Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 May 2022 17:42:53 GMT
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: fb3fa01a2df5 - stable/13 - arm: Zero padding in mcontext_vfp_t in get_vfpcontext().
Message-ID:  <202205131742.24DHgr1C055652@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb3fa01a2df5775a0068f946b89c37ee1918a370

commit fb3fa01a2df5775a0068f946b89c37ee1918a370
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-03-25 16:57:20 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-05-13 16:45:19 +0000

    arm: Zero padding in mcontext_vfp_t in get_vfpcontext().
    
    This can leak kernel stack data otherwise.
    
    Reviewed by:    imp, markj
    Sponsored by:   The University of Cambridge, Google, Inc.
    Differential Revision:  https://reviews.freebsd.org/D34594
    
    (cherry picked from commit b234b8d911cdb4fe53032fde0cb8611ae9d0b81d)
---
 sys/arm/arm/exec_machdep.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/arm/arm/exec_machdep.c b/sys/arm/arm/exec_machdep.c
index 865fc4d86288..defe17ed390c 100644
--- a/sys/arm/arm/exec_machdep.c
+++ b/sys/arm/arm/exec_machdep.c
@@ -103,6 +103,7 @@ get_vfpcontext(struct thread *td, mcontext_vfp_t *vfp)
 		critical_exit();
 	} else
 		MPASS(TD_IS_SUSPENDED(td));
+	memset(vfp, 0, sizeof(*vfp));
 	memcpy(vfp->mcv_reg, pcb->pcb_vfpstate.reg,
 	    sizeof(vfp->mcv_reg));
 	vfp->mcv_fpscr = pcb->pcb_vfpstate.fpscr;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202205131742.24DHgr1C055652>