Home | History | Annotate | Download | only in amd64
History log of /src/sys/compat/linux/arch/amd64/linux_machdep.c
RevisionDateAuthorComments
 1.62  01-Oct-2024  riastradh sys/compat/linux/arch: Nix trailing whitespace.

No functional change intended.
 1.61  27-Oct-2021  thorpej Use __SIGTRAMP_SIGCODE_VERSION rather than hard-coding 0.
 1.60  07-Sep-2021  riastradh sys/compat: Memset zero before copyout.

Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
 1.59  23-Aug-2019  maxv Remove printf.
 1.58  19-May-2019  maxv branches: 1.58.2;
Rename

fpu_save_area_clear -> fpu_clear
fpu_save_area_reset -> fpu_sigreset

Clearer, and reduces a future diff. No real functional change.
 1.57  24-Mar-2019  maxv Fix a tiny race in setregs and linux_setregs. Between the moment we set
pcb_flags to zero, and the moment cpu_segregs64_zero resets pcb_gs, we may
be preempted.

If this happens, and if the calling LWP was a 32bit thread, when switching
back to that LWP, the context switcher sees that PCB_COMPAT32 is not set in
pcb_flags and tries to perform a 64bit context switch; but pcb_gs contains
a 32bit GDT descriptor, and not a 64bit GS.base value. The wrmsr therefore
faults because the value is non-canonical, and this fault is fatal.

Rearrange the code so that the update of pcb_flags and pcb_gs/pcb_fs is non
interruptible. This fixes the problem, tested with a reproducer (which
therefore doesn't work anymore).

Likely fixes PR/53993.
 1.56  01-Jan-2018  maxv branches: 1.56.4;
Use the default %cs, and mask the other segregs.
 1.55  21-Oct-2017  maxv Include opt_user_ldt.h when needed.
 1.54  19-Oct-2017  maxv Always mask the 16 bits of the segregs in the trapframe. We don't zero-
extend the uint64_t's when building it, so we're leaking 48 bits of kernel
stack to userland.

Having said that, it appears that I unintentionally fixed most of this
issue in locore.S::rev1.127 - by building the frame with interrupts
disabled, we are implicitly guaranteeing that the structure doesn't get
overwritten by the kernel. Which means, we are leaking to userland data
that comes from userland anyway.

(still other places with this issue, but I'll fix them differently)
 1.53  15-Oct-2017  maxv Use two separate functions: cpu_segregs32_zero and cpu_segregs64_zero. The
way segment registers work on amd64 will diverge between 32bit and 64bit
LWPs.
 1.52  14-Jul-2017  maxv Don't forget to clean l_md.md_flags, otherwise there may be MDL_COMPAT32,
in which case the kernel would always use iret (slower).
 1.51  13-Feb-2017  maxv branches: 1.51.4; 1.51.6;
Make sure %rip is in userland. This is harmless, since the return to
userland is made with iret instead of sysret in this path. While here, use
size_t.
 1.50  13-Feb-2017  maxv Don't let userland choose %rip. This is the Intel Sysret vulnerability
again.
 1.49  05-Feb-2017  maxv Missing pmap_ldt_cleanup.
 1.48  19-Feb-2014  dsl branches: 1.48.4; 1.48.6; 1.48.8; 1.48.10; 1.48.12; 1.48.14;
Don't rely on pcb.h including x86/include/sysarch.h
 1.47  15-Feb-2014  dsl Remove all references to MDL_USEDFPU and deferred fpu initialisation.
The cost of zeroing the save area on exec is minimal.
This stops the FP registers of a random process being used the first
time an lwp uses the fpu.
sendsig_siginfo() and get_mcontext() now unconditionally copy the FP
registers.
I'll remove the double-copy for signal handlers soon.
get_mcontext() might have been leaking kernel memory to userspace - and
may still do so if i386_use_fxsave is false (short copies).
 1.46  11-Feb-2014  dsl Move sys/arch/amd64/amd64/fpu.c and sys/arch/amd64/include/fpu.h
into sys/arch/x86 in preparation for using the same code for i386.
 1.45  07-Feb-2014  dsl Convert the amd64 build to use x86/cpu_extended_state.h so that the fpu
definitions match those of i386.
Mostly just structure and field renames, in addition:
1) process_xmm_to_s87() and process_s87_to_xmm() moved into
x86/convert_xmm_s87.c so they can be used by amd64's netbsd32 code.
2) The linux signal code simplified to use a structure copy for ths fxsave
data - it matches the hardware definition and won't change.
 1.44  04-Jan-2014  dsl Remove __HAVE_PROCESS_XFPREGS and add the extra parameter for the size
of the fp save area to all the process_read_fpregs() and
process_write_fpregs() functions.
None of the functions have been modified to use the new parameters.
The size is set for all the writes, but some of the arch-specific reads
just pass NULL.
The amd64 (and i386) need variable sized fp register save areas in order
to support AVX and other enhanced register areas.
These functions are rarely called - so the extra argument won't matter.
 1.43  01-Dec-2013  christos revert fpu/pcu changes until we figure out what's wrong; they cause random
freezes
 1.42  18-Nov-2013  chs initialize %ds to something valid to help ptrace().
 1.41  23-Oct-2013  drochner Use the MI "pcu" framework for bookkeeping of npx/fpu states on x86.
This reduces the amount of MD code enormously, and makes it easier
to implement support for newer CPU features which require more fpu
state, or for fpu usage by the kernel.
For access to FPU state across CPUs, an xcall kthread is used now
rather than a dedicated IPI.
No user visible changes intended.
 1.40  08-Jul-2012  dsl branches: 1.40.2; 1.40.4;
The MDP_USEDFPU (amd64 and sh3) and MDP_SSTEP (sh3) are lwp flags not
process ones, rename to MDL_xxx.
 1.39  18-Nov-2011  christos branches: 1.39.6; 1.39.10; 1.39.12;
- add sigtimedwait support.
- merge the siginfo population code.
 1.38  07-Jul-2010  chs branches: 1.38.8;
many changes for COMPAT_LINUX:
- update the linux syscall table for each platform.
- support new-style (NPTL) linux pthreads on all platforms.
clone() with CLONE_THREAD uses 1 process with many LWPs
instead of separate processes.
- move the contents of sys__lwp_setprivate() into a new
lwp_setprivate() and use that everywhere.
- update linux_release[] and linux32_release[] to "2.6.18".
- adjust placement of emul fork/exec/exit hooks as needed
and adjust other emul code to match.
- convert all struct emul definitions to use named initializers.
- change the pid allocator to allow multiple pids to refer to the same proc.
- remove a few fields from struct proc that are no longer needed.
- disable the non-functional "vdso" code in linux32/amd64,
glibc works fine without it.
- fix a race in the futex code where we could miss a wakeup after
a requeue operation.
- redo futex locking to be a little more efficient.
 1.37  23-Nov-2009  rmind branches: 1.37.2; 1.37.4;
Use lwp_getpcb() in compat code, clean from struct user.
 1.36  29-May-2009  njoly Add native to linux siginfo si_status translation, used on i386 and
amd64.
 1.35  18-Mar-2009  cegger bzero -> memset
 1.34  26-Oct-2008  christos branches: 1.34.2; 1.34.8;
catch up with i386 changes.
 1.33  19-Oct-2008  njoly Add native to linux siginfo si_code translation, mostly for negative
values. Adjust amd64 and i386 accordingly, not sure about aother archs
i can't test.
 1.32  18-Sep-2008  christos Define a PSL_CLEARSIG macro for the psl flags to be cleared on signal delivery
and use it everywhere.
 1.31  01-Aug-2008  jmcneill linux_sys_rt_sigreturn: properly restore stack flags, pointed out by
Juan RP and modified by myself. ok christos@
 1.30  11-May-2008  jmcneill branches: 1.30.4;
Pull in machine/cpufunc.h for wrmsr definition.
 1.29  24-Apr-2008  ad branches: 1.29.2; 1.29.4;
Merge proc::p_mutex and proc::p_smutex into a single adaptive mutex, since
we no longer need to guard against access from hardware interrupt handlers.

