Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/kern

> "Maxime Villard" <> wrote:
>  |Module Name:  src
>  |Committed By: maxv
>  |Date:         Tue Jun 24 07:28:23 UTC 2014
>  |
>  |Modified Files:
>  | src/sys/kern: subr_kmem.c
>  |
>  |Log Message:
>  |KMEM_REDZONE+KMEM_POISON is supposed to detect buffer overflows. But it only
>  |poisons memory after kmem_roundup_size(), which means that if an overflow
>  |occurs in the page padding, it won't be detected.
>  |
>  |Fix this by making KMEM_REDZONE independent from KMEM_POISON and making it
>  |put a 2-byte pattern at the end of each requested buffer, and check it when
>  |freeing memory to ensure the caller hasn't written outside \
>  |the requested area.
> Interesting.
> Having no idea of kernel programming i blindly assume that those
> pages are somehow isolated against "preceeding pages", so that no
> checks of the lower bound are necessary or even useful, and of
> course checking wether the address as such can be safely accessed
> is also not necessary / done differently.
> But, whereas i really think it is a smart idea to use
> a mathematically verifieable pattern, how can you be sure that the
> pattern doesn't generate values which are extremely common,
> especially at E-O-B, such as '\0'?  Shouldn't at least 0 be
> replaced with a different value?

That was in my TODO list, it's fixed in r1.59.

Home | Main Index | Thread Index | Old Index