Here is a PoC of NULL pointer dereference checking in coreboot x86. It is
surprisingly easy to implement.
It uses strange expand down segments, making a data segment from 4KB-4GB (with
base 0). It should catch most NULL derefence symbols. Unfortunately we access
0x500 while placing the coreboot tables. The hack in the patch just swaps the ds
selector work arounding that.
More advanced method would use paging and PAE, first 4MB with 4KB pages rest
with 4MB pages identity mapped. We could even mark other than coreboot RAM range
as "missing" allowing more fine grained tests what is where accessed.
Even the segment hack above could be used to check the stack overflows, but I
think we will need in IDT instead of interrupt gate a task gate and set there a
exception stack, otherwise it will end very badly while CPU is trying to safe
stack yet again during the exception.
PS: Qemu does not implement segment limit checking, so just try on real HW. Dont
forget to switch off GDB debugging otherwise you wont get human readable
exception notice, on the other hand you can try to debug that ;)
Show replies by date