From owner-cvs-src@FreeBSD.ORG Sun Oct 5 05:17:20 2003 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2683516A4B3; Sun, 5 Oct 2003 05:17:20 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id A461B43FF2; Sun, 5 Oct 2003 05:17:17 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from gamplex.bde.org (katana.zip.com.au [61.8.7.246]) by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id WAA20434; Sun, 5 Oct 2003 22:17:12 +1000 Date: Sun, 5 Oct 2003 22:15:51 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Don Lewis In-Reply-To: <200310051041.h95AfBN1049085@gw.catspoiler.org> Message-ID: <20031005213809.O4773@gamplex.bde.org> References: <200310051041.h95AfBN1049085@gw.catspoiler.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: bms@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/kern kern_sysctl.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 12:17:20 -0000 On Sun, 5 Oct 2003, Don Lewis wrote: > On 5 Oct, Bruce M Simpson wrote: > > bms 2003/10/05 02:37:47 PDT > > > > FreeBSD src repository > > > > Modified files: > > sys/kern kern_sysctl.c > > Log: > > Fix a security problem in sysctl() the long way round. > > > > Use pre-emption detection to avoid the need for wiring a userland buffer > > when copying opaque data structures. > > > > sysctl_wire_old_buffer() is now a no-op. Other consumers of this > > API should use pre-emption detection to notice update collisions. > > There are a number of consumers of sysctl_wire_old_buffer() that use it > to avoid blocking while holding a mutex. In general they call > SYSCTL_OUT() multiple times while traversing a data structure. They > probably should have been fixed before neutering > sysctl_wire_old_buffer(). I'm not happy with most of this set of changes. The largest bug that I noticed is that the implementation of retrying is quite broken. SYSCTL_OUT() continues from the current position, so if a context switch occurs then garbage output or a garbage errno is ensured by attempting to fill the user buffer with multiple copies of the data. Bruce