Additionally, if cloning a process with CLONE_SIGHAND, arrange to have the
child process share the parent's lock so that signal state may be kept in
sync. Partially addresses PR kern/37437.
 1.28  05-Jan-2008  dsl branches: 1.28.6; 1.28.8;
Use the new names (_REG_RFLAGS and _REG_RSP) for the indexes of __gregs[]
which match the names of in the trapframe and .S code.
 1.27  20-Dec-2007  dsl Convert all the system call entry points from:
int foo(struct lwp *l, void *v, register_t *retval)
to:
int foo(struct lwp *l, const struct foo_args *uap, register_t *retval)
Fixup compat code to not write into 'uap' and (in some cases) to actually
pass a correctly formatted 'uap' structure with the right name to the
next routine.
A few 'compat' routines that just call standard ones have been deleted.
All the 'compat' code compiles (along with the kernels required to test
build it).
98% done by automated scripts.
 1.26  08-Dec-2007  dsl branches: 1.26.4;
ANSIfy most of the function definitions in sys/compat (but not ndis).
All by the magic of sed ...
 1.25  19-Oct-2007  njoly branches: 1.25.2; 1.25.4;
Add compat_linux and exec_linux_elf lkm support for amd64:
- Add needed COMPAT_OSSAUDIO to GENERIC.
- Add missing includes needed by linux_syscallargs.h.
- Add lkm building.
 1.24  03-Oct-2007  ad branches: 1.24.2;
fxsave() is a function, don't re-use the name.
 1.23  24-May-2007  njoly branches: 1.23.6; 1.23.8; 1.23.10;
Fix restart of interrupted system calls.

- Make linux_sys_rt_sigreturn() return EJUSTRETURN on success.
- Add missing rax to linux_sigcontext structure; and save/restore
its value like other members in linux_sendsig()/linux_sys_rt_sigreturn().

With valuable help from manu.
 1.22  21-May-2007  christos rename si_sigval -> si_value to match POSIX RTS.
 1.21  14-Mar-2007  manu Add ptmx fakedevice hack for amd64
Fix a bug in ioctl handling
 1.20  05-Mar-2007  christos branches: 1.20.2; 1.20.4;
more caddr_t lossage.
 1.19  04-Mar-2007  christos Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
 1.18  17-Feb-2007  pavel Change the process/lwp flags seen by userland via sysctl back to the
P_*/L_* naming convention, and rename the in-kernel flags to avoid
conflict. (P_ -> PK_, L_ -> LW_ ). Add back the (now unused) LSDEAD
constant.

Restores source compatibility with pre-newlock2 tools like ps or top.

