d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sys/kern
History
mjg 027c9d90e3 fork: plug a use after free of the returned process 
fork1 required its callers to pass a pointer to struct proc * which would
be set to the new process (if any). procdesc and racct manipulation also
used said pointer.

However, the process could have exited prior to do_fork return and be
automatically reaped, thus making this a use-after-free.

Fix the problem by letting callers indicate whether they want the pid or
the struct proc, return the process in stopped state for the latter case.

Reviewed by:	kib
2016-02-04 04:25:30 +00:00
..
bus_if.m
Convert rman to use rman_res_t instead of u_long
2016-01-27 02:23:54 +00:00
capabilities.conf
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh
genassym.sh: call nm(1) with NMFLAGS.
2015-08-14 22:57:13 +00:00
imgact_aout.c
Implement vsyscall hack. Prior to 2.13 glibc uses vsyscall
2016-01-09 20:18:53 +00:00
imgact_binmisc.c
imgact_elf32.c
imgact_elf64.c
imgact_elf.c
Do not substitute interpeter if the brand interpreter path is
2015-12-26 15:40:12 +00:00
imgact_gzip.c
imgact_shell.c
inflate.c
init_main.c
fork: pass arguments to fork1 in a dedicated structure
2016-02-04 04:22:18 +00:00
init_sysent.c
Missing regen after last change to sys/kern/syscalls.master.
2015-10-22 21:30:39 +00:00
kern_acct.c
kern_alq.c
kern_clock.c
kern_clocksource.c
Fix typo in comment.
2015-07-20 09:37:42 +00:00
kern_condvar.c
Prevent cv_waiters wraparound.
2016-01-09 01:56:46 +00:00
kern_conf.c
Provide yet another KPI for cdev creation, make_dev_s(9).
2016-01-07 20:08:02 +00:00
kern_cons.c
kern_context.c
kern_cpu.c
kern_cpuset.c
kern_ctf.c
kern_descrip.c
fd: implement kern.proc.nfds sysctl
2015-11-07 00:18:14 +00:00
kern_dtrace.c
kern_dump.c
- Unbreak dumpsys(9) on sparc64 after r276772
2015-11-16 23:02:33 +00:00
kern_environment.c
Make the 'env' directive described in config(5) work on all architectures,
2016-01-02 02:53:48 +00:00
kern_et.c
kern_event.c
kqueue EVFILT_PROC: avoid collision between NOTE_CHILD and NOTE_EXIT
2016-01-28 20:24:15 +00:00
kern_exec.c
Fix style issues around existing SDT probes.
2015-12-16 23:39:27 +00:00
kern_exit.c
session: avoid proctree lock on proc exit when possible
2016-01-20 23:33:58 +00:00
kern_fail.c
kern_ffclock.c
kern_fork.c
fork: plug a use after free of the returned process
2016-02-04 04:25:30 +00:00
kern_gzio.c
kern_hhook.c
Check that hhk_helper pointer isn't NULL before access.
2015-11-25 07:14:58 +00:00
kern_idle.c
kern_intr.c
The part of r285680 which removed release semantic for two stores to
2015-07-21 14:39:34 +00:00
kern_jail.c
Fix jail name checking that disallowed anything that starts with '0'.
2015-12-15 17:25:00 +00:00
kern_khelp.c
kern_kthread.c
fork: pass arguments to fork1 in a dedicated structure
2016-02-04 04:22:18 +00:00
kern_ktr.c
Fix the logic in the ddb command 'show ktr /a'. Prior to r118269 it would
2016-01-31 17:32:20 +00:00
kern_ktrace.c
ktrace: tidy up ktrstruct
2016-01-27 19:55:02 +00:00
kern_linker.c
Create the MDT_PNP_INFO metadata record to communicate PNP info about
2015-12-11 05:27:53 +00:00
kern_lock.c
Don't modify curthread->td_locks unless INVARIANTS is enabled.
