From owner-freebsd-arch@FreeBSD.ORG Sun Jun 22 20:32:06 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E39FE37B401; Sun, 22 Jun 2003 20:32:06 -0700 (PDT) Received: from mail.cyberonic.com (mail.cyberonic.com [4.17.179.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F87743FA3; Sun, 22 Jun 2003 20:32:03 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (node-40244c0a.sfo.onnet.us.uu.net [64.36.76.10]) by mail.cyberonic.com (8.12.8/8.12.5) with ESMTP id h5N3xfMo004649; Sun, 22 Jun 2003 23:59:42 -0400 Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.9/8.11.6) id h5N3WJOb076942; Sun, 22 Jun 2003 20:32:19 -0700 (PDT) (envelope-from jmg) Date: Sun, 22 Jun 2003 20:32:19 -0700 From: John-Mark Gurney To: Robert Watson Message-ID: <20030623033219.GI57612@funkthat.com> Mail-Followup-To: Robert Watson , Bruce Evans , arch@freebsd.org References: <20030621011002.GG15336@funkthat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: arch@freebsd.org Subject: Re: make /dev/pci really readable X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2003 03:32:07 -0000 Robert Watson wrote this message on Sun, Jun 22, 2003 at 23:10 -0400: > > On Fri, 20 Jun 2003, John-Mark Gurney wrote: > > > John-Mark Gurney wrote this message on Mon, Jun 16, 2003 at 22:29 -0700: > > > Bruce Evans wrote this message on Tue, Jun 17, 2003 at 12:36 +1000: > > > > On Mon, 16 Jun 2003, Robert Watson wrote: > > > > > It looks like (although I haven't tried), user processes can > > > > > also cause the kernel to allocate unlimited amounts of kernel memory, > > > > > which is another bit we probably need to tighten down. > > > > > > > > Much more serious. > > > > > > Yep, the pattern_buf is allocated, and in some cases a berak happens > > > w/o freeing it. So there is a memory leak her. Will be fixed soon. > > > > Ok, I think I have a good patch. It's attached. Fixes the memory leak. > > I have also fix the pci manpage to talk about the errors, but it isn't > > included in the patch. > > Per my earlier and out-of-band comments, the /dev/pci code could use some > further robustness improvements. In particular, make sure that the code > is careful to validate all user arguments for sensibility, such as the > issue regarding the allocation of unlimited amounts of kernel memory that > I raised earlier. I think we're close to this being safe, but need to > take it carefully. This code was clearly not designed to be exposed to > untrusted users... Ok, yes, I missed that one. I have commited a fix for that problem. I just did a double check, and I don't see anymore unchecked user input. The memory leak I thought you were talking about was the part that wasn't freeing memory that was allocated (and bounded by an unvalidated variable). Do you want me to reverse the permission check? or? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."