Re: EFI memory map

2020-01-03 Thread Maxime Villard 

Le 02/01/2020 à 16:55, Emmanuel Dreyfus a écrit :

And indeed, studying the crash in ddb shows it happens when
accessing a physical address that is excluded by x86_fake_clusters()
but included by EFI memory map.


Note that x86_fake_clusters() is unsafe. It does not exclude the MMIO
pages, because only the bios can tell where they are. These pages can
get returned by uvm_pagealloc, triggering all sorts of crazy behavior,
potentially physically nuking the machine.

I think we should remove this function.

Maxime

Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages

2020-01-03 Thread Thor Lancelot Simon 
On Thu, Jan 02, 2020 at 08:36:51PM +0100, Maxime Villard wrote:
> 
>  - uscanner, which was brought up by other people for an unrelated reason.
>It was removed from FreeBSD in 2009, from OpenBSD in 2013, and disabled
>in NetBSD in 2016. It has been superseded by ugen+SANE.

I would like to suggest that the use of "generic" USB/SCSI/etc. devices
that allow sending arbitrary commands from userland is one of the least
safe design patterns in modern operating systems.  Not all security
issues are accidental - some work as designed, and I think this is one
such.

So it's a bit of a shame to see uscanner or any other target-specific
driver go, with an inherently unsafe generic target driver as replacement,
though perhaps in this case it's necessary.

-- 
 Thor Lancelot Simon t...@panix.com
  "Whether or not there's hope for change is not the question.  If you
   want to be a free person, you don't stand up for human rights because
   it will work, but because it is right."  --Andrei Sakharov