K 10
svn:author
V 8
vangyzen
K 8
svn:date
V 27
2017-03-18T20:16:23.624512Z
K 7
svn:log
V 497
nanosleep: plug a kernel memory disclosure

nanosleep() updates rmtp on EINVAL.  In that case, kern_nanosleep()
has not updated rmt, so sys_nanosleep() updates the user-space rmtp
by copying garbage from its stack frame.  This is not only a kernel
memory disclosure, it's also not POSIX-compliant.  Fix it to update
rmtp only on EINTR.

Reviewed by:	jilles (via D10020), dchagin
MFC after:	3 days
Security:	possibly
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D10044

END