[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/sys/kern
> "Maxime Villard" <maxv%netbsd.org@localhost> wrote:
> |Module Name: src
> |Committed By: maxv
> |Date: Tue Jun 24 07:28:23 UTC 2014
> |Modified Files:
> | src/sys/kern: subr_kmem.c
> |Log Message:
> |KMEM_REDZONE+KMEM_POISON is supposed to detect buffer overflows. But it only
> |poisons memory after kmem_roundup_size(), which means that if an overflow
> |occurs in the page padding, it won't be detected.
> |Fix this by making KMEM_REDZONE independent from KMEM_POISON and making it
> |put a 2-byte pattern at the end of each requested buffer, and check it when
> |freeing memory to ensure the caller hasn't written outside \
> |the requested area.
> Having no idea of kernel programming i blindly assume that those
> pages are somehow isolated against "preceeding pages", so that no
> checks of the lower bound are necessary or even useful, and of
> course checking wether the address as such can be safely accessed
> is also not necessary / done differently.
> But, whereas i really think it is a smart idea to use
> a mathematically verifieable pattern, how can you be sure that the
> pattern doesn't generate values which are extremely common,
> especially at E-O-B, such as '\0'? Shouldn't at least 0 be
> replaced with a different value?
That was in my TODO list, it's fixed in r1.59.
Main Index |
Thread Index |