From nobody Mon Dec 11 14:24:44 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SpkXY1rjNz53gLn; Mon, 11 Dec 2023 14:24:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SpkXX703sz3bST; Mon, 11 Dec 2023 14:24:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702304685; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0rEmXZb8waSTlu4fw7X+JdTXAKkbOHos2B3a+3biOoc=; b=Uf/B5a5rw/9VKSvArB0AYhsSeclXQWXyAXFLW8o3PV9yPRUDH5sWx7+7M5KyIc03decZSE TBssM5Ker6ObuqoPDZUX31T1f3c9w2qvionrVHAiOB2ojBwf166mCrI0GRnsKaxstWj33K benBDS0jkjJM2qcTTQCSvHPzBqBBg1qVFFH1npk+QRTobKTJyiGNWI4C2quh9HUPu001FV 8HMBdUtzfrhFajzDgZsRfPWQkcMzhNusRWkZgU5M43B1bpRsZEBL6rjX+9ap5sAPfIpsxn 7Cxj2zauzXuZW116Vk3O6zFrPrZAKxyBRBVbYAOBjY8pzezzJThM2YKzaOkRNQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1702304685; a=rsa-sha256; cv=none; b=ev+KnQ5r7B6NgdW4/zIwdpwhIDEYnlpQZI0zfrXhsrgblZnKvXMNGqQmBZGGXuKA5eIR8H HDzUK9tFSr13Hxvsa7Oaz9AUdmAUQQXWFOahOJuslRAAmwNt6hVJIassnCMRPpEKknre9k HcnvBKuMKpoW9k48kmi0qBbjmOBVIFM8XizO1USogIej8GGHMLPYHCdS8wTrP33tWxHVFW 3Dq6hoH5xXdBnz+h6YOwN1wghz4D0cjMHoWK+7EGPdTeIYkBdLLdQ3CjlGPYSYud1QZ0W/ z20ex7EzNpy0X6upOydpNjGoUWD/FvAfMKZ+UTct1xtGNv6PsIlp8A9TD42KTA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702304685; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0rEmXZb8waSTlu4fw7X+JdTXAKkbOHos2B3a+3biOoc=; b=nttBgWmpJ7EyDZ+E49yGuxqhefED/+T0x9WmNc6xM1JuILb6sYl/IBR+fg33FSYmsQjzT6 eLWxaJo0sxCzNJiGw8AZbMbxelI+nDkN3fPK0h7PN37ydyPPzZvSt0Khi5tYSpoU/HYM7o R/tMLEh1tRsyd9YqAcqch/WyLiiZNyCd2ueVSLVj9m0m+NHrr8QUiXHRm6thC3katnBeFT 9neEswrDQcaYBsAOqzTv1JCh/8wOTY+vGu8IryKEqB26ucyFsh5p3cqE3P4zv8twYuLJvB GoPYy2CByzJbA5ozomuvTul/JnySkefFKOBVmpHzM92xqelL0sRqHhIjhIi/Cg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SpkXX65Hmzb4Z; Mon, 11 Dec 2023 14:24:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BBEOiNd088398; Mon, 11 Dec 2023 14:24:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BBEOiXQ088395; Mon, 11 Dec 2023 14:24:44 GMT (envelope-from git) Date: Mon, 11 Dec 2023 14:24:44 GMT Message-Id: <202312111424.3BBEOiXQ088395@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 3c0fb026b2fc - main - tty: Avoid a kernel memory discloure via kern.ttys List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3c0fb026b2fc998fa9bea8aed76e96c58671aee3 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=3c0fb026b2fc998fa9bea8aed76e96c58671aee3 commit 3c0fb026b2fc998fa9bea8aed76e96c58671aee3 Author: Mark Johnston AuthorDate: 2023-12-11 14:19:09 +0000 Commit: Mark Johnston CommitDate: 2023-12-11 14:19:09 +0000 tty: Avoid a kernel memory discloure via kern.ttys Four pad bytes at the end of each xtty structure were not being cleared before being copied out. Fix this by clearing the whole structure before populating fields. MFC after: 3 days Reported by: KMSAN --- sys/kern/tty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 620233947410..e051c66ab0c9 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1288,6 +1288,7 @@ tty_to_xtty(struct tty *tp, struct xtty *xt) tty_assert_locked(tp); + memset(xt, 0, sizeof(*xt)); xt->xt_size = sizeof(struct xtty); xt->xt_insize = ttyinq_getsize(&tp->t_inq); xt->xt_incc = ttyinq_bytescanonicalized(&tp->t_inq);