Reviewed by Andrew Doran.
 1.17  15-Feb-2007  ad branches: 1.17.2;
Fix Linux compat on amd64.
 1.16  09-Feb-2007  ad Merge newlock2 to head.
 1.15  20-Sep-2006  manu branches: 1.15.2;
Proprely convert devices on amd64
 1.14  23-Aug-2006  manu branches: 1.14.2; 1.14.4;
1) Complete Linux exit_group() emulation
Members of the thread group must die without reporting to the parent and
without going to zombie stage. We do that by reparenting to init before
catching a SIGKILL. The parent will not see the child death.

The thread group leader must report the exit status, even if it exits
because of another thread calling exit_group(). We do that by storing the
exit status in struct linux_emuldata_shared, and the exit hook has the
duty of setting struct proc's p_xstat for the thread group leader.

2) For exit/fork/exec hooks, move the NPTL specific code to separate functions
that are shared between COMPAT_LINUX and COMPAT_LINUX32

3) Fix LINUX_CLONE_PARENT_SETTID semantics
 1.13  16-Dec-2005  christos branches: 1.13.4; 1.13.8;
PR/32303: Nicolas Joly: Fix -current amd64 kernel compilation failure with
options COMPAT_LINUX
 1.12  11-Dec-2005  christos merge ktrace-lwp.
 1.11  05-Nov-2005  manu branches: 1.11.2;
Instead of ifdef'ing __amd64__ all the Linux NPTL stuff, introduce an
ifdef LINUX_NPTL.
Also implement SETTLS flag to Linux clone()
 1.10  04-Nov-2005  manu build fix
 1.9  24-Jun-2005  manu branches: 1.9.2;
More accurate SIGCHLD code and status for siginfo
 1.8  22-Jun-2005  manu Fix siginfo to return the right child's status.
 1.7  22-Jun-2005  manu Implent CLONE_PARENT_SETTID, CLONE_CHILD_CLEARTID, and CLONE_CHILD_SETTID
options to clone(). This makes fork() work on amd64.

clone() prototype has changed and the changes is probably revelant on some
other arches.
 1.6  22-May-2005  fvdl sigreturn doesn't take arguments. Instead, find out where the signal
frame is from the stack pointer in the frame frame.

Also, don't forget to copy %rip back in.
 1.5  22-May-2005  fvdl Use a modified buildcontext function for Linux signals. It doesn't set
the unused segment registers, it just uses the already used values.
 1.4  20-May-2005  fvdl Define linux_usertrap function, and set it in struct emul. For all
but amd64, it just returns 0, doing nothing.

For amd64, it implements vsyscalls through cheating: if the faulting
address is in the vsyscall area (which is statically known on Linux/amd64),
and the intruction pointer is too, it must have been a vsyscall. In that
case, retrieve the return address from the user stack, fix up %rip and
%rsp, and just execute the normal system call. It will return as if
the vsyscall has been executed.
 1.3  19-May-2005  manu Add support for Linux SA_RESTORER on amd64.
 1.2  15-May-2005  fvdl Make the arch_prctl system call use the saved %gs and %fs mechanism.
 1.1  03-May-2005  manu First work on COMPAT_LINUX/amd64
Process startup and dynamiclinking work, but processes hang due to
Linux arch_prctl(2) not being really supported yet.
 1.9.2.6  21-Jan-2008  yamt sync with head
 1.9.2.5  27-Oct-2007  yamt sync with head.
 1.9.2.4  03-Sep-2007  yamt sync with head.
 1.9.2.3  26-Feb-2007  yamt sync with head.
 1.9.2.2  30-Dec-2006  yamt sync with head.
 1.9.2.1  21-Jun-2006  yamt sync with head.
 1.11.2.2  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.11.2.1  05-Nov-2005  skrll file linux_machdep.c was added on branch ktrace-lwp on 2005-11-10 14:00:59 +0000
 1.13.8.1  03-Sep-2006  yamt sync with head.
 1.13.4.1  09-Sep-2006  rpaulo sync with head
 1.14.4.1  22-Oct-2006  yamt sync with head
 1.14.2.2  06-Feb-2007  ad More compat changes.

XXX compat_irix, compat_mach and compat_darwin need work.
 1.14.2.1  18-Nov-2006  ad Sync with head.
 1.15.2.2  30-May-2007  riz Pull up following revision(s) (requested by njoly in ticket #673):
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.23
sys/compat/linux/arch/amd64/linux_machdep.h: revision 1.9
Fix restart of interrupted system calls.
- Make linux_sys_rt_sigreturn() return EJUSTRETURN on success.
- Add missing rax to linux_sigcontext structure; and save/restore
its value like other members in linux_sendsig()/linux_sys_rt_sigreturn().
With valuable help from manu.
 1.15.2.1  13-May-2007  pavel branches: 1.15.2.1.2;
Pull up following revision(s) (requested by manu in ticket #637):
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.21
sys/compat/linux/arch/amd64/linux_machdep.h: revision 1.7
sys/compat/linux/common/linux_termios.c: revision 1.30
Add ptmx fakedevice hack for amd64
Fix a bug in ioctl handling
 1.15.2.1.2.1  04-Jun-2007  wrstuden Update to today's netbsd-4.
 1.17.2.3  24-Mar-2007  yamt sync with head.
 1.17.2.2  12-Mar-2007  rmind Sync with HEAD.
 1.17.2.1  27-Feb-2007  yamt - sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
 1.20.4.1  11-Jul-2007  mjf Sync with head.
 1.20.2.3  09-Oct-2007  ad Sync with head.
 1.20.2.2  27-May-2007  ad Sync with head.
 1.20.2.1  10-Apr-2007  ad Sync with head.
 1.23.10.1  06-Oct-2007  yamt sync with head.
 1.23.8.2  09-Jan-2008  matt sync with HEAD
 1.23.8.1  06-Nov-2007  matt sync with HEAD
 1.23.6.3  09-Dec-2007  jmcneill Sync with HEAD.
 1.23.6.2  26-Oct-2007  joerg Sync with HEAD.

