Diffusion FreeBSD src repository b112232e4fb9

uipc_shm: Copyin userpath for ktrace(2)
b112232e4fb9
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

uipc_shm: Copyin userpath for ktrace(2)

If userpath is not SHM_ANON, then copy it in early so ktrace(2) can
record it. Without this change, ktrace(2) will attempt to strcpy a
userspace string and trigger a page fault.

Reported by: syzbot+490b9c2a89f53b1b9779@syzkaller.appspotmail.com
Fixes: 0cd9cde767c3
Approved by: markj (mentor)
Reviewed by: markj
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44702

Details

Provenance

Authored on Apr 10 2024, 2:17 AM

Reviewer

Differential Revision

D44702: uipc_shm: Copyin userpath for ktrace(2)

Parents

rGb18029bc59d2: unionfs_lookup(): fix wild accesses to vnode private data

Branches

Unknown

Tags

Unknown

Event Timeline

jfree committed rGb112232e4fb9: uipc_shm: Copyin userpath for ktrace(2) (authored by jfree).Apr 10 2024, 2:17 AM

jfree added an edge: D44702: uipc_shm: Copyin userpath for ktrace(2).Apr 10 2024, 2:21 AM

markj mentioned this in rGe411b2273603: uipc_shm: Fix a free() of an uninitialized variable.Apr 19 2024, 12:19 AM

jfree mentioned this in rGd0ca50b414be: uipc_shm: Copyin userpath for ktrace(2).Sun, May 12, 12:09 AM

jfree mentioned this in rGdee055d1b1e6: uipc_shm: Fix a free() of an uninitialized variable.

Changes (1)

Path

Size

sys/

kern/

rGb112232e4fb9

sys/kern/uipc_shm.c

Loading...