Mark Johnston fea1a98ead freebsd32: Fix a double copyin in sendmsg() and recvmsg() ... freebsd32_sendmsg() and freebsd32_recvmsg() both copyin the message header twice, once directly and once in freebsd32_copyinmsghdr(). The iovec length from the former is used when copying in msg_iov, but the rest of the kernel uses the iovec length from the latter. When kern_sendit() and kern_recvit() iterate over the iovec to compute the residual for I/O, they can therefore end up walking past the end of the copied in iovec, either resulting in a system call error, userspace memory corruption from uiomove() with invalid iovecs, or a kernel page fault if the copied-in iovec is followed by an unmapped KVA region. Reported by: syzbot+7cc64cd0c49605acd421@syzkaller.appspotmail.com Reviewed by: kib, emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32010		2021-09-19 13:54:16 -04:00
..
cloudabi	umtx: Split umtx.h on two counterparts.	2021-07-29 12:41:29 +03:00
cloudabi32	regen syscall files after d51198d63b63	2021-05-13 14:09:58 -04:00
cloudabi64	regen syscall files after d51198d63b63	2021-05-13 14:09:58 -04:00
freebsd32	freebsd32: Fix a double copyin in sendmsg() and recvmsg()	2021-09-19 13:54:16 -04:00
ia32	fork: Allow ABI to specify fork return values for child.	2021-08-12 11:45:25 +03:00
lindebugfs	Add emulation support for the Linux kcov(4) ioctl API.	2020-09-04 00:12:28 +00:00
linprocfs	linprocfs: Fixup vDSO name in the procmaps after 9931033bbf.	2021-07-20 10:04:20 +03:00
linsysfs	linsysfs: create /sys/bus/ and /sys/subsystem/	2021-03-11 15:50:51 +00:00
linux	Create sys/reg.h for the common code previously in machine/reg.h	2021-08-30 12:50:53 +01:00
linuxkpi/common	<linux/overflow.h>: Don't use __has_builtin().	2021-09-15 09:03:17 -07:00
x86bios	Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)	2020-02-26 14:26:36 +00:00