svn commit: r242744 - head/sys/dev/md
Konstantin Belousov
kib at FreeBSD.org
Thu Nov 8 03:17:41 UTC 2012
Author: kib
Date: Thu Nov 8 03:17:41 2012
New Revision: 242744
URL: http://svnweb.freebsd.org/changeset/base/242744
Log:
Zero the newly allocated md(4) swap-backed page to prevent random
kernel memory leakage to userspace. For the typical use, when a
filesystem put on the md disk, the change only results in CPU and
memory bandwidth spent to zero the page, since filsystems make sure
that user never see unwritten content. But if md disk is used as raw
device by userspace, the garbage is exposed.
Reported by: Paul Schenkeveld <freebsd at psconsult.nl>
MFC after: 2 weeks
Modified:
head/sys/dev/md/md.c
Modified: head/sys/dev/md/md.c
==============================================================================
--- head/sys/dev/md/md.c Thu Nov 8 02:55:30 2012 (r242743)
+++ head/sys/dev/md/md.c Thu Nov 8 03:17:41 2012 (r242744)
@@ -677,6 +677,15 @@ mdstart_swap(struct md_s *sc, struct bio
sched_unpin();
vm_page_wakeup(m);
break;
+ } else if (rv == VM_PAGER_FAIL) {
+ /*
+ * Pager does not have the page. Zero
+ * the allocated page, and mark it as
+ * valid. Do not set dirty, the page
+ * can be recreated if thrown out.
+ */
+ bzero((void *)sf_buf_kva(sf), PAGE_SIZE);
+ m->valid = VM_PAGE_BITS_ALL;
}
bcopy((void *)(sf_buf_kva(sf) + offs), p, len);
cpu_flush_dcache(p, len);
More information about the svn-src-head
mailing list