Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#749 closed defect (fixed)

Map and eradicate uses of kernel addresses as IDs for userspace

Reported by: Jakub Jermář Owned by:
Priority: major Milestone: 0.8.0
Component: helenos/kernel/generic Version: mainline
Keywords: Cc:
Blocker for: Depends on:
See also:

Description (last modified by Jakub Jermář)

The kernel (still) intentionally leaks kernel addresses at various places in order to provide identifiers to userspace.

In the past it used to identify calls this way, but this behavior has been replaced by using capabilities. There are still some other uses in other contexts that this ticket aims to map and eventually eradicate.

Note that using kernel addresses as userspace IDs is bad for two reasons:

  1. leaking addresses of kernel objects represents a security risk and
  2. kernel addresses use a global namespace (unlike task-local capability handles), so this precludes some light forms of virtualisation on the namespace-level

The following list enumerates the individual cases:

  • ipc_forward sets phone_t *newphone in call->data.phone
  • ipc_forward sets TASK->taskid (another global ID) in call->data.task_id
  • _ipc_call_actions_internal sets phone_t *phone in call->data.phone
  • _ipc_call_actions_internal sets caller->task_id in call->data.task_id
  • sys_ipc_wait_for_call sets call->priv in call->data.phone
  • event_enqueue sets TASK->taskid in call->data.task_id
  • _ipc_answer_free_call sets TASK->taskid in call->data.task_id

Change History (6)

comment:1 by Jakub Jermář, 6 years ago

Description: modified (diff)
Summary: Map and eradicate use of kernel addresses as IDs for userspaceMap and eradicate uses of kernel addresses as IDs for userspace

comment:2 by Jakub Jermář, 6 years ago

Description: modified (diff)

comment:3 by Jakub Jermář, 6 years ago

Description: modified (diff)

comment:4 by Jakub Jermář, 6 years ago

I address the phone hash part of the problem in PR 48.

comment:5 by Jakub Jermář, 6 years ago

Resolution: fixed
Status: newclosed

Commit 676900501376128cbb87ed9ea866e1bfbb52a5db stopped using kernel addresses as IDs. The task IDs and thread IDs are still global, but are not as bad as IDs derived directly from a kernel address. Moreover, they should naturally disappear with the kernel switching over to using capabilities for tasks and threads in the future. I feel I've done this ticket justice.

Last edited 6 years ago by Jakub Jermář (previous) (diff)

comment:6 by Jakub Jermář, 6 years ago

Milestone: 0.8.0
Note: See TracTickets for help on using tickets.