From owner-freebsd-bugs@FreeBSD.ORG  Fri Jan  7 22:49:15 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ABDAD16A4CE
	for <freebsd-bugs@freebsd.org>; Fri,  7 Jan 2005 22:49:15 +0000 (GMT)
Received: from pisces.lunarpages.com (pisces.lunarpages.com [64.235.234.123])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9270D43D49
	for <freebsd-bugs@freebsd.org>; Fri,  7 Jan 2005 22:49:15 +0000 (GMT)
	(envelope-from sean@node99.org)
Received: from c-24-23-60-128.client.comcast.net ([24.23.60.128]
	helo=[192.168.1.101])	by pisces.lunarpages.com with esmtp (Exim 4.43)
	id 1Cn2uw-0006Wn-QH
	for freebsd-bugs@freebsd.org; Fri, 07 Jan 2005 14:49:14 -0800
Message-ID: <41DF11EC.1070003@node99.org>
Date: Fri, 07 Jan 2005 14:49:16 -0800
From: Sean Whalen <sean@node99.org>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-bugs@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any
	abuse report
X-AntiAbuse: Primary Hostname - pisces.lunarpages.com
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - node99.org
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: Potential user/kernel pointer bugs identified in FreeBSD 5.3
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2005 22:49:15 -0000

Hello,

We recently analyzed the FreeBSD 5.3 kernel source for user/kernel 
pointer bugs using the Cqual tool (http://cqual.sourcefornet.net).
Previous work has done the same with the Linux kernel.

The paper is available here: http://www.node99.org/projects/bsduk/
On page 10 is an example trace of one such potential bug.  If there is 
interest, we have traces for the others as well.

Our analysis was limited by RAM, and could be potentially improved by 
using a machine with around 10 gigs of RAM for inter-file analysis of 
the entire kernel.

Hopefully this is the right list for such a discussion.  Best,

	-Sean