This change adds validation for the devman_device_info that is provided by the caller. This is done by introducing a new function devman_validate_device_info.
This change clears the tm structure on the stack before filling it in. This guarantees that the whole structure is initialized, and as such, no uninitialized stack data is copied to the caller.
This change adds a bounds check to make sure userland can't overflow a kernel stack buffer. In addition the change also prevents an integer overflow from occurring.
This change adds a check to make sure name_len is not negative. This change was made to prevent memory corruption from occurring if name_len is negative.
Make sure the service isn't lying about the amount of bytes it wrote into vaddr. This prevents possible out of bound reads and writes by callers that rely on and trust the length value returned by the server.
This change adds a bounds check to make sure count is not larger than MAX_PARAMS when copying data from the caller. This prevents a buffer overflow from occurring.
Infrastructure change to come in a separate commit.
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
Patch for CVE-2018-049.
Prevent shell execution with r command.
Check bounds before dereferencing in encryption routines.
Document -S to disable ! commands.
Sync with NetBSD-8
closes#268
Change-Id: I1c2849e0097b0cc9f89beef5ee24ccd9d73b4ee2
Allow 0 timestamp.
Grammar fixes.
Use the create_size if given to compute the real size instead of stat'ing
the file again, which might have been larger to start with.
Document history.
closes#274
Change-Id: Ibf881f22f351c7a17488b24a05c2110be1d65ae0
In the case of vbfs the host is VirtualBox so mentions of VMware must be
copy-paste errors.
closes#264
Change-Id: Ieb1316155be8f8fb81e3e5a2b21147594f6cb4d9
Some assembly code to cause unaligned access as well as
segmentation faults to exercise the data abort path.
Change-Id: Ie419114b76a8db849537a94fda781019cf14d50d
On second thought, handle unknown faults caused by processes by sending
SIGSEGV to them instead of bringing the whole system to a grind.
arm/archconst: use values defined in armreg.h
Change-Id: Ieed5bb06910ab0c8eef1e68b0b4eec680867acd3
Without this option, gcc may emit code accessing unaligned memory. This,
and the fact that SCTRL.A (System Control Register - Alignment Check) is
set to 1 in Minix causes data aborts when such code is encountered.
This was the cause of #104. The `minix-service' executable caused
unaligned memory accesses calling into getpwnam(). These then trigger
data abort exceptions. On ARM, these were previously forwarded to `vm'
as pagefaults. However, `vm' did not properly handle them, but instead
allocated one page for the faulting address (over and over again) and
then resumed the process at the faulting instruction (over and over
again). This behavior masked the whole story as an OOM.
Below the assembly version getpwent.c in which unaligned memory
accesses are even highlighted...
...
341 ldr lr, [sp, #48]
342 cmp lr, #0
343 bne .L46
344 ldr r0, [r4] @ unaligned
345 add r1, r7, #5
346 str r0, [sp, #4] @ unaligned
347 ldr r4, [sp, #4]
348 mov r5, r4, asr #31
349 strd r4, [r8, #40]
...
This should fix#104. It was tested on an actual Beaglebone Black.
An alternative fix would be to disable alignment checking by setting
SCTRL.A to 0 and allowing unaligned memory accesses.
Change-Id: I4d366eb0af1b2936bca369fd28014fb829228ad5
For now, distinguish alignment, translation and permission faults.
The first kind of faults cause the kernel to send SIGBUS to the
process causing the fault, the latter two are forwarded to `vm' as
pagefaults. Previously, any data abort was forwarded to `vm' as
a pagefault, resulting in hard to debug issue #104.
Any unhandled fault status results in a disaster. This seems
better than naively hoping `vm' can do something about it.
Change-Id: I526f575bb2681e087e20fd49c5c0846cdd450c31
This directory no longer exists, probably since the netbsd file layout
re-organization.
Closes#244
Change-Id: Ie4e3761dbf3adbdd76cb6323f920a4abab6b29d5
I tried to launch Minix3 in Qubes OS. While there is no problem to boot
minix as a qube (in Qubes OS terminology) before 3641562, it fails with
the commit (and after). I didn't digg into PCI handling but this change
fixes the problem. Minix handles NULL case from pci_subclass_name.
Change-Id: I162424d92b613598e6eb845a71f90a02e31041db
