From nobody@FreeBSD.org  Tue Dec  6 20:04:58 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0236A106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  6 Dec 2011 20:04:58 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id E72DB8FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  6 Dec 2011 20:04:57 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id pB6K4u1b010408
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 6 Dec 2011 20:04:56 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id pB6K4uGY010407;
	Tue, 6 Dec 2011 20:04:56 GMT
	(envelope-from nobody)
Message-Id: <201112062004.pB6K4uGY010407@red.freebsd.org>
Date: Tue, 6 Dec 2011 20:04:56 GMT
From: Loganaden Velvindron <loganaden@devio.us>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ktrace leak & fix
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         163098
>Category:       kern
>Synopsis:       [ktrace] [patch] ktrace leak & fix
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 06 20:10:09 UTC 2011
>Closed-Date:    Sun Jan 15 20:53:58 UTC 2012
>Last-Modified:  Sun Jan 15 21:00:35 UTC 2012
>Originator:     Loganaden Velvindron
>Release:        8.2
>Organization:
devio.us
>Environment:
>Description:
djm@openbsd : The issue was that the syscall wrapper did not clear retval when
an error occurs in the syscall itself. retval was being passed back
to ktrace, and could leak some kernel stack (e.g. via ptrace PT_READ*).

>How-To-Repeat:

>Fix:
Index: src/sys/kern/kern_ktrace.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_ktrace.c,v
retrieving revision 1.130.2.2.4.1
diff -u -p -r1.130.2.2.4.1 kern_ktrace.c
--- src/sys/kern/kern_ktrace.c	21 Dec 2010 17:09:25 -0000	1.130.2.2.4.1
+++ src/sys/kern/kern_ktrace.c	3 Dec 2011 19:22:13 -0000
@@ -426,7 +426,7 @@ ktrsysret(code, error, retval)
 	ktp = &req->ktr_data.ktr_sysret;
 	ktp->ktr_code = code;
 	ktp->ktr_error = error;
-	ktp->ktr_retval = retval;		/* what about val2 ? */
+	ktp->ktr_retval = error == 0 ? retval: 0;	/* what about val2 ? */
 	ktr_submitrequest(curthread, req);
 }
 

>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/163098: commit references a PR
Date: Thu,  8 Dec 2011 03:20:52 +0000 (UTC)

 Author: eadler (ports committer)
 Date: Thu Dec  8 03:20:38 2011
 New Revision: 228343
 URL: http://svn.freebsd.org/changeset/base/228343
 
 Log:
   - Fix ktrace leakage if error is set
   
   PR:		kern/163098
   Submitted by:	Loganaden Velvindron <loganaden@devio.us>
   Approved by:	sbruno@
   MFC after:	1 month
 
 Modified:
   head/sys/kern/kern_ktrace.c
 
 Modified: head/sys/kern/kern_ktrace.c
 ==============================================================================
 --- head/sys/kern/kern_ktrace.c	Thu Dec  8 02:40:46 2011	(r228342)
 +++ head/sys/kern/kern_ktrace.c	Thu Dec  8 03:20:38 2011	(r228343)
 @@ -478,7 +478,7 @@ ktrsysret(code, error, retval)
  	ktp = &req->ktr_data.ktr_sysret;
  	ktp->ktr_code = code;
  	ktp->ktr_error = error;
 -	ktp->ktr_retval = retval;		/* what about val2 ? */
 +	ktp->ktr_retval = ((error == 0) ? retval: 0);		/* what about val2 ? */
  	ktr_submitrequest(curthread, req);
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: eadler 
State-Changed-When: Sun Dec 11 06:09:51 UTC 2011 
State-Changed-Why:  
committed in r228343 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163098 
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Sun Jan 15 20:53:57 UTC 2012 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163098 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/163098: commit references a PR
Date: Sun, 15 Jan 2012 20:52:16 +0000 (UTC)

