Author: markj
Date: Wed Nov 28 17:31:34 2018
New Revision: 341155
URL: https://svnweb.freebsd.org/changeset/base/341155
Log:
MFstable/12 r341075:
Plug some kernel memory disclosures via kevent(2).
Approved by: re (gjb)
Modified:
releng/12.0/sys/kern/kern_event.c
releng/12.0/sys/kern/vfs_aio.c
Directory Properties:
releng/12.0/ (props changed)
Modified: releng/12.0/sys/kern/kern_event.c
==============================================================================
--- releng/12.0/sys/kern/kern_event.c Wed Nov 28 17:00:18 2018
(r341154)
+++ releng/12.0/sys/kern/kern_event.c Wed Nov 28 17:31:34 2018
(r341155)
@@ -535,8 +535,9 @@ knote_fork(struct knlist *list, int pid)
if (list == NULL)
return;
- list->kl_lock(list->kl_lockarg);
+ memset(&kev, 0, sizeof(kev));
+ list->kl_lock(list->kl_lockarg);
SLIST_FOREACH(kn, &list->kl_list, kn_selnext) {
kq = kn->kn_kq;
KQ_LOCK(kq);
Modified: releng/12.0/sys/kern/vfs_aio.c
==============================================================================
--- releng/12.0/sys/kern/vfs_aio.c Wed Nov 28 17:00:18 2018
(r341154)
+++ releng/12.0/sys/kern/vfs_aio.c Wed Nov 28 17:31:34 2018
(r341155)
@@ -1589,6 +1589,7 @@ aio_aqueue(struct thread *td, struct aiocb *ujob, stru
goto aqueue_fail;
}
kqfd = job->uaiocb.aio_sigevent.sigev_notify_kqueue;
+ memset(&kev, 0, sizeof(kev));
kev.ident = (uintptr_t)job->ujob;
kev.filter = EVFILT_AIO;
kev.flags = EV_ADD | EV_ENABLE | EV_FLAG1 | evflags;
@@ -2155,6 +2156,7 @@ kern_lio_listio(struct thread *td, int mode, struct ai
bcopy(sig, &lj->lioj_signal, sizeof(lj->lioj_signal));
if (lj->lioj_signal.sigev_notify == SIGEV_KEVENT) {
/* Assume only new style KEVENT */
+ memset(&kev, 0, sizeof(kev));
kev.filter = EVFILT_LIO;
kev.flags = EV_ADD | EV_ENABLE | EV_FLAG1;
kev.ident = (uintptr_t)uacb_list; /* something unique */
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