2015-08-02 00:03:08 +00:00
kern_lockf.c
kern_lockstat.c
Consistently use a reader/writer flag for lockstat probes in rwlock(9) and
2015-07-19 22:24:33 +00:00
kern_loginclass.c
Speed up rctl operation with large rulesets, by holding the lock
2015-11-15 12:10:51 +00:00
kern_malloc.c
Redo r292484. Embed task(9) into zone, so that uz_maxaction is called
2016-02-03 23:30:17 +00:00
kern_mbuf.c
Redo r292484. Embed task(9) into zone, so that uz_maxaction is called
2016-02-03 23:30:17 +00:00
kern_mib.c
Export various helper variables describing the layout and size of
2015-11-12 22:00:59 +00:00
kern_module.c
Provide better debug message on kernel module name clash.
2015-10-10 09:21:55 +00:00
kern_mtxpool.c
kern_mutex.c
Don't modify curthread->td_locks unless INVARIANTS is enabled.
2015-08-02 00:03:08 +00:00
kern_ntptime.c
Use the monotonic (uptime) counter rather than time-of-day to measure elapsed
2015-07-12 18:38:17 +00:00
kern_numa.c
kern_osd.c
kern_physio.c
Add missing NULL check in physio().
2015-10-29 13:53:37 +00:00
kern_pmc.c
kern_poll.c
kern_priv.c
kern_proc.c
session: avoid proctree lock on proc exit when possible
2016-01-20 23:33:58 +00:00
kern_procctl.c
If process becomes reaper (procctl(PROC_REAP_ACQUIRE)) while already
2015-08-20 22:44:26 +00:00
kern_prot.c
Call crextend() before copying old credentials to the new credentials
2016-01-14 10:16:25 +00:00
kern_racct.c
fork: plug a use after free of the returned process
2016-02-04 04:25:30 +00:00
kern_rangelock.c
kern_rctl.c
Fix the way RCTL handles rules' rrl_exceeded on credenials change.
2016-01-26 11:28:55 +00:00
kern_resource.c
Fold lim_shared into lim_copy to mute a -Wunused compiler warning from
2015-12-22 21:07:33 +00:00
kern_rmlock.c
Threads holding a read lock of a sleepable rm lock are not permitted
2015-09-15 22:16:21 +00:00
kern_rwlock.c
Don't modify curthread->td_locks unless INVARIANTS is enabled.
2015-08-02 00:03:08 +00:00
kern_sdt.c
kern_sema.c
kern_sendfile.c
- Separate sendfile(2) implementation from uipc_syscalls.c into
2016-01-22 02:23:18 +00:00
kern_sharedpage.c
Split kerne timekeep ABI structure vdso_sv_tk out of the struct
2015-11-23 07:09:35 +00:00
kern_shutdown.c
Disable suspend when we're shutting down. This solves the "tell FreeBSD
2015-10-01 10:52:26 +00:00
kern_sig.c
Add ptrace(2) reporting for LWP events.
2015-12-29 23:25:26 +00:00
kern_switch.c
kern_sx.c
Don't modify curthread->td_locks unless INVARIANTS is enabled.
2015-08-02 00:03:08 +00:00
kern_synch.c
kern_syscalls.c
kern_sysctl.c
Evaluate the sysctl_running fail point before taking the sysctl lock.
2016-01-26 01:15:18 +00:00
kern_tc.c
Define fhard in pps_event(..) only when PPS_SYNC is defined to mute
2015-11-02 03:14:37 +00:00
kern_thr.c
Add ptrace(2) reporting for LWP events.
2015-12-29 23:25:26 +00:00
kern_thread.c
Call kern_thr_exit() instead of duplicating it.
2015-12-29 23:16:20 +00:00
kern_time.c
Verify that tv_sec value specified in settimeofday() and clock_settime()
2015-12-27 15:37:07 +00:00
kern_timeout.c
Fix style issues around existing SDT probes.
2015-12-16 23:39:27 +00:00
kern_umtx.c
Minor (and incomplete) style cleanup.
2015-10-30 20:47:42 +00:00
kern_uuid.c
kern_xxx.c
ksched.c
Use P1B_PRIO_MAX to designate max posix priority for the RR/FIFO
2015-08-30 18:02:57 +00:00
link_elf_obj.c
Add support for weak symbols to the kernel linkers. It means that
2015-09-20 01:27:59 +00:00
link_elf.c
Fix r292640
2015-12-23 03:34:43 +00:00
linker_if.m
Make.tags.inc
Bring the tags and links entries for amd64 up to date.