Follow the merge of pmap.c on i386 and amd64 and move
pmap_init_tmp_pgtbl into arch/x86/x86/pmap.c. Modify the ACPI wakeup
code to restore CR4 before jumping back into kernel space as the large
page option might cover that.
 1.23.6.1  04-Oct-2007  joerg Sync with HEAD.
 1.24.2.1  25-Oct-2007  bouyer Sync with HEAD.
 1.25.4.1  26-Dec-2007  ad Sync with head.
 1.25.2.1  18-Feb-2008  mjf Sync with HEAD.
 1.26.4.2  08-Jan-2008  bouyer Sync with HEAD
 1.26.4.1  02-Jan-2008  bouyer Sync with HEAD
 1.28.8.1  18-May-2008  yamt sync with head.
 1.28.6.3  17-Jan-2009  mjf Sync with HEAD.
 1.28.6.2  28-Sep-2008  mjf Sync with HEAD.
 1.28.6.1  02-Jun-2008  mjf Sync with HEAD.
 1.29.4.5  24-Sep-2008  wrstuden Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
 1.29.4.4  18-Sep-2008  wrstuden Sync with wrstuden-revivesa-base-2.
 1.29.4.3  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.29.4.2  14-May-2008  wrstuden Per discussion with ad at n dot o, revert signal mask handling
changes.

The l_sigstk changes are most likely totally un-needed as SA will
never use a signal stack - we send an upcall (or will as other
diffs are brought in).

The l_sigmask changes were too controvertial. In all honesty, I
think it's probably best to revert them. The main reason they were
there is the fact that in an SA process, we don't mask signals per
kernel thread, we mask them per user thread. In the kernel, we want
them all to get turned into upcalls. Thus the normal state of
l_sigmask in an SA process is for it to always be empty.

While we are in the process of delivering a signal, we want to
temporarily mask a signal (so we don't recursively exhaust our
upcall stacks). However signal delivery is rare (important, but
rare), and delivering back-to-back signals is even rarer. So rather
than cause every user of a signal mask to be prepared for this very
rare case, we will just add a second check later in the signal
delivery code. Said change is not in this diff.

This also un-compensates all of our compatability code for dealing
with SA. SA is a NetBSD-specific thing, so there's no need for
Irix, Linux, Solaris, SVR4 and so on to cope with it.

As previously, everything other than kern_sa.c compiles in i386
GENERIC as of this checkin. I will switch to ALL soon for compile
testing.
 1.29.4.1  10-May-2008  wrstuden Initial checkin of re-adding SA. Everything except kern_sa.c
compiles in GENERIC for i386. This is still a work-in-progress, but
this checkin covers most of the mechanical work (changing signalling
to be able to accomidate SA's process-wide signalling and re-adding
includes of sys/sa.h and savar.h). Subsequent changes will be much
more interesting.

Also, kern_sa.c has received partial cleanup. There's still more
to do, though.
 1.29.2.5  11-Aug-2010  yamt sync with head.
 1.29.2.4  11-Mar-2010  yamt sync with head
 1.29.2.3  20-Jun-2009  yamt sync with head
 1.29.2.2  04-May-2009  yamt sync with head.
 1.29.2.1  16-May-2008  yamt sync with head.
 1.30.4.2  13-Dec-2008  haad Update haad-dm branch to haad-dm-base2.
 1.30.4.1  19-Oct-2008  haad Sync with HEAD.
 1.34.8.2  23-Jul-2009  jym Sync with HEAD.
 1.34.8.1  13-May-2009  jym Sync with HEAD.

Commit is split, to avoid a "too many arguments" protocol error.
 1.34.2.1  28-Apr-2009  skrll Sync with HEAD.
 1.37.4.1  05-Mar-2011  rmind sync with head
 1.37.2.1  17-Aug-2010  uebayasi Sync with HEAD.
 1.38.8.3  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.38.8.2  30-Oct-2012  yamt sync with head
 1.38.8.1  17-Apr-2012  yamt sync with head
 1.39.12.1  14-Feb-2017  snj Pull up following revision(s) (requested by maxv in ticket #1433):
sys/compat/linux/arch/amd64/linux_machdep.c: 1.50, 1.51
Don't let userland choose %rip. This is the Intel Sysret vulnerability
again.
--
Make sure %rip is in userland. This is harmless, since the return to
userland is made with iret instead of sysret in this path. While here, use
size_t.
 1.39.10.1  14-Feb-2017  snj Pull up following revision(s) (requested by maxv in ticket #1433):
sys/compat/linux/arch/amd64/linux_machdep.c: 1.50, 1.51
Don't let userland choose %rip. This is the Intel Sysret vulnerability
again.
--
Make sure %rip is in userland. This is harmless, since the return to
userland is made with iret instead of sysret in this path. While here, use
size_t.
 1.39.6.1  14-Feb-2017  snj Pull up following revision(s) (requested by maxv in ticket #1433):
sys/compat/linux/arch/amd64/linux_machdep.c: 1.50, 1.51
Don't let userland choose %rip. This is the Intel Sysret vulnerability
again.
--
Make sure %rip is in userland. This is harmless, since the return to
userland is made with iret instead of sysret in this path. While here, use
size_t.
 1.40.4.1  18-May-2014  rmind sync with head
 1.40.2.2  03-Dec-2017  jdolecek update from HEAD
 1.40.2.1  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.48.14.1  21-Apr-2017  bouyer Sync with HEAD
 1.48.12.1  13-Mar-2017  skrll Sync with netbsd-7-1-RELEASE
 1.48.10.2  20-Mar-2017  pgoyette Sync with HEAD
 1.48.10.1  20-Jul-2016  pgoyette Adapt machine-independant code to the new {b,c}devsw reference-counting
(using localcount(9)). All callers of {b,c}devsw_lookup() now call
{b,c}devsw_lookup_acquire() which retains a reference on the 'struct
{b,c}devsw'. This reference must be released by the caller once it is
finished with the structure's content (or other data that would disappear
if the 'struct {b,c}devsw' were to disappear).
 1.48.8.1  14-Feb-2017  snj Pull up following revision(s) (requested by maxv in ticket #1359):
sys/compat/linux/arch/amd64/linux_machdep.c: 1.50, 1.51
Don't let userland choose %rip. This is the Intel Sysret vulnerability
again.
--
Make sure %rip is in userland. This is harmless, since the return to
userland is made with iret instead of sysret in this path. While here, use
size_t.
 1.48.6.1  28-Aug-2017  skrll Sync with HEAD
 1.48.4.2  21-Jan-2020  martin Pull up the following, requested by christos in ticket #1720:

