Page MenuHomeFreeBSD

if_urndis: Organize buffer layouts more naturally
ClosedPublic

Authored by markj on Jul 3 2024, 8:29 PM.
Tags
None
Referenced Files
F108456966: D45866.id140537.diff
Sat, Jan 25, 12:27 AM
Unknown Object (File)
Tue, Jan 21, 10:14 PM
Unknown Object (File)
Sat, Jan 18, 9:35 PM
Unknown Object (File)
Dec 1 2024, 6:21 AM
Unknown Object (File)
Nov 8 2024, 7:50 PM
Unknown Object (File)
Oct 19 2024, 3:19 PM
Unknown Object (File)
Sep 8 2024, 1:23 PM
Unknown Object (File)
Sep 8 2024, 3:27 AM
Subscribers

Details

Summary
  • Group the request header and I/O buffer in one structure, rather than assuming that both request structures have the same size.
  • Pass a pointer to the whole structure to urndis_ctrl_query() and urndis_ctrl_set() rather than just the header. This way, on CHERI platforms, the compiler will set bounds as intended. Otherwise, on CHERI platforms these functions violate subobject bounds since they modify the buffer following the header.

While here, there is no apparent reason for the request structure used
in urndis_attach() to be allocated statically. Change it so that it's
allocated on the stack.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Jul 3 2024, 8:29 PM

Re:

on CHERI platforms, the compiler will set bounds as intended

Note this is because CheriBSD opts into subobject bounds for the kernel due to the history of intra-object overflows; by default this would not be an issue for CHERI.

Re:

on CHERI platforms, the compiler will set bounds as intended

Note this is because CheriBSD opts into subobject bounds for the kernel due to the history of intra-object overflows; by default this would not be an issue for CHERI.

I see, I hadn't seen that the purecap kernel configs explicitly configure subobject bounds.

I would be tempted to leave out the casts for the upstream patch for now and instead just do the union cleanup perhaps? But I'm fine either way.

This revision is now accepted and ready to land.Jul 9 2024, 1:53 PM
In D45866#1047003, @jhb wrote:

I would be tempted to leave out the casts for the upstream patch for now and instead just do the union cleanup perhaps? But I'm fine either way.

Without the casts, I need to pass &foo.hdr, sizeof(foo) to the subroutines, which also looks a bit dubious to me. I think I prefer to just keep it as it is.