Static variables cause crash in OSX network kext -

-

in mac os x network kernel extension, have noticed if have statically allocated buffer rather dynamic one, leads kernel panic when calling api functions such printf() or send(), ctl_enqueuedata(), many others. if statically allocated buffers can't read or written outside of code.

for instance:

// ok static char* somevar = null; somevar = osmalloc(50, myosmalloctag); bzero(somevar, 50);  // create kernel panic when used outside code static char somevar[50]; bzero(somevar, 50);

why that?

edit: post code, lengthy , difference between version works , 1 causes panic above. have in mind difference in memory location between static variable , 1 allocated osmalloc. can code within ctl_enqueuedata() access both ?

here happened:

panic(cpu 0 caller 0xffffff802eeb7e95): kernel trap @ 0xffffff802ee28896, type 14=page fault, registers: cr0: 0x0000000080010033, cr2: 0x0000000000000031, cr3: 0x000000024fbac0a7, cr4: 0x00000000001606e0 rax: 0x000000007fffff01, rbx: 0x0000000000000000, rcx: 0x0000000000000010, rdx: 0xffffff7fb0d4d573 rsp: 0xffffff811f6fbae0, rbp: 0xffffff811f6fbbe0, rsi: 0x000000007fffffff, rdi: 0x0000000000000073 r8:  0x0000000000000000, r9:  0x0000000000000031, r10: 0x0000000000000000, r11: 0x0000000000000000 r12: 0x0000000000000000, r13: 0x0000000000000019, r14: 0xffffff811f6fbd01, r15: 0x0000000000000031 rfl: 0x0000000000010246, rip: 0xffffff802ee28896, cs:  0x0000000000000008, ss:  0x0000000000000010 fault cr2: 0x0000000000000031, error code: 0x0000000000000000, fault cpu: 0x0  backtrace (cpu 0), frame : return address 0xffffff811f6fb780 : 0xffffff802ee1d626  0xffffff811f6fb7f0 : 0xffffff802eeb7e95  0xffffff811f6fb9c0 : 0xffffff802eecd4dd  0xffffff811f6fb9e0 : 0xffffff802ee28896  0xffffff811f6fbbe0 : 0xffffff802f174a62  0xffffff811f6fbc00 : 0xffffff7fb0d4cead  0xffffff811f6fbd40 : 0xffffff7fb0d46101  0xffffff811f6fbdf0 : 0xffffff802f150525  0xffffff811f6fbe40 : 0xffffff802f1990b2  0xffffff811f6fbef0 : 0xffffff802f1a04f2  0xffffff811f6fbf50 : 0xffffff802f1e063a  0xffffff811f6fbfb0 : 0xffffff802eecdd23

it's not quite clear me mean "outside of [your] code", if answer doesn't help, please elaborate. literal code have supplied work, i'm guessing you've reduced fails?

i can think of 2 problems in context:

allocation lifetime

memory static variables allocated when kext loaded , freed when unloaded. sure whatever using memory not using past unloading of kext? if it's iokit kext, kernel unload automatically after loading unless 1 of personalities matches. might not , code expecting.

threading issues

essentially all kernel code multithreaded, , can't escape it. static/global variables particularly vulnerable race conditions. if 1 thread writing buffer while attempting read via printf(), you're asking trouble. need ensure you're serialising access buffers appropriately, or use different strategy managing buffer memory. if buffers supposed temporary, allocating them on stack (non-static within function) might better idea, depending on size. @merlin069 mentions, kernel stack small (<16kib), avoid bigger maybe few hundred bytes. 50 byte buffer in example should fine though unless it's recursive function.

update:

regarding sub-question of "what have in mind difference in memory location between static variable , 1 allocated osmalloc. can code within ctl_enqueuedata() access both ?"

yes.

accessing memory allocated within kernel doing in regular program. kernel_task has own memory map, active whenever running in kernel mode. kernel monolithic, pointer valid in 1 kext valid in another. it's when want access user space memory kernel, or kernel space user space, have deal mappings explicitly.


Comments

Post a Comment

Popular posts from this blog

java - Jmockit String final length method mocking Issue -

-
using jmockit 1.2 jar, trying mock string's length method getting unexpected invocation exception: failed: test java.lang.illegalstateexception: missing invocation mocked type @ point; please make sure such invocations appear after declaration of suitable mock field or parameter @ stringdemo.testa$1.<init>(testa.java:17) @ stringdemo.testa.test(testa.java:13) i using testng: @test public void test() throws exception { new expectations() { @mocked("length") string astring; { astring.length(); result = 2; } }; system.out.println(a.showa("test")); } } actual class a: public class { public static int showa(string str){ int a= str.length(); return a; } } this wrong way of recording expected results. shouldn't mock , record string's length() method, record showa() instead. here solution @suppresswarnings("unused...
Read more

What is the difference between data design and data model(ERD) -

-
i have google question , find answer in day. know, data design many many table have list column,and mark pk , fk. why er-diagram have find this? data design process of designing database. main output of data design detailed logical data model of database. some people data design includes of needed logical , physical design choices , physical storage parameters needed generate design in data definition language. technically, database analysis, database analysts (dbas) trained do. while person can both data design , database analysis, these 2 different tasks. data design models data. database analysis takes model , applies 1 or more database engines (relational, hierarchical, nosql). a logical data model 1 of main outputs of data design. data model represented entity relationship diagram, or er diagram.
Read more

ios - Can NSManagedObject conform to NSCoding -

-
i need transfer single object across device. right converting nsmanagedobject dictionary , archiving , sending nsdata. upon receiving unarchiving it. transfer nsmanagedobject archiving , unarchiving instead of creating intermediate data object. @interface test : nsmanagedobject<nscoding> @property (nonatomic, retain) nsstring * title; @end @implementation test @dynamic title; - (id)initwithcoder:(nscoder *)coder { self = [super init]; if (self) { self.title = [coder decodeobjectforkey:@"title"]; //<crash } return self; } - (void)encodewithcoder:(nscoder *)coder { [coder encodeobject:self.title forkey:@"title"]; } @end nsdata *archivedobjects = [nskeyedarchiver archiveddatawithrootobject:testobj]; nsdata *objectsdata = archivedobjects; if ([objectsdata length] > 0) { nsarray *objects = [nskeyedunarchiver unarchiveobjectwithdata:objectsdata]; } the problem above code is. crashes @ self.title in initwithcoder sa...
Read more