[Xenomai] SMAP-detected direct userspace access
gilles.chanteperdrix at xenomai.org
Fri Dec 18 18:12:03 CET 2015
On Fri, Dec 18, 2015 at 05:23:55PM +0100, Jan Kiszka wrote:
> Hi all,
> I know this is legacy code, but this is where we currently stumbled into
> it, and maybe the same pattern also exists in 3.x:
> more precisely:
> return pse51_mutex_check_init(&umx->shadow_mutex, attr);
> Here we pass the userspace object for initialization to the core instead
> of handing over the kernel shadow and then copying over the result. Is
> there a reason for this? Could we have more of such cases?
> Background: SMAP detects and prevents any direct userspace memory access
> on x86 except or those that are wrapped in stac() and clac() (which
> toggle a bit in eflags). Generally a useful feature we should allow to
> be enabled for robustness reasons.
BTW, I believe most RTnet ioctls have this issue.
More information about the Xenomai