FreeBSD Kernel buffer overflow
Don Lewis
truckman at FreeBSD.org
Sun Sep 19 14:51:19 PDT 2004
On 19 Sep, gerarra at tin.it wrote:
>
>>Don,
>>
>>This sounds excellent. Can an src-committer verify that the following
> is
>>ok and commit it along with the manpage diff I posted earlier to HEAD?
>>
>>The hard-wired number 8 in there seems like something that could probably
>>be improved a lot, but after looking for a short while I couldn't find
> a
>>good way of finding out from the arguments of syscall_register() some way
>>to calculate it. Of course, I'm far from an experienced kernel hacker
> and
>>I'm probably missing something. Feel free to correct the following diff
>>or
>>even replace it entirely.
>
> Maybe you can get a look at this approach:
>
> ==================================
>
> $arch/include/md_var.h:
>
>> cat md_var.diff
> --- md_var2.h Sun Sep 19 22:43:56 2004
> +++ md_var.h Sun Sep 19 22:46:23 2004
> @@ -41,6 +41,12 @@
> extern int (*copyin_vector)(const void *udaddr, void *kaddr, size_t
> len);
> extern int (*copyout_vector)(const void *kaddr, void *udaddr, size_t
> len);
>
> +/*
> + * Arguments number syscalls definition
> + */
> +
> +#define MAGIC_SYSCALL_ARGS 8
> +
> extern long Maxmem;
> extern u_int basemem; /* PA of original top of base memory */
> extern int busdma_swi_pending;
<machine/param.h> which is installed from
src/sys/{alpha,amd64,i386,ia64,etc}/param.h would be a more appropriate
location. There may be cases where you would want to know this value in
userland, in which case including <machine/md_var.h> would definitely
not be appropriate.
My preference would be to name it MAX_SYSCALL_ARGS.
> ================================
>
> kern/kern_syscall.c:
>> cat kern_syscall.diff
> --- kern_syscalls.c Sat Sep 18 13:42:21 2004
> +++ kern_syscalls2.c Sun Sep 19 23:00:44 2004
> @@ -27,6 +27,8 @@
> #include <sys/cdefs.h>
> __FBSDID("$FreeBSD: src/sys/kern/kern_syscalls.c,v 1.11 2004/07/15 08:26:05
> phk Exp $");
>
> +#include <machine/md_var.h>
> +
> #include <sys/param.h>
<sys/param.h> includes <machine/param.h>, so if the #define is added to
<machine/param.h> you won't have to include <machine/md_var.h> here.
The rest of the changes look ok, though you might want to add a printf()
before "return EINVAL" so that the reason for failure gets logged.
More information about the freebsd-hackers
mailing list