From owner-freebsd-hackers@FreeBSD.ORG Sun Sep 19 21:51:19 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1015F16A4CE for ; Sun, 19 Sep 2004 21:51:19 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5A8643D1D for ; Sun, 19 Sep 2004 21:51:18 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.1/8.13.1) with ESMTP id i8JLpAtA005872; Sun, 19 Sep 2004 14:51:15 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Message-Id: <200409192151.i8JLpAtA005872@gw.catspoiler.org> Date: Sun, 19 Sep 2004 14:51:10 -0700 (PDT) From: Don Lewis To: gerarra@tin.it In-Reply-To: <4146316C0000B2DB@ims3a.cp.tin.it> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: FreeBSD-hackers@FreeBSD.org Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Sep 2004 21:51:19 -0000 On 19 Sep, gerarra@tin.it wrote: > >>Don, >> >>This sounds excellent. Can an src-committer verify that the following > is >>ok and commit it along with the manpage diff I posted earlier to HEAD? >> >>The hard-wired number 8 in there seems like something that could probably >>be improved a lot, but after looking for a short while I couldn't find > a >>good way of finding out from the arguments of syscall_register() some way >>to calculate it. Of course, I'm far from an experienced kernel hacker > and >>I'm probably missing something. Feel free to correct the following diff >>or >>even replace it entirely. > > Maybe you can get a look at this approach: > > ================================== > > $arch/include/md_var.h: > >> cat md_var.diff > --- md_var2.h Sun Sep 19 22:43:56 2004 > +++ md_var.h Sun Sep 19 22:46:23 2004 > @@ -41,6 +41,12 @@ > extern int (*copyin_vector)(const void *udaddr, void *kaddr, size_t > len); > extern int (*copyout_vector)(const void *kaddr, void *udaddr, size_t > len); > > +/* > + * Arguments number syscalls definition > + */ > + > +#define MAGIC_SYSCALL_ARGS 8 > + > extern long Maxmem; > extern u_int basemem; /* PA of original top of base memory */ > extern int busdma_swi_pending; which is installed from src/sys/{alpha,amd64,i386,ia64,etc}/param.h would be a more appropriate location. There may be cases where you would want to know this value in userland, in which case including would definitely not be appropriate. My preference would be to name it MAX_SYSCALL_ARGS. > ================================ > > kern/kern_syscall.c: >> cat kern_syscall.diff > --- kern_syscalls.c Sat Sep 18 13:42:21 2004 > +++ kern_syscalls2.c Sun Sep 19 23:00:44 2004 > @@ -27,6 +27,8 @@ > #include > __FBSDID("$FreeBSD: src/sys/kern/kern_syscalls.c,v 1.11 2004/07/15 08:26:05 > phk Exp $"); > > +#include > + > #include includes , so if the #define is added to you won't have to include here. The rest of the changes look ok, though you might want to add a printf() before "return EINVAL" so that the reason for failure gets logged.