2015-10-27 22:59:24 +00:00
Makefile
makesyscalls.sh
Rename remaining linux32 symbols such as linux_sysent[] and
2015-10-22 21:28:20 +00:00
md4c.c
md5c.c
p1003_1b.c
pic_if.m
[intrng] Migrate the intrng code from sys/arm/arm to sys/kern/subr_intr.c.
2015-12-18 05:43:59 +00:00
posix4_mib.c
sched_4bsd.c
kgdb uses td_oncpu to determine if a thread is running and should use
2015-08-03 20:43:36 +00:00
sched_ule.c
Summary: Add the interactivity equations to the header comment for our
2015-08-26 16:36:41 +00:00
serdev_if.m
stack_protector.c
subr_acl_nfs4.c
Expose an interface to determine if an ACE is inherited.
2015-09-04 00:14:20 +00:00
subr_acl_posix1e.c
subr_autoconf.c
subr_blist.c
subr_bufring.c
subr_bus_dma.c
Fix a bug introduced in r291716:
2016-01-11 20:38:39 +00:00
subr_bus.c
Convert rman to use rman_res_t instead of u_long
2016-01-27 02:23:54 +00:00
subr_busdma_bufalloc.c
Fix printf format to allow for bus_size_t not being u_long on all platforms.
2015-10-20 03:25:17 +00:00
subr_capability.c
capsicum: plug spurious memset in __cap_rights_init
2015-12-01 02:48:42 +00:00
subr_clock.c
subr_counter.c
subr_devstat.c
subr_disk.c
subr_dummy_vdso_tc.c
subr_eventhandler.c
subr_fattime.c
subr_firmware.c
subr_hash.c
subr_hints.c
subr_intr.c
[intrng] Migrate the intrng code from sys/arm/arm to sys/kern/subr_intr.c.
2015-12-18 05:43:59 +00:00
subr_kdb.c
subr_kobj.c
subr_lock.c
subr_log.c
subr_mbpool.c
subr_mchain.c
These files were getting sys/malloc.h and vm/uma.h with header pollution
2016-02-01 17:41:21 +00:00
subr_module.c
preload_search_info: make sure mod is set
2015-08-21 15:57:57 +00:00
subr_msgbuf.c
subr_param.c
Ensure that maxproc does not exceed pid_max, at the time of boot.
2015-09-21 15:02:59 +00:00
subr_pcpu.c
subr_pctrie.c
subr_power.c
subr_prf.c
Add vlog(9).
2015-11-19 05:50:22 +00:00
subr_prof.c
subr_rman.c
Convert rman to use rman_res_t instead of u_long
2016-01-27 02:23:54 +00:00
subr_rtc.c
subr_sbuf.c
Fail the sbuf if vsnprintf(3) fails.
2015-10-02 09:23:14 +00:00
subr_scanf.c
subr_sfbuf.c
subr_sglist.c
subr_sleepqueue.c
subr_smp.c
Since r289279 bufinit() uses mp_ncpus, but some architectures set this
2015-11-08 14:26:50 +00:00
subr_stack.c
Add support for a configurable output channel to witness(4).
2015-11-19 05:56:59 +00:00
subr_syscall.c
Support an arbitrary number of arguments to DTrace syscall probes.
2015-12-17 00:00:27 +00:00
subr_taskqueue.c
This fixes several places where callout_stops return is examined. The
2015-11-13 22:51:35 +00:00
subr_terminal.c
subr_trap.c
racct: perform a lockless check for p_throttled
2015-07-13 22:52:11 +00:00
subr_turnstile.c
subr_uio.c
Add asynchronous command support to the pass(4) driver, and the new
2015-12-03 20:54:55 +00:00
subr_unit.c
subr_vmem.c
subr_witness.c
The buffer passed to an sbuf drain callback is not necessarily
2015-11-23 18:45:35 +00:00
sys_capability.c
Introduce kern_cap_rights_limit().
2015-08-11 08:43:50 +00:00
sys_generic.c
sys_pipe.c
Make pipes in CloudABI work.
