Page MenuHomeFreeBSD

oce(4): Don't directly access usespace
ClosedPublic

Authored by brooks on Jun 13 2023, 9:12 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 28 2024, 6:55 AM
Unknown Object (File)
Sep 24 2024, 3:01 AM
Unknown Object (File)
Sep 22 2024, 6:56 AM
Unknown Object (File)
Sep 21 2024, 3:25 PM
Unknown Object (File)
Sep 21 2024, 6:10 AM
Unknown Object (File)
Sep 16 2024, 9:28 AM
Unknown Object (File)
Sep 16 2024, 1:25 AM
Unknown Object (File)
Sep 15 2024, 6:07 PM
Subscribers

Details

Summary

Replace direct stores to userspace address (never safe and broken on
modern CPUs) with a copyout. Use a static assert on the size to ensure
we don't overflow the field.

Sponsored by: DARPA

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 52053
Build 48944: arc lint + arc unit

Event Timeline

This driver should probably be on the list of potential drivers to cull in 15. Other than quite a few bug fixes to ioctl handling it hasn't seen any non-sweeping commits since 2016.

This driver should probably be on the list of potential drivers to cull in 15.

Probably - are you willing to add the man page deprecation notice and gone_in?

This driver should probably be on the list of potential drivers to cull in 15.

Probably - are you willing to add the man page deprecation notice and gone_in?

D40531

sys/dev/oce/oce_if.c
2296

Probably we want to check for an error here? And not do anything if rc is already not equal to 0.

sys/dev/oce/oce_if.c
2282

Missing braces.

This revision is now accepted and ready to land.Jun 14 2023, 5:37 PM
jhb added inline comments.
sys/dev/oce/oce_if.c
2296

rc is known to be zero here I think. If rc was non-zero up at line 2275 (new) we jump to the error label. Similarly the new goto at 2282 means that rc is known to be zero here.

brooks added inline comments.
sys/dev/oce/oce_if.c
2296

The previous version didn't check the copyout return (I'd blindly copied the strncpy). I chose a slightly different strategy since falling through is ok here.

This revision was automatically updated to reflect the committed changes.
brooks marked an inline comment as done.