From owner-freebsd-hackers@FreeBSD.ORG  Fri Sep 17 09:46:54 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 298B916A4CE; Fri, 17 Sep 2004 09:46:54 +0000 (GMT)
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id EE72B43D53; Fri, 17 Sep 2004 09:46:53 +0000 (GMT)
	(envelope-from dillon@apollo.backplane.com)
Received: from apollo.backplane.com (localhost [127.0.0.1])
	i8H9krvA021051;	Fri, 17 Sep 2004 02:46:53 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.12.9p2/8.12.9/Submit) id i8H9kr4P021050;
	Fri, 17 Sep 2004 02:46:53 -0700 (PDT)
	(envelope-from dillon)
Date: Fri, 17 Sep 2004 02:46:53 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200409170946.i8H9kr4P021050@apollo.backplane.com>
To: Giorgos Keramidas <keramida@freebsd.org>
References: <4146316C00007833@ims3a.cp.tin.it>
	<20040917093712.GB94990@orion.daedalusnetworks.priv>
cc: freebsd-hackers@freebsd.org
cc: gerarra@tin.it
Subject: Re: FreeBSD Kernel buffer overflow
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2004 09:46:54 -0000

:pass more arguments and added a KASSERT in trap.c that is only enabled for
:kernels compiled with INVARIANTS turned on?
:...
:
:A KASSERT() wrapped in #ifdef INVARIANTS has zero overhead for normal,
:non-debugging kernels.  The developers who are responsible for writing and
:testing new system calls should use INVARIANTS anyway, so they'll quickly
:catch the mistake.
:
:- - Giorgos

    KASSERT()'s are only compiled in if INVARIANTS is turned on anyway.
    If you don't have INVARIANTS turned on, all your KASSERT's go poof.

    Look at the #define KASSERT in sys/systm.h.

    I strongly recommend that all kernels always be compiled with INVARIANTS
    turned on.  Even production kernels.  I believe GENERIC defaults to
    INVARIANTS turned on.  I'm not sure what is done during release cycles
    but presumably INVARIANTS is left on for the release build as well (if it
    isn't it should be).

						-Matt