 Author: eadler (ports committer)
 Date: Sun Jan 15 20:52:01 2012
 New Revision: 230158
 URL: http://svn.freebsd.org/changeset/base/230158
 
 Log:
   MFC r228343:
   	 - Fix ktrace leakage if error is set
   
   PR:		kern/163098
   Approved by:	sbruno
 
 Modified:
   stable/7/sys/kern/kern_ktrace.c
 Directory Properties:
   stable/7/sys/   (props changed)
 
 Modified: stable/7/sys/kern/kern_ktrace.c
 ==============================================================================
 --- stable/7/sys/kern/kern_ktrace.c	Sun Jan 15 20:43:39 2012	(r230157)
 +++ stable/7/sys/kern/kern_ktrace.c	Sun Jan 15 20:52:01 2012	(r230158)
 @@ -462,7 +462,7 @@ ktrsysret(code, error, retval)
  	ktp = &req->ktr_data.ktr_sysret;
  	ktp->ktr_code = code;
  	ktp->ktr_error = error;
 -	ktp->ktr_retval = retval;		/* what about val2 ? */
 +	ktp->ktr_retval = ((error == 0) ? retval: 0);		/* what about val2 ? */
  	ktr_submitrequest(curthread, req);
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/163098: commit references a PR
Date: Sun, 15 Jan 2012 20:52:40 +0000 (UTC)

 Author: eadler (ports committer)
 Date: Sun Jan 15 20:52:31 2012
 New Revision: 230159
 URL: http://svn.freebsd.org/changeset/base/230159
 
 Log:
   MFC r228343:
   	 - Fix ktrace leakage if error is set
   
   PR:		kern/163098
   Approved by:	sbruno
 
 Modified:
   stable/8/sys/kern/kern_ktrace.c
 Directory Properties:
   stable/8/sys/   (props changed)
 
 Modified: stable/8/sys/kern/kern_ktrace.c
 ==============================================================================
 --- stable/8/sys/kern/kern_ktrace.c	Sun Jan 15 20:52:01 2012	(r230158)
 +++ stable/8/sys/kern/kern_ktrace.c	Sun Jan 15 20:52:31 2012	(r230159)
 @@ -473,7 +473,7 @@ ktrsysret(code, error, retval)
  	ktp = &req->ktr_data.ktr_sysret;
  	ktp->ktr_code = code;
  	ktp->ktr_error = error;
 -	ktp->ktr_retval = retval;		/* what about val2 ? */
 +	ktp->ktr_retval = ((error == 0) ? retval: 0);		/* what about val2 ? */
  	ktr_submitrequest(curthread, req);
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/163098: commit references a PR
Date: Sun, 15 Jan 2012 20:53:58 +0000 (UTC)

 Author: eadler (ports committer)
 Date: Sun Jan 15 20:53:50 2012
 New Revision: 230160
 URL: http://svn.freebsd.org/changeset/base/230160
 
 Log:
   MFC r228343:
   	 - Fix ktrace leakage if error is set
   
   PR:		kern/163098
   Approved by:	sbruno
 
 Modified:
   stable/9/sys/kern/kern_ktrace.c
 Directory Properties:
   stable/9/sys/   (props changed)
 
 Modified: stable/9/sys/kern/kern_ktrace.c
 ==============================================================================
 --- stable/9/sys/kern/kern_ktrace.c	Sun Jan 15 20:52:31 2012	(r230159)
 +++ stable/9/sys/kern/kern_ktrace.c	Sun Jan 15 20:53:50 2012	(r230160)
 @@ -476,7 +476,7 @@ ktrsysret(code, error, retval)
  	ktp = &req->ktr_data.ktr_sysret;
  	ktp->ktr_code = code;
  	ktp->ktr_error = error;
 -	ktp->ktr_retval = retval;		/* what about val2 ? */
 +	ktp->ktr_retval = ((error == 0) ? retval: 0);		/* what about val2 ? */
  	ktr_submitrequest(curthread, req);
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
