svn commit: r267019 - in releng/8.4: . contrib/sendmail/src sys/conf sys/kern sys/sys sys/vm
Xin LI
delphij at FreeBSD.org
Tue Jun 3 19:03:25 UTC 2014
Author: delphij
Date: Tue Jun 3 19:03:23 2014
New Revision: 267019
URL: http://svnweb.freebsd.org/changeset/base/267019
Log:
Fix sendmail improper close-on-exec flag handling. [SA-14:11]
Fix ktrace memory disclosure. [SA-14:12]
Fix triple-fault when executing from a threaded process. [EN-14:06]
Approved by: so
Modified:
releng/8.4/UPDATING
releng/8.4/contrib/sendmail/src/conf.c
releng/8.4/sys/conf/newvers.sh
releng/8.4/sys/kern/kern_exec.c
releng/8.4/sys/kern/kern_ktrace.c
releng/8.4/sys/sys/proc.h
releng/8.4/sys/vm/vm_map.c
Modified: releng/8.4/UPDATING
==============================================================================
--- releng/8.4/UPDATING Tue Jun 3 19:03:11 2014 (r267018)
+++ releng/8.4/UPDATING Tue Jun 3 19:03:23 2014 (r267019)
@@ -15,6 +15,17 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
debugging tools present in HEAD were left in place because
sun4v support still needs work to become production ready.
+20140603: p11 FreeBSD-SA-14:11.sendmail
+ FreeBSD-SA-14:12.ktrace
+ FreeBSD-EN-14:06.exec
+
+ Fix sendmail improper close-on-exec flag handling. [SA-14:11]
+
+ Fix ktrace memory disclosure. [SA-14:12]
+
+ Fix triple-fault when executing from a threaded process.
+ [EN-14:06]
+
20140513: p10 FreeBSD-EN-14:03.pkg
FreeBSD-EN-14:04.kldxref
Modified: releng/8.4/contrib/sendmail/src/conf.c
==============================================================================
--- releng/8.4/contrib/sendmail/src/conf.c Tue Jun 3 19:03:11 2014 (r267018)
+++ releng/8.4/contrib/sendmail/src/conf.c Tue Jun 3 19:03:23 2014 (r267019)
@@ -5265,8 +5265,8 @@ closefd_walk(lowest, fd)
*/
void
-sm_close_on_exec(highest, lowest)
- int highest, lowest;
+sm_close_on_exec(lowest, highest)
+ int lowest, highest;
{
#if HASFDWALK
(void) fdwalk(closefd_walk, &lowest);
Modified: releng/8.4/sys/conf/newvers.sh
==============================================================================
--- releng/8.4/sys/conf/newvers.sh Tue Jun 3 19:03:11 2014 (r267018)
+++ releng/8.4/sys/conf/newvers.sh Tue Jun 3 19:03:23 2014 (r267019)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="8.4"
-BRANCH="RELEASE-p10"
+BRANCH="RELEASE-p11"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/8.4/sys/kern/kern_exec.c
==============================================================================
--- releng/8.4/sys/kern/kern_exec.c Tue Jun 3 19:03:11 2014 (r267018)
+++ releng/8.4/sys/kern/kern_exec.c Tue Jun 3 19:03:23 2014 (r267019)
@@ -278,6 +278,7 @@ kern_execve(td, args, mac_p)
struct mac *mac_p;
{
struct proc *p = td->td_proc;
+ struct vmspace *oldvmspace;
int error;
AUDIT_ARG_ARGV(args->begin_argv, args->argc,
@@ -294,6 +295,8 @@ kern_execve(td, args, mac_p)
PROC_UNLOCK(p);
}
+ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve"));
+ oldvmspace = td->td_proc->p_vmspace;
error = do_execve(td, args, mac_p);
if (p->p_flag & P_HADTHREADS) {
@@ -308,6 +311,12 @@ kern_execve(td, args, mac_p)
thread_single_end();
PROC_UNLOCK(p);
}
+ if ((td->td_pflags & TDP_EXECVMSPC) != 0) {
+ KASSERT(td->td_proc->p_vmspace != oldvmspace,
+ ("oldvmspace still used"));
+ vmspace_free(oldvmspace);
+ td->td_pflags &= ~TDP_EXECVMSPC;
+ }
return (error);
}
Modified: releng/8.4/sys/kern/kern_ktrace.c
==============================================================================
--- releng/8.4/sys/kern/kern_ktrace.c Tue Jun 3 19:03:11 2014 (r267018)
+++ releng/8.4/sys/kern/kern_ktrace.c Tue Jun 3 19:03:23 2014 (r267019)
@@ -117,6 +117,7 @@ static int data_lengths[] = {
0, /* KTR_SYSCTL */
sizeof(struct ktr_proc_ctor), /* KTR_PROCCTOR */
0, /* KTR_PROCDTOR */
+ 0, /* unused */
sizeof(struct ktr_fault), /* KTR_FAULT */
sizeof(struct ktr_faultend), /* KTR_FAULTEND */
};
Modified: releng/8.4/sys/sys/proc.h
==============================================================================
--- releng/8.4/sys/sys/proc.h Tue Jun 3 19:03:11 2014 (r267018)
+++ releng/8.4/sys/sys/proc.h Tue Jun 3 19:03:23 2014 (r267019)
@@ -938,4 +938,5 @@ curthread_pflags_restore(int save)
#endif /* _KERNEL */
+#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */
#endif /* !_SYS_PROC_H_ */
Modified: releng/8.4/sys/vm/vm_map.c
==============================================================================
--- releng/8.4/sys/vm/vm_map.c Tue Jun 3 19:03:11 2014 (r267018)
+++ releng/8.4/sys/vm/vm_map.c Tue Jun 3 19:03:23 2014 (r267019)
@@ -3521,6 +3521,8 @@ vmspace_exec(struct proc *p, vm_offset_t
struct vmspace *oldvmspace = p->p_vmspace;
struct vmspace *newvmspace;
+ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0,
+ ("vmspace_exec recursed"));
newvmspace = vmspace_alloc(minuser, maxuser);
if (newvmspace == NULL)
return (ENOMEM);
@@ -3537,7 +3539,7 @@ vmspace_exec(struct proc *p, vm_offset_t
PROC_VMSPACE_UNLOCK(p);
if (p == curthread->td_proc)
pmap_activate(curthread);
- vmspace_free(oldvmspace);
+ curthread->td_pflags |= TDP_EXECVMSPC;
return (0);
}
More information about the svn-src-releng
mailing list