sys/compat/common/kern_sig_43.c 1.36
sys/compat/linux/arch/amd64/linux_machdep.c 1.59
sys/compat/linux/common/linux_fcntl.h 1.18
sys/compat/linux/common/linux_file64.c 1.62
sys/compat/linux/common/linux_ipc.c 1.57
sys/compat/linux/common/linux_misc.c 1.243
sys/compat/linux/common/linux_signal.c 1.81
sys/compat/linux/common/linux_socket.c 1.149 (patch)
sys/compat/linux/common/linux_socket.h 1.24
sys/compat/linux/common/linux_statfs.h 1.7
sys/compat/linux/common/linux_termios.c 1.38
sys/compat/linux/common/linux_termios.h 1.22
sys/compat/linux32/common/linux32_dirent.c 1.20
sys/compat/linux32/common/linux32_ioctl.c 1.14
sys/compat/linux32/common/linux32_misc.c 1.27
sys/compat/linux32/common/linux32_signal.c 1.20
sys/compat/linux32/common/linux32_sysinfo.c 1.8
sys/compat/linux32/common/linux32_termios.c 1.15
sys/compat/linux32/common/linux32_utsname.c 1.10
sys/compat/netbsd32/netbsd32_compat_20.c 1.39
sys/compat/netbsd32/netbsd32_compat_43.c 1.59
sys/compat/netbsd32/netbsd32_compat_50.c 1.44
sys/compat/ossaudio/ossaudio.c 1.75
sys/kern/sysv_shm.c 1.138
sys/miscfs/procfs/procfs_linux.c 1.75 (patch)
sys/sys/shm.h 1.54 (patch)

Fix various info leaks, out of bound access, usage of uninitialized
values and direct access to userland variables from kernel space
and memory leaks in system calls implemented for the compatibility
subsystems.
 1.48.4.1  14-Feb-2017  snj branches: 1.48.4.1.2;
Pull up following revision(s) (requested by maxv in ticket #1359):
sys/compat/linux/arch/amd64/linux_machdep.c: revisions 1.50, 1.51
Don't let userland choose %rip. This is the Intel Sysret vulnerability
again.
--
Make sure %rip is in userland. This is harmless, since the return to
userland is made with iret instead of sysret in this path. While here, use
size_t.
 1.48.4.1.2.1  21-Jan-2020  martin Pull up the following, requested by christos in ticket #1720:

sys/compat/common/kern_sig_43.c 1.36
sys/compat/linux/arch/amd64/linux_machdep.c 1.59
sys/compat/linux/common/linux_fcntl.h 1.18
sys/compat/linux/common/linux_file64.c 1.62
sys/compat/linux/common/linux_ipc.c 1.57
sys/compat/linux/common/linux_misc.c 1.243
sys/compat/linux/common/linux_signal.c 1.81
sys/compat/linux/common/linux_socket.c 1.149 (patch)
sys/compat/linux/common/linux_socket.h 1.24
sys/compat/linux/common/linux_statfs.h 1.7
sys/compat/linux/common/linux_termios.c 1.38
sys/compat/linux/common/linux_termios.h 1.22
sys/compat/linux32/common/linux32_dirent.c 1.20
sys/compat/linux32/common/linux32_ioctl.c 1.14
sys/compat/linux32/common/linux32_misc.c 1.27
sys/compat/linux32/common/linux32_signal.c 1.20
sys/compat/linux32/common/linux32_sysinfo.c 1.8
sys/compat/linux32/common/linux32_termios.c 1.15
sys/compat/linux32/common/linux32_utsname.c 1.10
sys/compat/netbsd32/netbsd32_compat_20.c 1.39
sys/compat/netbsd32/netbsd32_compat_43.c 1.59
sys/compat/netbsd32/netbsd32_compat_50.c 1.44
sys/compat/ossaudio/ossaudio.c 1.75
sys/kern/sysv_shm.c 1.138
sys/miscfs/procfs/procfs_linux.c 1.75 (patch)
sys/sys/shm.h 1.54 (patch)