2015-07-29 17:18:27 +00:00
sys_procdesc.c
The si_status field of the siginfo_t, provided by the waitid(2) and
2015-07-18 09:02:50 +00:00
sys_process.c
Add ptrace(2) reporting for LWP events.
2015-12-29 23:25:26 +00:00
sys_socket.c
syscalls.c
Missing regen after last change to sys/kern/syscalls.master.
2015-10-22 21:30:39 +00:00
syscalls.master
systrace_args.c
sysv_ipc.c
sysv_msg.c
sysv_sem.c
sysv_shm.c
Change the default setting of kern.ipc.shm_allow_removed from 0 to 1.
2015-10-10 09:29:47 +00:00
tty_compat.c
tty_info.c
tty_inq.c
tty_outq.c
tty_pts.c
tty_tty.c
tty_ttydisc.c
Don't clear the software flow control flag before draining for last
2016-01-26 14:46:39 +00:00
tty.c
Don't clear the software flow control flag before draining for last
2016-01-26 14:46:39 +00:00
uipc_accf.c
uipc_debug.c
Increase max allowed backlog for listen sockets
2016-02-02 05:57:59 +00:00
uipc_domain.c
uipc_mbuf2.c
Add const-qualifiers for source mbuf argument in m_dup(), m_copym(),
2015-08-08 15:50:46 +00:00
uipc_mbuf.c
New sendfile(2) syscall. A joint effort of NGINX and Netflix from 2013 and
2016-01-08 20:34:57 +00:00
uipc_mbufhash.c
uipc_mqueue.c
uipc_sem.c
Call ksem_get() with initialized 'rights'.
2015-07-23 23:18:03 +00:00
uipc_shm.c
A change to KPI of vm_pager_get_pages() and underlying VOP_GETPAGES().
2015-12-16 21:30:45 +00:00
uipc_sockbuf.c
These files were getting sys/malloc.h and vm/uma.h with header pollution
2016-02-01 17:41:21 +00:00
uipc_socket.c
Increase max allowed backlog for listen sockets
2016-02-02 05:57:59 +00:00
uipc_syscalls.c
- Separate sendfile(2) implementation from uipc_syscalls.c into
2016-01-22 02:23:18 +00:00
uipc_usrreq.c
Make it possible for sbappend() to preserve M_NOTREADY on mbufs, just like
2016-01-08 19:03:20 +00:00
vfs_acl.c
vfs_aio.c
Various style fixes.
2016-01-26 21:24:49 +00:00
vfs_bio.c
The bread() function was inconsistent about whether it would return
2016-01-27 21:23:01 +00:00
vfs_cache.c
cache: minor changes
2016-01-21 01:09:39 +00:00
vfs_cluster.c
The bread() function was inconsistent about whether it would return
2016-01-27 21:23:01 +00:00
vfs_default.c
Two fixes for excessive iterations after r292326.
2016-01-05 14:48:40 +00:00
vfs_export.c
MFP r287070,r287073: split radix implementation and route table structure.
2016-01-25 06:33:15 +00:00
vfs_extattr.c
vfs_hash.c
Track changes to kern.maxvnodes and appropriately increase or decrease
2015-09-06 05:50:51 +00:00
vfs_init.c
sysctl: switch sysctllock to a sleepable rmlock, take 2
2015-09-15 23:06:56 +00:00
vfs_lookup.c
save some bytes by using more concise SDT_PROBE<n> instead of SDT_PROBE
2015-09-28 12:14:16 +00:00
vfs_mount.c
Make vfs_unmountall() unmount /dev after /, not before. The only
2015-08-24 13:18:13 +00:00
vfs_mountroot.c
After r290196, the kernel won't wait for stuff like gmirror nodes
2015-10-30 15:52:10 +00:00
vfs_subr.c
Add vrefl(), a locked variant of vref(9).
2016-01-18 22:21:46 +00:00
vfs_syscalls.c
The freebsd4_getfsstat() was broken in r281551 to always return 0 on success.
2015-11-20 14:08:12 +00:00
vfs_vnops.c
The struct file f_advice member is overlaid with the devfs f_cdevpriv
2016-01-22 20:35:20 +00:00
vnode_if.src
A change to KPI of vm_pager_get_pages() and underlying VOP_GETPAGES().
2015-12-16 21:30:45 +00:00