Fix kernel memory disclosures in mpr and mps
ClosedPublic
Actions

Authored by asomers on Mar 1 2023, 7:18 PM.

Details

Reviewers

markj
scottl
imp
slm

Commits

rG1a798187e554: Fix kernel memory disclosures in mpr and mps
rG72aad3f9028a: Fix kernel memory disclosures in mpr and mps

Summary

In every mpr and mps ioctl that copies kernel data to userland, validate
that the requested length does not exceed the size of the kernel's
buffer.

Note that all of these ioctls already required root access.

MFC after: 2 weeks
Sponsored by: Axcient

Test Plan

Manually tested with mpsutil and an mps card. I don't currently have any available mpr cards to test on.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 50083
Build 46975: arc lint + arc unit

Event Timeline

asomers created this revision.Mar 1 2023, 7:18 PM

Herald added a reviewer: slm. · View Herald TranscriptMar 1 2023, 7:18 PM

asomers requested review of this revision.Mar 1 2023, 7:18 PM

Harbormaster completed remote builds in B50083: Diff 118141.Mar 1 2023, 7:18 PM

imp accepted this revision.Mar 1 2023, 9:03 PM

This revision is now accepted and ready to land.Mar 1 2023, 9:03 PM

Closed by commit rG72aad3f9028a: Fix kernel memory disclosures in mpr and mps (authored by asomers). · Explain WhyMar 2 2023, 8:32 PM

This revision was automatically updated to reflect the committed changes.

asomers added a commit: rG72aad3f9028a: Fix kernel memory disclosures in mpr and mps.

asomers added a commit: rG1a798187e554: Fix kernel memory disclosures in mpr and mps.Mar 22 2023, 7:28 PM

Revision Contents
Changeset List

Path

Size

sys/

dev/

mpr/

mpr_user.c

7 lines

mps/

mps_user.c

7 lines

Diff 118141

View Options

sys/dev/mpr/mpr_user.c