Map and eradicate uses of kernel addresses as IDs for userspace
The kernel (still) intentionally leaks kernel addresses at various places in order to provide identifiers to userspace.
In the past it used to identify calls this way, but this behavior has been replaced by using capabilities. There are still some other uses in other contexts that this ticket aims to map and eventually eradicate.
Note that using kernel addresses as userspace IDs is bad for two reasons:
- leaking addresses of kernel objects represents a security risk and
- kernel addresses use a global namespace (unlike task-local capability handles), so this precludes some light forms of virtualisation on the namespace-level
The following list enumerates the individual cases:
ipc_forward
sets phone_t *newphone
in call->data.phone
ipc_forward
sets TASK->taskid
(another global ID) in call->data.task_id
_ipc_call_actions_internal
sets phone_t *phone
in call->data.phone
_ipc_call_actions_internal
sets caller->task_id
in call->data.task_id
sys_ipc_wait_for_call
sets call->priv
in call->data.phone
event_enqueue
sets TASK->taskid
in call->data.task_id
_ipc_answer_free_call
sets TASK->taskid
in call->data.task_id
I address the phone hash part of the problem in PR 48.