Fix various info leaks, out of bound access, usage of uninitialized
values and direct access to userland variables from kernel space
and memory leaks in system calls implemented for the compatibility
subsystems.
 1.51.6.4  21-Jun-2023  martin Pull up following revision(s) (requested by riastradh in ticket #1836):

sys/compat/linux/arch/i386/linux_machdep.c: revision 1.168
sys/compat/sunos/sunos_misc.c: revision 1.177
sys/compat/netbsd32/netbsd32_compat_50.c: revision 1.52
sys/compat/common/kern_resource_43.c: revision 1.23
sys/compat/netbsd32/netbsd32_conv.h: revision 1.46
sys/compat/linux/arch/i386/linux_ptrace.c: revision 1.35
sys/compat/common/vfs_syscalls_12.c: revision 1.38
sys/compat/ultrix/ultrix_misc.c: revision 1.126
sys/compat/common/kern_sig_43.c: revision 1.37
sys/compat/linux/common/linux_mtio.c: revision 1.8
sys/compat/freebsd/freebsd_misc.c: revision 1.34
sys/compat/linux/common/linux_olduname.c: revision 1.67
sys/compat/linux/arch/mips/linux_machdep.c: revision 1.44
sys/compat/freebsd/freebsd_sched.c: revision 1.23
sys/compat/ossaudio/ossaudio.c: revision 1.84
sys/compat/sys/time_types.h: revision 1.6
sys/compat/linux/arch/powerpc/linux_machdep.c: revision 1.51
sys/compat/linux/common/linux_file.c: revision 1.119
sys/compat/linux/arch/arm/linux_machdep.c: revision 1.34
sys/compat/netbsd32/netbsd32_wait.c: revision 1.25
sys/compat/linux32/common/linux32_time.c: revision 1.38
sys/compat/linux/arch/powerpc/linux_ptrace.c: revision 1.33
sys/compat/linux/arch/alpha/linux_machdep.c: revision 1.52
sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.46
sys/compat/netbsd32/netbsd32_compat_12.c: revision 1.36
sys/compat/ultrix/ultrix_ioctl.c: revision 1.39
sys/compat/linux/common/linux_misc.c: revision 1.252
sys/compat/linux/common/linux_hdio.c: revision 1.19
sys/compat/sunos/sunos_ioctl.c: revision 1.71
sys/compat/linux/common/linux_sched.c: revision 1.79
sys/compat/common/kern_info_43.c: revision 1.40
sys/compat/linux32/common/linux32_exec_elf32.c: revision 1.20
sys/compat/linux/common/linux_socket.c: revision 1.153
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.60
sys/compat/common/vfs_syscalls_43.c: revision 1.68
sys/compat/linux/arch/powerpc/linux_exec_powerpc.c: revision 1.25
sys/compat/netbsd32/netbsd32_ptrace.c: revision 1.9
sys/compat/common/kern_time_50.c: revision 1.37
sys/compat/netbsd32/netbsd32_compat_20.c: revision 1.42
sys/compat/linux/common/linux_cdrom.c: revision 1.28
sys/compat/linux/arch/m68k/linux_machdep.c: revision 1.43
sys/compat/common/kern_info_09.c: revision 1.22
sys/compat/linux32/common/linux32_resource.c: revision 1.12
sys/compat/linux/common/linux_oldolduname.c: revision 1.67
sys/compat/netbsd32/netbsd32_nfssvc.c: revision 1.8
sys/compat/linux32/common/linux32_signal.c: revision 1.21
sys/compat/common/kern_sig_13.c: revision 1.22
sys/compat/sunos32/sunos32_ioctl.c: revision 1.36
sys/compat/netbsd32/netbsd32_compat_43.c: revision 1.62
sys/compat/linux/arch/arm/linux_ptrace.c: revision 1.23
sys/compat/netbsd32/netbsd32_time.c: revision 1.56
sys/compat/linux/common/linux_signal.c: revision 1.84
sys/compat/netbsd32/netbsd32_signal.c: revision 1.52
sys/compat/sunos32/sunos32_misc.c: revision 1.85
sys/compat/linux/common/linux_time.c: revision 1.40
sys/compat/linux/common/linux_fdio.c: revision 1.14
sys/compat/common/vfs_syscalls_30.c: revision 1.43

sys/compat: Memset zero before copyout.

Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
 1.51.6.3  21-Jan-2020  martin Pull up the following, requested by christos in ticket #1487:

sys/compat/common/kern_sig_43.c 1.36
sys/compat/linux/arch/amd64/linux_machdep.c 1.59
sys/compat/linux/common/linux_fcntl.h 1.18
sys/compat/linux/common/linux_file64.c 1.62
sys/compat/linux/common/linux_ipc.c 1.57
sys/compat/linux/common/linux_misc.c 1.243
sys/compat/linux/common/linux_signal.c 1.81
sys/compat/linux/common/linux_socket.c 1.149
sys/compat/linux/common/linux_socket.h 1.24
sys/compat/linux/common/linux_statfs.h 1.7
sys/compat/linux/common/linux_termios.c 1.38
sys/compat/linux/common/linux_termios.h 1.22
sys/compat/linux32/common/linux32_dirent.c 1.20
sys/compat/linux32/common/linux32_ioctl.c 1.14
sys/compat/linux32/common/linux32_misc.c 1.27
sys/compat/linux32/common/linux32_signal.c 1.20
sys/compat/linux32/common/linux32_sysinfo.c 1.8
sys/compat/linux32/common/linux32_termios.c 1.15
sys/compat/linux32/common/linux32_utsname.c 1.10
sys/compat/netbsd32/netbsd32_compat_20.c 1.39
sys/compat/netbsd32/netbsd32_compat_43.c 1.59
sys/compat/netbsd32/netbsd32_compat_50.c 1.44
sys/compat/ossaudio/ossaudio.c 1.75
sys/kern/sysv_shm.c 1.138
sys/miscfs/procfs/procfs_linux.c 1.75 (patch)
sys/sys/shm.h 1.54

