Fork us on GitHub Follow us on Google+ Follow us on Facebook Follow us on Twitter

Opened 2 days ago

Last modified 43 hours ago

#749 new defect

Map and eradicate uses of kernel addresses as IDs for userspace

Reported by: Jakub Jermář Owned by:
Priority: major Milestone:
Component: helenos/kernel/generic Version: mainline
Keywords: Cc:
Blocker for: Depends on:
See also:

Description (last modified by Jakub Jermář)

The kernel (still) intentionally leaks kernel addresses at various places in order to provide identifiers to userspace.

In the past it used to identify calls this way, but this behavior has been replaced by using capabilities. There are still some other uses in other contexts that this ticket aims to map and eventually eradicate.

Note that using kernel addresses as userspace IDs is bad for two reasons:

  1. leaking addresses of kernel objects represents a security risk and
  2. kernel addresses use a global namespace (unlike task-local capability handles), so this precludes some light forms of virtualisation on the namespace-level

The following list enumerates the individual cases:

  • ipc_forward sets phone_t *newphone in call->data.phone
  • ipc_forward sets TASK->taskid (another global ID) in call->data.task_id
  • _ipc_call_actions_internal sets phone_t *phone in call->data.phone
  • _ipc_call_actions_internal sets caller->task_id in call->data.task_id
  • sys_ipc_wait_for_call sets call->priv in call->data.phone
  • event_enqueue sets TASK->taskid in call->data.task_id
  • _ipc_answer_free_call sets TASK->taskid in call->data.task_id

Change History (3)

comment:1 Changed 2 days ago by Jakub Jermář

Description: modified (diff)
Summary: Map and eradicate use of kernel addresses as IDs for userspaceMap and eradicate uses of kernel addresses as IDs for userspace

comment:2 Changed 2 days ago by Jakub Jermář

Description: modified (diff)

comment:3 Changed 43 hours ago by Jakub Jermář

Description: modified (diff)
Note: See TracTickets for help on using tickets.