search for: vm_min_address

...map pages at address 0x0 (and a bit beyond), it is possible to make such NULL-pointer deref bugs mere DoS'es instead of code execution bugs. Linux has implemented such a protection for a long while now, by disallowing page mappings on 0x0 - 0xffff. On FreeBSD, it appears that simply bumping up VM_MIN_ADDRESS to 65536 downgrades a whole class of code execution vulnerabilities to DoS vulnerabilities. I've raised that #define to 65536 on a 6.4-RELEASE i386 VM. This made at least the mmap() method to map at 0x0 fail. So: - How do you feel about disallowing such mappings to protect against NULL-pointer...

..., end); 2200 vm_map_unlock(map); 2201 2202 if (map == kmem_map || map == mb_map) 2203 splx(s); (kgdb) up #13 0xc0159c3d in exit1 (p=0xe8a89ea0, rv=1054720) at /usr/src/sys/kern/kern_exit.c:226 226 (void) vm_map_remove(&vm->vm_map, VM_MIN_ADDRESS, (kgdb) list 221 if (--vm->vm_refcnt == 0) { 222 if (vm->vm_shm) 223 shmexit(p); 224 pmap_remove_pages(vmspace_pmap(vm), VM_MIN_ADDRESS, 225 VM_MAXUSER_ADDRESS); 226 (vo...