Fix various info leaks, out of bound access, usage of uninitialized
values and direct access to userland variables from kernel space
and memory leaks in system calls implemented for the compatibility
subsystems.
 1.51.6.2  05-Apr-2019  martin Pull up following revision(s) (requested by maxv):

sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.120
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.57
sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.44
sys/arch/amd64/amd64/machdep.c: revision 1.328
sys/arch/amd64/amd64/machdep.c: revision 1.329

Fix a tiny race in setregs and linux_setregs. Between the moment we set
pcb_flags to zero, and the moment cpu_segregs64_zero resets pcb_gs, we may
be preempted.

If this happens, and if the calling LWP was a 32bit thread, when switching
back to that LWP, the context switcher sees that PCB_COMPAT32 is not set in
pcb_flags and tries to perform a 64bit context switch; but pcb_gs contains
a 32bit GDT descriptor, and not a 64bit GS.base value. The wrmsr therefore
faults because the value is non-canonical, and this fault is fatal.

Rearrange the code so that the update of pcb_flags and pcb_gs/pcb_fs is non
interruptible. This fixes the problem, tested with a reproducer (which
therefore doesn't work anymore).

Likely fixes PR/53993.

Disable preemption when setting PCB_COMPAT32, to prevent a context switch
before cpu_fsgs_reload() finishes, otherwise we write garbage in the GDT.

On NetBSD-current it is harmless, however in NetBSD-8 it might cause
panics, because NetBSD-8 uses the old SegRegs model and under this model
we reload %fs and %gs during switches.
 1.51.6.1  04-Sep-2017  snj Pull up following revision(s) (requested by maxv in ticket #257):
sys/compat/linux/arch/amd64/linux_machdep.c: 1.52
sys/arch/amd64/amd64/copy.S: 1.21-1.24
sys/arch/amd64/amd64/locore.S: 1.125
sys/arch/amd64/amd64/machdep.c: 1.256
Fix a bug in ucas_32 and ucas_64. There is a branch where they don't
initialize %rax.
--
style, reduces an incoming diff
00
Split comment, otherwise it is misleading. kcopy operates on kernel
memory, and must *not* be used with userland pages.
--
Move incq outside of the copy section. No functional change, reduces
my smap diff.
--
Remove dumb debug code and outdated comment.
--
Don't forget to clean l_md.md_flags, otherwise there may be MDL_COMPAT32,
in which case the kernel would always use iret (slower).
 1.51.4.1  27-Apr-2017  pgoyette Restore all work from the former pgoyette-localcount branch (which is
now abandoned doe to cvs merge botch).

The branch now builds, and installs via anita. There are still some
problems (cgd is non-functional and all atf tests time-out) but they
will get resolved soon.
 1.56.4.2  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.56.4.1  10-Jun-2019  christos Sync with HEAD
 1.58.2.2  03-Aug-2022  martin Pull up following revision(s), all via patch
(requested by riastradh in ticket #1487):

