opnsense-src

mirror of https://github.com/opnsense/src.git synced 2026-02-21 17:00:58 -05:00

History

John Baldwin 8ce99bb405 Properly do a deep copy of the ioctls capability array for fget_cap(). fget_cap() tries to do a cheaper snapshot of a file descriptor without holding the file descriptor lock. This snapshot does not do a deep copy of the ioctls capability array, but instead uses a different return value to inform the caller to retry the copy with the lock held. However, filecaps_copy() was returning 1 to indicate that a retry was required, and fget_cap() was checking for 0 (actually '!filecaps_copy()'). As a result, fget_cap() did not do a deep copy of the ioctls array and just reused the original pointer. This cause multiple file descriptor entries to think they owned the same pointer and eventually resulted in duplicate frees. The only code path that I'm aware of that triggers this is to create a listen socket that has a restricted list of ioctls and then call accept() which calls fget_cap() with a valid filecaps structure from getsock_cap(). To fix, change the return value of filecaps_copy() to return true if it succeeds in copying the caps and false if it fails because the lock is required. I find this more intuitive than fixing the caller in this case. While here, change the return type from 'int' to 'bool'. Finally, make filecaps_copy() more robust in the failure case by not copying any of the source filecaps structure over. This avoids the possibility of leaking a pointer into a structure if a similar future caller doesn't properly handle the return value from filecaps_copy() at the expense of one more branch. I also added a test case that panics before this change and now passes. Reviewed by: kib Discussed with: mjg (not a fan of the extra branch) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D15047		2018-04-17 18:07:40 +00:00
..
amd64	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
arm	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
arm64	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
bsm
cam	Just assert that the lock is held here, rather than taking it out and	2018-04-13 16:45:35 +00:00
cddl	9433 Fix ARC hit rate	2018-04-16 00:54:58 +00:00
compat	linuxulator: deduplicate linux_exec_imgact_try	2018-04-09 17:24:01 +00:00
conf	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
contrib	Import CK as of commit b19ed4c6a56ec93215ab567ba18ba61bf1cfbac8	2018-04-02 23:40:50 +00:00
crypto	opencrypto: Integrate Chacha20 algorithm into OCF	2018-03-29 04:02:50 +00:00
ddb	Restore db_radix on parse error, otherwise we'll silently change it to	2018-04-17 15:44:05 +00:00
dev	Restore SIOCGI2C functionality to ixgbe	2018-04-17 16:51:27 +00:00
dts	Convert atse(4) driver for Altera Triple-Speed Ethernet MegaCore to use	2018-04-13 15:59:24 +00:00
fs	Move most of the contents of opt_compat.h to opt_global.h.	2018-04-06 17:35:35 +00:00
gdb	amd64: Protect the kernel text, data, and BSS by setting the RW/NX bits	2018-03-06 14:28:37 +00:00
geom	Annotate geom modules with MODULE_VERSION	2018-04-10 19:18:16 +00:00
gnu	bwn(4): txpid2g/txpid5g[lh] are not defined after sromrev 7; the default	2018-02-13 17:43:54 +00:00
i386	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
isa	Revert r330780, it was improperly tested and results in taking a spin	2018-03-11 20:13:15 +00:00
kern	Properly do a deep copy of the ioctls capability array for fget_cap().	2018-04-17 18:07:40 +00:00
kgssapi	kgssapi: Remove trivial deadcode	2018-02-14 00:12:03 +00:00
libkern	iconv uses strlen directly on user supplied memory	2018-02-26 18:23:36 +00:00
mips	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
modules	Add PNP info to the PCI attahement of the puc driver.	2018-04-17 16:46:08 +00:00
net	Remove support for the Arcnet protocol.	2018-04-13 21:18:04 +00:00
net80211	Use an accessor function to access ifr_data.	2018-03-30 18:50:13 +00:00
netgraph	Correct pseudo misspelling in sys/ comments	2018-02-23 18:15:50 +00:00
netinet	Remove support for the Arcnet protocol.	2018-04-13 21:18:04 +00:00
netinet6	Remove support for the Arcnet protocol.	2018-04-13 21:18:04 +00:00
netipsec	Set the proper vnet in IPsec callback functions.	2018-03-20 17:05:23 +00:00
netpfil	To avoid possible deadlock do not acquire JQUEUE_LOCK before callout_drain.	2018-04-13 10:03:30 +00:00
netsmb	Unsign some values related to allocation.	2018-01-22 02:08:10 +00:00
nfs	Remove support for FDDI networks.	2018-04-11 17:28:24 +00:00
nfsclient	style: Remove remaining deprecated MALLOC/FREE macros	2018-01-25 22:25:13 +00:00
nfsserver
nlm	Use syscall_helper_register() to register syscalls and initialize though	2018-02-10 01:09:22 +00:00
ofed	Improve copy-and-pasted versions of SIOCGIFADDR.	2018-03-27 20:51:49 +00:00
opencrypto	Move most of the contents of opt_compat.h to opt_global.h.	2018-04-06 17:35:35 +00:00
powerpc	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
riscv	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
rpc	Do pass removing some write-only variables from the kernel.	2017-12-25 04:48:39 +00:00
security	Use an accessor function to access ifr_data.	2018-03-30 18:50:13 +00:00
sparc64	Remove the unused fuwintr() and suiwintr() functions.	2018-04-17 18:04:28 +00:00
sys	Properly do a deep copy of the ioctls capability array for fget_cap().	2018-04-17 18:07:40 +00:00
teken	Pedantic polishing of code to please FlexeLint.	2018-04-08 19:23:50 +00:00
tests
tools	Add dtb overlays support	2018-03-24 21:30:24 +00:00
ufs	Renumber soft-update types starting at 1 instead of 0 to avoid confusion	2018-04-05 00:32:01 +00:00
vm	Handle Skylake-X errata SKZ63.	2018-04-07 17:06:13 +00:00
x86	cpufreq: Remove error-prone table terminators in favor of automatic sizing	2018-04-14 03:15:05 +00:00
xdr
xen
Makefile