[Midnightbsd-cvs] [MidnightBSD/src] 1bf57f: tty: Avoid a kernel memory discloure via kern.ttys

Lucas Holt noreply at github.com
Mon Dec 18 01:22:40 EST 2023 

  Branch: refs/heads/master
  Home:   https://github.com/MidnightBSD/src
  Commit: 1bf57fbb1dbe0eabdf2d3d2648a0b42f8c7c9b2d
      https://github.com/MidnightBSD/src/commit/1bf57fbb1dbe0eabdf2d3d2648a0b42f8c7c9b2d
  Author: Mark Johnston <markj at FreeBSD.org>
  Date:   2023-12-18 (Mon, 18 Dec 2023)

  Changed paths:
    M sys/kern/tty.c

  Log Message:
  -----------
  tty: Avoid a kernel memory discloure via kern.ttys

Four pad bytes at the end of each xtty structure were not being cleared
before being copied out.  Fix this by clearing the whole structure
before populating fields.

MFC after:	3 days
Reported by:	KMSAN

(cherry picked from commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3)


  Commit: 832c6c7dbcaf47762202370398305cfb7bb2194a
      https://github.com/MidnightBSD/src/commit/832c6c7dbcaf47762202370398305cfb7bb2194a
  Author: Rick Macklem <rmacklem at FreeBSD.org>
  Date:   2023-12-18 (Mon, 18 Dec 2023)

  Changed paths:
    M sys/fs/nfsclient/nfs_clrpcops.c

  Log Message:
  -----------
  nfscl: Fix processing of a rare Rename reply case

When delegations are enabled (they are not by default in
the FreeBSD NFSv4 server), rename will check for and return
delegations.  If the second of these DelegReturn operations
were to fail (they rarely do), then the code would not retry
the rename with returning delegations, as it is intended to do.

The patch fixes the problem, since the DelegReturn reply status
is the second iteration of the loop and not the first iteration.

As noted, this bug would have rarely manifested a problem, since
DelegReturn operations do not normally fail.

(cherry picked from commit 6aded1e6b2e5549120031032e1c7f8b002882327)


  Commit: 8265a72a87791b6664d426ad86dc67af11bfdba4
      https://github.com/MidnightBSD/src/commit/8265a72a87791b6664d426ad86dc67af11bfdba4
  Author: Rick Macklem <rmacklem at FreeBSD.org>
  Date:   2023-12-18 (Mon, 18 Dec 2023)

  Changed paths:
    M sys/fs/nfsclient/nfs_clrpcops.c

  Log Message:
  -----------
  nfscl: Fix comment for commit 6aded1e6b2e5

Commit 6aded1e6b2e5 fixed a rare case when handling an NFSv4
Rename reply when delegations are in use.  This patch fixes the
associated comment.

(cherry picked from commit 0a958aa16fed1978879d64e3b225f1d232cc5a98)


Compare: https://github.com/MidnightBSD/src/compare/94b5bf442146...8265a72a8779

More information about the Midnightbsd-cvs mailing list