sys/compat/linux/arch/i386/linux_machdep.c: revision 1.168
sys/compat/sunos/sunos_misc.c: revision 1.177
sys/compat/netbsd32/netbsd32_compat_50.c: revision 1.52
sys/compat/common/kern_resource_43.c: revision 1.23
sys/compat/netbsd32/netbsd32_conv.h: revision 1.46
sys/compat/linux/arch/i386/linux_ptrace.c: revision 1.35
sys/compat/common/vfs_syscalls_12.c: revision 1.38
sys/compat/ultrix/ultrix_misc.c: revision 1.126
sys/compat/common/kern_sig_43.c: revision 1.37
sys/compat/linux/common/linux_mtio.c: revision 1.8
sys/compat/freebsd/freebsd_misc.c: revision 1.34
sys/compat/freebsd/freebsd_machdep.c: revision 1.5
sys/compat/linux/common/linux_olduname.c: revision 1.67
sys/compat/linux/arch/mips/linux_machdep.c: revision 1.44
sys/compat/freebsd/freebsd_sched.c: revision 1.23
sys/compat/ossaudio/ossaudio.c: revision 1.84
sys/compat/sys/time_types.h: revision 1.6
sys/compat/linux/arch/powerpc/linux_machdep.c: revision 1.51
sys/compat/common/ieee80211_20.c: revision 1.7
sys/compat/linux/common/linux_file.c: revision 1.119
sys/compat/linux/arch/arm/linux_machdep.c: revision 1.34
sys/compat/netbsd32/netbsd32_wait.c: revision 1.25
sys/compat/linux32/common/linux32_time.c: revision 1.38
sys/compat/linux/arch/powerpc/linux_ptrace.c: revision 1.33
sys/compat/linux/arch/alpha/linux_machdep.c: revision 1.52
sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.46
sys/compat/netbsd32/netbsd32_compat_12.c: revision 1.36
sys/compat/ultrix/ultrix_ioctl.c: revision 1.39
sys/compat/linux/common/linux_misc.c: revision 1.252
sys/compat/linux/common/linux_hdio.c: revision 1.19
sys/compat/sunos/sunos_ioctl.c: revision 1.71
sys/compat/linux/common/linux_sched.c: revision 1.79
sys/compat/common/kern_info_43.c: revision 1.40
sys/compat/linux32/common/linux32_exec_elf32.c: revision 1.20
sys/compat/linux/common/linux_socket.c: revision 1.153
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.60
sys/compat/common/vfs_syscalls_43.c: revision 1.68
sys/compat/linux/arch/powerpc/linux_exec_powerpc.c: revision 1.25
sys/compat/netbsd32/netbsd32_ptrace.c: revision 1.9
sys/compat/common/kern_time_50.c: revision 1.37
sys/compat/netbsd32/netbsd32_compat_20.c: revision 1.42
sys/compat/linux/common/linux_cdrom.c: revision 1.28
sys/compat/linux/arch/m68k/linux_machdep.c: revision 1.43
sys/compat/common/kern_info_09.c: revision 1.22
sys/compat/linux32/common/linux32_resource.c: revision 1.12
sys/compat/linux/common/linux_oldolduname.c: revision 1.67
sys/compat/common/if_media_80.c: revision 1.4
sys/compat/linux/arch/alpha/linux_osf1.c: revision 1.5
sys/compat/netbsd32/netbsd32_nfssvc.c: revision 1.8
sys/compat/linux32/common/linux32_signal.c: revision 1.21
sys/compat/common/kern_sig_13.c: revision 1.22
sys/compat/sunos32/sunos32_ioctl.c: revision 1.36
sys/compat/netbsd32/netbsd32_compat_43.c: revision 1.62
sys/compat/linux/arch/arm/linux_ptrace.c: revision 1.23
sys/compat/netbsd32/netbsd32_time.c: revision 1.56
sys/compat/linux/common/linux_signal.c: revision 1.84
sys/compat/netbsd32/netbsd32_signal.c: revision 1.52
sys/compat/sunos32/sunos32_misc.c: revision 1.85
sys/compat/linux/common/linux_time.c: revision 1.40
sys/compat/linux/common/linux_fdio.c: revision 1.14
sys/compat/common/vfs_syscalls_30.c: revision 1.43

sys/compat: Memset zero before copyout.

Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
 1.58.2.1  13-Sep-2019  martin Pull up following revision(s) (requested by maxv in ticket #194):

sys/compat/linux/common/linux_socket.c: revision 1.146
sys/compat/linux/common/linux_socket.c: revision 1.147
sys/compat/linux/common/linux_socket.c: revision 1.148
sys/compat/linux/common/linux_socket.c: revision 1.149
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.59
sys/compat/linux32/common/linux32_sysinfo.c: revision 1.8
sys/kern/sysv_shm.c: revision 1.138
sys/compat/linux/common/linux_file64.c: revision 1.61
sys/compat/linux/common/linux_file64.c: revision 1.62
sys/compat/netbsd32/netbsd32_compat_43.c: revision 1.58
sys/compat/linux32/common/linux32_dirent.c: revision 1.20
sys/compat/linux32/common/linux32_utsname.c: revision 1.10
sys/compat/linux/common/linux_termios.h: revision 1.22
sys/compat/linux32/common/linux32_termios.c: revision 1.15
sys/compat/linux32/common/linux32_misc.c: revision 1.27
sys/compat/linux32/common/linux32_ioctl.c: revision 1.14
sys/compat/linux/common/linux_statfs.h: revision 1.7
sys/compat/linux/common/linux_ipc.c: revision 1.57
sys/compat/linux/common/linux_fcntl.h: revision 1.18
sys/compat/linux/common/linux_socket.h: revision 1.24
sys/sys/shm.h: revision 1.54
sys/compat/ossaudio/ossaudio.c: revision 1.75
sys/compat/linux32/common/linux32_signal.c: revision 1.20
sys/miscfs/procfs/procfs_linux.c: revision 1.75
sys/compat/linux/common/linux_signal.c: revision 1.81
sys/compat/linux/common/linux_termios.c: revision 1.38
sys/compat/linux/common/linux_misc.c: revision 1.241
sys/compat/linux/common/linux_misc.c: revision 1.242
sys/compat/linux/common/linux_misc.c: revision 1.243
sys/compat/linux/common/linux_misc.c: revision 1.244

Fix info leaks.

Fix stupid bugs in linux_sys_shmctl(): the index could be out of bound
(page fault) and there was no proper locking.
Maybe we should just remove LINUX_SHM_STAT, like compat_linux32.

Remove printf.

When dealing with an unknown value, set -1, to prevent (harmless)
uninitialized accesses later.

Add a default case, don't call sys_ioctl() with an uninitialized 'com'
argument.

Fix error handling, returns an errno, not -1.

Put the printf under DEBUG_LINUX.


Hum, don't forget the 'pid' argument, otherwise we're not gonna go very
far.

Don't read data from userland directly. This simply does not work on any
recent x86 CPU (thanks to SMAP) and all architectures that forbid direct
access to userland from the kernel. But I guess no one noticed because no
one ever uses compat_linux, right?

Hum, don't pass an mbuf to realloc(). Inspired from copyin32_msg_control().

Fix memory leak.

I don't see the point in having this useless printf, but add a '\n' to it,
so that it at least displays useless stuff correctly.

Hum, remove incorrect assignment. Userland could have passed a smaller
namelen, and the uninitialized bytes from sb_data were being used later in
the network stack.

RSS XML Feed