[Xenomai] SMAP-detected direct userspace access

Gilles Chanteperdrix gilles.chanteperdrix at xenomai.org
Fri Dec 18 18:06:16 CET 2015


On Fri, Dec 18, 2015 at 05:23:55PM +0100, Jan Kiszka wrote:
> Hi all,
> 
> I know this is legacy code, but this is where we currently stumbled into
> it, and maybe the same pattern also exists in 3.x:
> 
> http://git.xenomai.org/xenomai-2.6.git/tree/ksrc/skins/posix/syscall.c#n1182
> 
> more precisely:
> 
>     return pse51_mutex_check_init(&umx->shadow_mutex, attr);
> 
> Here we pass the userspace object for initialization to the core instead
> of handing over the kernel shadow and then copying over the result. Is
> there a reason for this? Could we have more of such cases?

Since the user-space is copied from user-space a couple of lines
above, This looks like a typo. Replacing umx->shadow_mutex with
mx.shadow_mutex should avoid the issue.

-- 
					    Gilles.
https://click-hack.org



More information about the Xenomai mailing list