[Glibc-bsd-commits] r2796 - in trunk/kfreebsd-7/debian: . patches

Petr Salinger ps-guest at alioth.debian.org
Tue Oct 6 06:24:22 UTC 2009


Author: ps-guest
Date: 2009-10-06 06:24:20 +0000 (Tue, 06 Oct 2009)
New Revision: 2796

Added:
   trunk/kfreebsd-7/debian/patches/000_devfs.diff
   trunk/kfreebsd-7/debian/patches/000_null.diff
Modified:
   trunk/kfreebsd-7/debian/changelog
   trunk/kfreebsd-7/debian/patches/series
Log:
* Fix Devfs / VFS NULL pointer race condition - FreeBSD-SA-09:14.devfs
* Add no zero mapping feature - FreeBSD-EN-09:05.null



Modified: trunk/kfreebsd-7/debian/changelog
===================================================================
--- trunk/kfreebsd-7/debian/changelog	2009-09-22 13:56:58 UTC (rev 2795)
+++ trunk/kfreebsd-7/debian/changelog	2009-10-06 06:24:20 UTC (rev 2796)
@@ -1,3 +1,13 @@
+kfreebsd-7 (7.2-9) UNSTABLE; urgency=high
+
+  [ Petr Salinger ]
+  * Fix Devfs / VFS NULL pointer race condition
+    (FreeBSD-SA-09:14.devfs). Closes #549871.
+  * Add no zero mapping feature
+    (FreeBSD-EN-09:05.null).
+
+ -- Aurelien Jarno <aurel32 at debian.org>  Sun, 13 Sep 2009 00:17:20 +0200
+
 kfreebsd-7 (7.2-8) unstable; urgency=low
 
   [ Petr Salinger ]

Added: trunk/kfreebsd-7/debian/patches/000_devfs.diff
===================================================================
--- trunk/kfreebsd-7/debian/patches/000_devfs.diff	                        (rev 0)
+++ trunk/kfreebsd-7/debian/patches/000_devfs.diff	2009-10-06 06:24:20 UTC (rev 2796)
@@ -0,0 +1,13 @@
+Index: sys/fs/devfs/devfs_vnops.c
+===================================================================
+--- sys/fs/devfs/devfs_vnops.c	(revision 192300)
++++ sys/fs/devfs/devfs_vnops.c	(revision 192301)
+@@ -890,6 +890,7 @@
+ 	if (fp != NULL) {
+ 		FILE_LOCK(fp);
+ 		fp->f_data = dev;
++		fp->f_vnode = vp;
+ 		FILE_UNLOCK(fp);
+ 	}
+ 	fpop = td->td_fpop;
+

Added: trunk/kfreebsd-7/debian/patches/000_null.diff
===================================================================
--- trunk/kfreebsd-7/debian/patches/000_null.diff	                        (rev 0)
+++ trunk/kfreebsd-7/debian/patches/000_null.diff	2009-10-06 06:24:20 UTC (rev 2796)
@@ -0,0 +1,45 @@
+Index: sys/kern/kern_exec.c
+===================================================================
+--- sys/kern/kern_exec.c	(revision 197682)
++++ sys/kern/kern_exec.c	(working copy)
+@@ -122,6 +122,11 @@
+ SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
+     &ps_arg_cache_limit, 0, "");
+ 
++static int map_at_zero = 1;
++TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
++SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
++    "Permit processes to map an object at virtual address 0.");
++
+ static int
+ sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
+ {
+@@ -939,7 +944,7 @@
+ 	int error;
+ 	struct proc *p = imgp->proc;
+ 	struct vmspace *vmspace = p->p_vmspace;
+-	vm_offset_t stack_addr;
++	vm_offset_t sv_minuser, stack_addr;
+ 	vm_map_t map;
+ 	u_long ssiz;
+ 
+@@ -955,13 +960,17 @@
+ 	 * not disrupted
+ 	 */
+ 	map = &vmspace->vm_map;
+-	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
++	if (map_at_zero)
++		sv_minuser = sv->sv_minuser;
++	else
++		sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
+ 	    vm_map_max(map) == sv->sv_maxuser) {
+ 		shmexit(vmspace);
+ 		pmap_remove_pages(vmspace_pmap(vmspace));
+ 		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
+ 	} else {
+-		error = vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
++		error = vmspace_exec(p, sv_minuser, sv->sv_maxuser);
+ 		if (error)
+ 			return (error);
+ 		vmspace = p->p_vmspace;

Modified: trunk/kfreebsd-7/debian/patches/series
===================================================================
--- trunk/kfreebsd-7/debian/patches/series	2009-09-22 13:56:58 UTC (rev 2795)
+++ trunk/kfreebsd-7/debian/patches/series	2009-10-06 06:24:20 UTC (rev 2796)
@@ -1,6 +1,8 @@
 000_ipv6.diff
 000_pipe.diff
 001_misc.diff
+000_devfs.diff
+000_null.diff
 003_glibc_dev_aicasm.diff
 004_xargs.diff
 005_binutils.diff




More information about the Glibc-bsd-commits mailing list