From owner-freebsd-arch  Tue Dec 12  8:48:50 2000
From owner-freebsd-arch@FreeBSD.ORG  Tue Dec 12 08:48:48 2000
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147])
	by hub.freebsd.org (Postfix) with ESMTP id 6418D37B402
	for <arch@FreeBSD.ORG>; Tue, 12 Dec 2000 08:48:47 -0800 (PST)
Received: from critter (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.1/8.11.1) with ESMTP id eBCGlqe49407;
	Tue, 12 Dec 2000 17:47:52 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Julian Elischer <julian@elischer.org>,
	Matt Dillon <dillon@earth.backplane.com>, kris@citusc.usc.edu,
	arch@FreeBSD.ORG
Subject: Re: Safe string formatting in the kernel 
In-Reply-To: Your message of "12 Dec 2000 17:33:01 +0100."
             <xzpitop4n2a.fsf@flood.ping.uio.no> 
Date: Tue, 12 Dec 2000 17:47:52 +0100
Message-ID: <49405.976639672@critter>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <xzpitop4n2a.fsf@flood.ping.uio.no>, Dag-Erling Smorgrav writes:
>Julian Elischer <julian@elischer.org> writes:
>> Poul-Henning Kamp wrote:
>> > There are several places where this new API would make the code
>> > simpler and less prone to overflowable errors.  procfs and various
>> > netgraph nodes spring to mind immediately.
>> hmmm such as?
>
>In procfs: portions of procfs_{map,rlimit,status,vnops}.c
>In linprocfs: most of linprocfs_misc.c
>
>Poul-Henning also mentioned the mn(4) and musycc(4) drivers.
>
>Any part of the kernel that exports string sysctls will also benefit.
>Most of the magic that's necessary for writeable string sysctls can be
>eliminated by using sbufs in such a way that you'll be able to declare
>string sysctls just as easily as integer sysctls (currently, each
>writeable string sysctl requires ~20 lines of code).
>
>Empirical tests show that the sbuf API adds less than 2 kB of code to
>the kernel, and I believe (though I can't prove) that the amount of
>duplicated code and static buffers that can be replaced with judicious
>use of sbufs will more than outweigh that cost. In some cases (procfs
>and linprocfs at least, but probably others too) using sbufs also
>saves large amounts of syscall stack space.

The main thing, however, is providing a trivial string api so that
we can get less overflow bugs in the future.

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message