aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Johnston <markj@FreeBSD.org>2018-11-28 17:31:34 +0000
committerMark Johnston <markj@FreeBSD.org>2018-11-28 17:31:34 +0000
commit80dcfd1eb482abc684c606db2e74b52b87618741 (patch)
tree85a34f096959222ba02678e83e70b378f19dffe1
parentdb07df555d03292926b6afc995aa650256f08426 (diff)
MFstable/12 r341075:
Plug some kernel memory disclosures via kevent(2). Approved by: re (gjb)
Notes
Notes: svn path=/releng/12.0/; revision=341155
Diffstat
-rw-r--r--sys/kern/kern_event.c3
-rw-r--r--sys/kern/vfs_aio.c2
2 files changed, 4 insertions, 1 deletions
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index cc2b1ebb1bc7..534fa95fc84b 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -535,8 +535,9 @@ knote_fork(struct knlist *list, int pid)
if (list == NULL)
return;
- list->kl_lock(list->kl_lockarg);
+ memset(&kev, 0, sizeof(kev));
+ list->kl_lock(list->kl_lockarg);
SLIST_FOREACH(kn, &list->kl_list, kn_selnext) {
kq = kn->kn_kq;
KQ_LOCK(kq);
diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c
index 69dd50cf7bdf..a8bce0ee2500 100644
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@@ -1589,6 +1589,7 @@ aio_aqueue(struct thread *td, struct aiocb *ujob, struct aioliojob *lj,
goto aqueue_fail;
}
kqfd = job->uaiocb.aio_sigevent.sigev_notify_kqueue;
+ memset(&kev, 0, sizeof(kev));
kev.ident = (uintptr_t)job->ujob;
kev.filter = EVFILT_AIO;
kev.flags = EV_ADD | EV_ENABLE | EV_FLAG1 | evflags;
@@ -2155,6 +2156,7 @@ kern_lio_listio(struct thread *td, int mode, struct aiocb * const *uacb_list,
bcopy(sig, &lj->lioj_signal, sizeof(lj->lioj_signal));
if (lj->lioj_signal.sigev_notify == SIGEV_KEVENT) {
/* Assume only new style KEVENT */
+ memset(&kev, 0, sizeof(kev));
kev.filter = EVFILT_LIO;
kev.flags = EV_ADD | EV_ENABLE | EV_FLAG1;
kev.ident = (uintptr_t)uacb_list; /* something unique */
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-22 17:34:04 +0000