Re: Protecting against kernel NULL-pointer derefs

Julian wrote:
> The assumption is that the userland and kernel share a memory map.
> While we do implement it this way, it is not necessarily needed.
> We do it for performance reasons (each user memory map includes an
> identical top section that is the kernel space, so that we do not need
> to switch memory page arenas (change CR3) when entering the kernel.
> However it might be possible to not do this, and in fact on some
> hardware it is mandatory to not do this).
> 
> It would require a page table arena switch with each syscall which
> would require flushing the TLBs which would be expensive..
> Hmm I guess I've talked myself out of this as a solution..  :-)

So, to be able to run VM86 mode or Wine we could make the NULL mapping
protection a configurable kernel option, (defaulting to 'on'?), which
doscmd/wine users could turn off. A nicer way would be to be able to map
0x0 in userland while having the kernel use its own 0x0 mapping.
Possibly there is a way to do that without making context switches very
expensive? Partial TLB flushes??

I also wonder how Linux and (possibly) other OS'es handle this; I can
imagine it can easily become quite messy resulting in added security
issues or insufficient protection. Anyone have pointers to that regard?

-- 
Pieter
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"