Date: Tue, 4 Dec 2018 19:06:11 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r341490 - in stable/12/sys: amd64/amd64 amd64/ia32 arm/arm fs/procfs i386/i386 kern sparc64/sparc64 Message-ID: <201812041906.wB4J6Br6001116@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Tue Dec 4 19:06:11 2018 New Revision: 341490 URL: https://svnweb.freebsd.org/changeset/base/341490 Log: MFC r341442, r341443: Plug memory disclosures via ptrace(2). Modified: stable/12/sys/amd64/amd64/machdep.c stable/12/sys/amd64/ia32/ia32_reg.c stable/12/sys/arm/arm/machdep_kdb.c stable/12/sys/fs/procfs/procfs_dbregs.c stable/12/sys/fs/procfs/procfs_fpregs.c stable/12/sys/fs/procfs/procfs_regs.c stable/12/sys/i386/i386/machdep.c stable/12/sys/kern/sys_process.c stable/12/sys/sparc64/sparc64/machdep.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/amd64/amd64/machdep.c ============================================================================== --- stable/12/sys/amd64/amd64/machdep.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/amd64/amd64/machdep.c Tue Dec 4 19:06:11 2018 (r341490) @@ -2046,6 +2046,7 @@ fill_regs(struct thread *td, struct reg *regs) int fill_frame_regs(struct trapframe *tp, struct reg *regs) { + regs->r_r15 = tp->tf_r15; regs->r_r14 = tp->tf_r14; regs->r_r13 = tp->tf_r13; @@ -2077,6 +2078,8 @@ fill_frame_regs(struct trapframe *tp, struct reg *regs regs->r_fs = 0; regs->r_gs = 0; } + regs->r_err = 0; + regs->r_trapno = 0; return (0); } Modified: stable/12/sys/amd64/ia32/ia32_reg.c ============================================================================== --- stable/12/sys/amd64/ia32/ia32_reg.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/amd64/ia32/ia32_reg.c Tue Dec 4 19:06:11 2018 (r341490) @@ -105,6 +105,8 @@ fill_regs32(struct thread *td, struct reg32 *regs) regs->r_eflags = tp->tf_rflags; regs->r_esp = tp->tf_rsp; regs->r_ss = tp->tf_ss; + regs->r_err = 0; + regs->r_trapno = 0; return (0); } Modified: stable/12/sys/arm/arm/machdep_kdb.c ============================================================================== --- stable/12/sys/arm/arm/machdep_kdb.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/arm/arm/machdep_kdb.c Tue Dec 4 19:06:11 2018 (r341490) @@ -104,6 +104,7 @@ fill_regs(struct thread *td, struct reg *regs) regs->r_cpsr = tf->tf_spsr; return (0); } + int fill_fpregs(struct thread *td, struct fpreg *regs) { @@ -134,8 +135,11 @@ set_fpregs(struct thread *td, struct fpreg *regs) int fill_dbregs(struct thread *td, struct dbreg *regs) { + + bzero(regs, sizeof(*regs)); return (0); } + int set_dbregs(struct thread *td, struct dbreg *regs) { Modified: stable/12/sys/fs/procfs/procfs_dbregs.c ============================================================================== --- stable/12/sys/fs/procfs/procfs_dbregs.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/fs/procfs/procfs_dbregs.c Tue Dec 4 19:06:11 2018 (r341490) @@ -112,8 +112,10 @@ procfs_doprocdbregs(PFS_FILL_ARGS) return (EINVAL); } wrap32 = 1; - } + memset(&r32, 0, sizeof(r32)); + } else #endif + memset(&r, 0, sizeof(r)); error = PROC(read, dbregs, td2, &r); if (error == 0) { PROC_UNLOCK(p); Modified: stable/12/sys/fs/procfs/procfs_fpregs.c ============================================================================== --- stable/12/sys/fs/procfs/procfs_fpregs.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/fs/procfs/procfs_fpregs.c Tue Dec 4 19:06:11 2018 (r341490) @@ -102,7 +102,6 @@ procfs_doprocfpregs(PFS_FILL_ARGS) return (EBUSY); } - /* XXXKSE: */ td2 = FIRST_THREAD_IN_PROC(p); #ifdef COMPAT_FREEBSD32 if (SV_CURPROC_FLAG(SV_ILP32)) { @@ -111,8 +110,10 @@ procfs_doprocfpregs(PFS_FILL_ARGS) return (EINVAL); } wrap32 = 1; - } + memset(&r32, 0, sizeof(r32)); + } else #endif + memset(&r, 0, sizeof(r)); error = PROC(read, fpregs, td2, &r); if (error == 0) { PROC_UNLOCK(p); Modified: stable/12/sys/fs/procfs/procfs_regs.c ============================================================================== --- stable/12/sys/fs/procfs/procfs_regs.