Fork us on GitHub Follow us on Google+ Follow us on Facebook Follow us on Twitter

Opened 2 months ago

Closed 7 weeks ago

Last modified 7 weeks ago

#749 closed defect (fixed)

Map and eradicate uses of kernel addresses as IDs for userspace

Reported by: Jakub Jermář Owned by:
Priority: major Milestone:
Component: helenos/kernel/generic Version: mainline
Keywords: Cc:
Blocker for: Depends on:
See also:

Description (last modified by Jakub Jermář)

The kernel (still) intentionally leaks kernel addresses at various places in order to provide identifiers to userspace.

In the past it used to identify calls this way, but this behavior has been replaced by using capabilities. There are still some other uses in other contexts that this ticket aims to map and eventually eradicate.

Note that using kernel addresses as userspace IDs is bad for two reasons:

  1. leaking addresses of kernel objects represents a security risk and
  2. kernel addresses use a global namespace (unlike task-local capability handles), so this precludes some light forms of virtualisation on the namespace-level

The following list enumerates the individual cases:

  • ipc_forward sets phone_t *newphone in call->data.phone
  • ipc_forward sets TASK->taskid (another global ID) in call->data.task_id
  • _ipc_call_actions_internal sets phone_t *phone in call->data.phone
  • _ipc_call_actions_internal sets caller->task_id in call->data.task_id
  • sys_ipc_wait_for_call sets call->priv in call->data.phone
  • event_enqueue sets TASK->taskid in call->data.task_id
  • _ipc_answer_free_call sets TASK->taskid in call->data.task_id

Change History (5)

comment:1 Changed 2 months ago by Jakub Jermář

Description: modified (diff)
Summary: Map and eradicate use of kernel addresses as IDs for userspaceMap and eradicate uses of kernel addresses as IDs for userspace

comment:2 Changed 2 months ago by Jakub Jermář

Description: modified (diff)

comment:3 Changed 2 months ago by Jakub Jermář

Description: modified (diff)

comment:4 Changed 7 weeks ago by Jakub Jermář

I address the phone hash part of the problem in PR 48.

comment:5 Changed 7 weeks ago by Jakub Jermář

Resolution: fixed
Status: newclosed

Commit 676900501376128cbb87ed9ea866e1bfbb52a5db stopped using kernel addresses as IDs. The task IDs and thread IDs are still global, but are not as bad as IDs derived directly from a kernel address. Moreover, they should naturally disappear with the kernel switching over to using capabilities for tasks and threads in the future. I feel I've done this ticket justice.

Last edited 7 weeks ago by Jakub Jermář (previous) (diff)
Note: See TracTickets for help on using tickets.