From owner-freebsd-arch@FreeBSD.ORG  Sun Jun 22 20:10:40 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A328C37B401
	for <arch@freebsd.org>; Sun, 22 Jun 2003 20:10:40 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D997143F3F
	for <arch@freebsd.org>; Sun, 22 Jun 2003 20:10:39 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h5N3AMKJ048958;
	Sun, 22 Jun 2003 23:10:22 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)h5N3ABDp048953;
	Sun, 22 Jun 2003 23:10:11 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sun, 22 Jun 2003 23:10:10 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: John-Mark Gurney <gurney_j@efn.org>
In-Reply-To: <20030621011002.GG15336@funkthat.com>
Message-ID: <Pine.NEB.3.96L.1030622230853.47078A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: arch@freebsd.org
Subject: Re: make /dev/pci really readable
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jun 2003 03:10:40 -0000


On Fri, 20 Jun 2003, John-Mark Gurney wrote:

> John-Mark Gurney wrote this message on Mon, Jun 16, 2003 at 22:29 -0700:
> > Bruce Evans wrote this message on Tue, Jun 17, 2003 at 12:36 +1000:
> > > On Mon, 16 Jun 2003, Robert Watson wrote:
> > > > It looks like (although I haven't tried), user processes can
> > > > also cause the kernel to allocate unlimited amounts of kernel memory,
> > > > which is another bit we probably need to tighten down.
> > > 
> > > Much more serious.
> > 
> > Yep, the pattern_buf is allocated, and in some cases a berak happens
> > w/o freeing it.  So there is a memory leak her. Will be fixed soon.
> 
> Ok, I think I have a good patch.  It's attached.  Fixes the memory leak. 
> I have also fix the pci manpage to talk about the errors, but it isn't
> included in the patch. 

Per my earlier and out-of-band comments, the /dev/pci code could use some
further robustness improvements.  In particular, make sure that the code
is careful to validate all user arguments for sensibility, such as the
issue regarding the allocation of unlimited amounts of kernel memory that
I raised earlier.  I think we're close to this being safe, but need to
take it carefully.  This code was clearly not designed to be exposed to
untrusted users...

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories