Re: CVS commit: src/sys/kern

To: source-changes-d%NetBSD.org@localhost, Steffen Nurpmeso <sdaoden%yandex.com@localhost>
Subject: Re: CVS commit: src/sys/kern
From: Maxime Villard <max%M00nBSD.net@localhost>
Date: Thu, 03 Jul 2014 10:55:55 +0200

> "Maxime Villard" <maxv%netbsd.org@localhost> wrote:
>  |Module Name:  src
>  |Committed By: maxv
>  |Date:         Tue Jun 24 07:28:23 UTC 2014
>  |
>  |Modified Files:
>  | src/sys/kern: subr_kmem.c
>  |
>  |Log Message:
>  |KMEM_REDZONE+KMEM_POISON is supposed to detect buffer overflows. But it only
>  |poisons memory after kmem_roundup_size(), which means that if an overflow
>  |occurs in the page padding, it won't be detected.
>  |
>  |Fix this by making KMEM_REDZONE independent from KMEM_POISON and making it
>  |put a 2-byte pattern at the end of each requested buffer, and check it when
>  |freeing memory to ensure the caller hasn't written outside \
>  |the requested area.
> 
> Interesting.
> Having no idea of kernel programming i blindly assume that those
> pages are somehow isolated against "preceeding pages", so that no
> checks of the lower bound are necessary or even useful, and of
> course checking wether the address as such can be safely accessed
> is also not necessary / done differently.
> 
> But, whereas i really think it is a smart idea to use
> a mathematically verifieable pattern, how can you be sure that the
> pattern doesn't generate values which are extremely common,
> especially at E-O-B, such as '\0'?  Shouldn't at least 0 be
> replaced with a different value?

That was in my TODO list, it's fixed in r1.59.

Follow-Ups:
- Re: CVS commit: src/sys/kern
  - From: Steffen Nurpmeso

Prev by Date: Re: CVS commit: src/sys/arch/mips/include
Next by Date: Re: CVS commit: src/sys/kern
Previous by Thread: Re: CVS commit: src/sys/arch/mips/include
Next by Thread: Re: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index