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/fs/procfs/procfs_regs.c Tue Dec 4 19:06:11 2018 (r341490) @@ -102,7 +102,6 @@ procfs_doprocregs(PFS_FILL_ARGS) return (EBUSY); } - /* XXXKSE: */ td2 = FIRST_THREAD_IN_PROC(p); #ifdef COMPAT_FREEBSD32 if (SV_CURPROC_FLAG(SV_ILP32)) { @@ -111,8 +110,10 @@ procfs_doprocregs(PFS_FILL_ARGS) return (EINVAL); } wrap32 = 1; - } + memset(&r32, 0, sizeof(r32)); + } else #endif + memset(&r, 0, sizeof(r)); error = PROC(read, regs, td2, &r); if (error == 0) { PROC_UNLOCK(p); Modified: stable/12/sys/i386/i386/machdep.c ============================================================================== --- stable/12/sys/i386/i386/machdep.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/i386/i386/machdep.c Tue Dec 4 19:06:11 2018 (r341490) @@ -2817,6 +2817,7 @@ fill_regs(struct thread *td, struct reg *regs) int fill_frame_regs(struct trapframe *tp, struct reg *regs) { + regs->r_fs = tp->tf_fs; regs->r_es = tp->tf_es; regs->r_ds = tp->tf_ds; @@ -2832,6 +2833,8 @@ fill_frame_regs(struct trapframe *tp, struct reg *regs regs->r_eflags = tp->tf_eflags; regs->r_esp = tp->tf_esp; regs->r_ss = tp->tf_ss; + regs->r_err = 0; + regs->r_trapno = 0; return (0); } Modified: stable/12/sys/kern/sys_process.c ============================================================================== --- stable/12/sys/kern/sys_process.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/kern/sys_process.c Tue Dec 4 19:06:11 2018 (r341490) @@ -541,6 +541,9 @@ struct ptrace_args { * copyin(uap->addr, &r.reg32, sizeof r.reg32); * .. except this is done at runtime. */ +#define BZERO(a, s) wrap32 ? \ + bzero(a ## 32, s ## 32) : \ + bzero(a, s) #define COPYIN(u, k, s) wrap32 ? \ copyin(u, k ## 32, s ## 32) : \ copyin(u, k, s) @@ -548,6 +551,7 @@ struct ptrace_args { copyout(k ## 32, u, s ## 32) : \ copyout(k, u, s) #else +#define BZERO(a, s) bzero(a, s) #define COPYIN(u, k, s) copyin(u, k, s) #define COPYOUT(k, u, s) copyout(k, u, s) #endif @@ -573,7 +577,7 @@ sys_ptrace(struct thread *td, struct ptrace_args *uap) struct ptrace_lwpinfo32 pl32; struct ptrace_vm_entry32 pve32; #endif - char args[nitems(td->td_sa.args) * sizeof(register_t)]; + char args[sizeof(td->td_sa.args)]; int ptevents; } r; void *addr; @@ -590,11 +594,17 @@ sys_ptrace(struct thread *td, struct ptrace_args *uap) addr = &r; switch (uap->req) { case PT_GET_EVENT_MASK: + case PT_LWPINFO: + case PT_GET_SC_ARGS: + break; case PT_GETREGS: + BZERO(&r.reg, sizeof r.reg); + break; case PT_GETFPREGS: + BZERO(&r.fpreg, sizeof r.fpreg); + break; case PT_GETDBREGS: - case PT_LWPINFO: - case PT_GET_SC_ARGS: + BZERO(&r.dbreg, sizeof r.dbreg); break; case PT_SETREGS: error = COPYIN(uap->addr, &r.reg, sizeof r.reg); @@ -662,6 +672,7 @@ sys_ptrace(struct thread *td, struct ptrace_args *uap) } #undef COPYIN #undef COPYOUT +#undef BZERO #ifdef COMPAT_FREEBSD32 /* Modified: stable/12/sys/sparc64/sparc64/machdep.c ============================================================================== --- stable/12/sys/sparc64/sparc64/machdep.c Tue Dec 4 18:51:28 2018 (r341489) +++ stable/12/sys/sparc64/sparc64/machdep.c Tue Dec 4 19:06:11 2018 (r341490) @@ -1056,6 +1056,7 @@ fill_fpregs(struct thread *td, struct fpreg *fpregs) bcopy(pcb->pcb_ufp, fpregs->fr_regs, sizeof(fpregs->fr_regs)); fpregs->fr_fsr = tf->tf_fsr; fpregs->fr_gsr = tf->tf_gsr; + fpregs->fr_pad[0] = 0; return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812041906.wB4J6Br6001116>