linux: Fix SMAP-enabled futex routines
ClosedPublic
Actions

Authored by markj on May 15 2021, 3:29 PM.

Details

Reviewers

trasz
kib

Commits

rGfb580451456a: linux: Fix SMAP-enabled futex routines

Summary

Some of them were dereferencing the user pointer before disabling SMAP.

PR: 255591
Tested by: pitwuu@gmail.com

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.May 15 2021, 3:29 PM

Herald added a subscriber: imp. · View Herald TranscriptMay 15 2021, 3:29 PM

markj requested review of this revision.May 15 2021, 3:29 PM

Harbormaster completed remote builds in B39205: Diff 89264.May 15 2021, 3:29 PM

It is indeed weird, because cb0eecdf927 was reported by relatively many people, and you can see testers.

This revision is now accepted and ready to land.May 15 2021, 7:21 PM

In D30276#680193, @kib wrote:

It is indeed weird, because cb0eecdf927 was reported by relatively many people, and you can see testers.

Some of the ops did not have this bug, so I guess only those ops were being used before. The reporter of PR 255591 also claimed that the panic does not occur on 13.0, which is also strange.

Closed by commit rGfb580451456a: linux: Fix SMAP-enabled futex routines (authored by markj). · Explain WhyMay 16 2021, 5:44 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGfb580451456a: linux: Fix SMAP-enabled futex routines.

Revision Contents
Changeset List

Path

Size

sys/

amd64/

linux/

linux_support.s

12 lines

linux32/

linux32_support.s

12 lines

Diff 89305

View Options

sys/amd64/linux/linux_support.s

Show First 20 Lines • Show All 82 Lines • ▼ Show 20 Lines	cap_openlog(cap_channel_t chan, const char ident, int logopt, int facility)

nvl = nvlist_create(0);		nvl = nvlist_create(0);
nvlist_add_string(nvl, "cmd", "openlog");		nvlist_add_string(nvl, "cmd", "openlog");
if (ident != NULL) {		if (ident != NULL) {
nvlist_add_string(nvl, "ident", ident);		nvlist_add_string(nvl, "ident", ident);
}		}
nvlist_add_number(nvl, "logopt", logopt);		nvlist_add_number(nvl, "logopt", logopt);
nvlist_add_number(nvl, "facility", facility);		nvlist_add_number(nvl, "facility", facility);
		if (logopt & LOG_PERROR) {
		nvlist_add_descriptor(nvl, "stderr", STDERR_FILENO);
		}
nvl = cap_xfer_nvlist(chan, nvl);		nvl = cap_xfer_nvlist(chan, nvl);
if (nvl == NULL) {		if (nvl == NULL) {
return;		return;
}		}
nvlist_destroy(nvl);		nvlist_destroy(nvl);
}		}

void		void
Show All 27 Lines	cap_setlogmask(cap_channel_t *chan, int maskpri)
return (omask);		return (omask);
}		}

/*		/*
* Service functions.		* Service functions.
*/		*/

static char *LogTag;		static char *LogTag;
		static int prev_stderr = -1;

static void		static void
slog_vsyslog(const nvlist_t limits __unused, const nvlist_t nvlin,		slog_vsyslog(const nvlist_t limits __unused, const nvlist_t nvlin,
nvlist_t *nvlout __unused)		nvlist_t *nvlout __unused)
{		{

syslog(nvlist_get_number(nvlin, "priority"), "%s",		syslog(nvlist_get_number(nvlin, "priority"), "%s",
nvlist_get_string(nvlin, "message"));		nvlist_get_string(nvlin, "message"));
}		}

static void		static void
slog_openlog(const nvlist_t limits __unused, const nvlist_t nvlin,		slog_openlog(const nvlist_t limits __unused, const nvlist_t nvlin,
nvlist_t *nvlout __unused)		nvlist_t *nvlout __unused)
{		{
const char *ident;		const char *ident;
		uint64_t logopt;
		int stderr_fd;

ident = dnvlist_get_string(nvlin, "ident", NULL);		ident = dnvlist_get_string(nvlin, "ident", NULL);
if (ident != NULL) {		if (ident != NULL) {
free(LogTag);		free(LogTag);
LogTag = strdup(ident);		LogTag = strdup(ident);
}		}

openlog(LogTag, nvlist_get_number(nvlin, "logopt"),		logopt = nvlist_get_number(nvlin, "logopt");
nvlist_get_number(nvlin, "facility"));		if (logopt & LOG_PERROR) {
		stderr_fd = dnvlist_get_descriptor(nvlin, "stderr", -1);
		if (prev_stderr == -1)
		prev_stderr = dup(STDERR_FILENO);
		if (prev_stderr != -1)
		(void)dup2(stderr_fd, STDERR_FILENO);
		} else if (prev_stderr != -1) {
		(void)dup2(prev_stderr, STDERR_FILENO);
		close(prev_stderr);
		prev_stderr = -1;
}		}
		openlog(LogTag, logopt, nvlist_get_number(nvlin, "facility"));
		}

static void		static void
slog_closelog(const nvlist_t limits __unused, const nvlist_t nvlin __unused,		slog_closelog(const nvlist_t limits __unused, const nvlist_t nvlin __unused,
nvlist_t *nvlout __unused)		nvlist_t *nvlout __unused)
{		{

closelog();		closelog();

free(LogTag);		free(LogTag);
LogTag = NULL;		LogTag = NULL;

		if (prev_stderr != -1) {
		(void)dup2(prev_stderr, STDERR_FILENO);
		close(prev_stderr);
		prev_stderr = -1;
}		}
		}

static void		static void
slog_setlogmask(const nvlist_t limits __unused, const nvlist_t nvlin,		slog_setlogmask(const nvlist_t limits __unused, const nvlist_t nvlin,
nvlist_t *nvlout)		nvlist_t *nvlout)
{		{
int omask;		int omask;

omask = setlogmask(nvlist_get_number(nvlin, "maskpri"));		omask = setlogmask(nvlist_get_number(nvlin, "maskpri"));
Show All 15 Lines	if (strcmp(cmd, "vsyslog") == 0) {
slog_setlogmask(limits, nvlin, nvlout);		slog_setlogmask(limits, nvlin, nvlout);
} else {		} else {
return (EINVAL);		return (EINVAL);
}		}

return (0);		return (0);
}		}

CREATE_SERVICE("system.syslog", NULL, syslog_command, CASPER_SERVICE_STDIO);		CREATE_SERVICE("system.syslog", NULL, syslog_command, 0);