 +53,8 @@ __KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 
 
 #define	LWP_UNPARK_MAX		1024
 
+static const stack_t lwp_ss_init = SS_INIT;
+
 static syncobj_t lwp_park_sobj = {
 	.sobj_flag	= SOBJ_SLEEPQ_LIFO,
 	.sobj_unsleep	= sleepq_unsleep,
@@ -111,7 +113,7 @@ do_lwp_create(lwp_t *l, void *arg, u_lon
 		return ENOMEM;
 
 	error = lwp_create(l, p, uaddr, flags & LWP_DETACHED, NULL, 0,
-	    mi_startlwp, arg, &l2, l->l_class, sigmask, &SS_INIT);
+	    mi_startlwp, arg, &l2, l->l_class, sigmask, &lwp_ss_init);
 	if (__predict_false(error)) {
 		uvm_uarea_free(uaddr);
 		return error;

Reply via email to