Date: Sun, 22 Jun 2003 20:32:19 -0700 From: John-Mark Gurney <gurney_j@efn.org> To: Robert Watson <rwatson@freebsd.org> Cc: arch@freebsd.org Subject: Re: make /dev/pci really readable Message-ID: <20030623033219.GI57612@funkthat.com> In-Reply-To: <Pine.NEB.3.96L.1030622230853.47078A-100000@fledge.watson.org> References: <20030621011002.GG15336@funkthat.com> <Pine.NEB.3.96L.1030622230853.47078A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote this message on Sun, Jun 22, 2003 at 23:10 -0400: > > On Fri, 20 Jun 2003, John-Mark Gurney wrote: > > > John-Mark Gurney wrote this message on Mon, Jun 16, 2003 at 22:29 -0700: > > > Bruce Evans wrote this message on Tue, Jun 17, 2003 at 12:36 +1000: > > > > On Mon, 16 Jun 2003, Robert Watson wrote: > > > > > It looks like (although I haven't tried), user processes can > > > > > also cause the kernel to allocate unlimited amounts of kernel memory, > > > > > which is another bit we probably need to tighten down. > > > > > > > > Much more serious. > > > > > > Yep, the pattern_buf is allocated, and in some cases a berak happens > > > w/o freeing it. So there is a memory leak her. Will be fixed soon. > > > > Ok, I think I have a good patch. It's attached. Fixes the memory leak. > > I have also fix the pci manpage to talk about the errors, but it isn't > > included in the patch. > > Per my earlier and out-of-band comments, the /dev/pci code could use some > further robustness improvements. In particular, make sure that the code > is careful to validate all user arguments for sensibility, such as the > issue regarding the allocation of unlimited amounts of kernel memory that > I raised earlier. I think we're close to this being safe, but need to > take it carefully. This code was clearly not designed to be exposed to > untrusted users... Ok, yes, I missed that one. I have commited a fix for that problem. I just did a double check, and I don't see anymore unchecked user input. The memory leak I thought you were talking about was the part that wasn't freeing memory that was allocated (and bounded by an unvalidated variable). Do you want me to reverse the permission check? or? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623033219.GI57612>