[Xenomai] SMAP-detected direct userspace access

Gilles Chanteperdrix gilles.chanteperdrix at xenomai.org
Sun Dec 27 18:41:58 CET 2015


On Sun, Dec 27, 2015 at 06:00:02PM +0100, Jan Kiszka wrote:
> On 2015-12-18 18:12, Gilles Chanteperdrix wrote:
> > On Fri, Dec 18, 2015 at 05:23:55PM +0100, Jan Kiszka wrote:
> >> Hi all,
> >>
> >> I know this is legacy code, but this is where we currently stumbled into
> >> it, and maybe the same pattern also exists in 3.x:
> >>
> >> http://git.xenomai.org/xenomai-2.6.git/tree/ksrc/skins/posix/syscall.c#n1182
> >>
> >> more precisely:
> >>
> >>     return pse51_mutex_check_init(&umx->shadow_mutex, attr);
> >>
> >> Here we pass the userspace object for initialization to the core instead
> >> of handing over the kernel shadow and then copying over the result. Is
> >> there a reason for this? Could we have more of such cases?
> >>
> >> Background: SMAP detects and prevents any direct userspace memory access
> >> on x86 except or those that are wrapped in stac() and clac() (which
> >> toggle a bit in eflags). Generally a useful feature we should allow to
> >> be enabled for robustness reasons.
> > 
> > BTW, I believe most RTnet ioctls have this issue.
> > 
> 
> Correct, long-pending deficit that will now start to bite back more
> seriously. I was always postponing this until some potential userspace
> ABI overhaul.

The ABI overhaul should happen in the 3.1 branch, hopefully real
soon now (tm).

-- 
					    Gilles.
https://click-hack.org



More information about the Xenomai mailing list