Minix/minix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

IPC privileges fixes

Browse Source 
Kernel:
o Remove s_ipc_sendrec, instead using s_ipc_to for all send primitives
o Centralize s_ipc_to bit manipulation,
  - disallowing assignment of bits pointing to unused priv structs;
  - preventing send-to-self by not setting bit for own priv struct;
  - preserving send mask matrix symmetry in all cases
o Add IPC send mask checks to SENDA, which were missing entirely somehow
o Slightly improve IPC stats accounting for SENDA
o Remove SYSTEM from user processes' send mask
o Half-fix the dependency between boot image order and process numbers,
  - correcting the table order of the boot processes;
  - documenting the order requirement needed for proper send masks;
  - warning at boot time if the order is violated

RS:
o Add support in /etc/drivers.conf for servers that talk to user processes,
  - disallowing IPC to user processes if no "ipc" field is present
  - adding a special "USER" label to explicitly allow IPC to user processes
o Always apply IPC masks when specified; remove -i flag from service(8)
o Use kernel send mask symmetry to delay adding IPC permissions for labels
  that do not exist yet, adding them to that label's process upon creation
o Add VM to ipc permissions list for rtl8139 and fxp in drivers.conf

Left to future fixes:
o Removal of the table order vs process numbers dependency altogether,
  possibly using per-process send list structures as used for SYSTEM calls
o Proper assignment of send masks to boot processes;
  some of the assigned (~0) masks are much wider than necessary
o Proper assignment of IPC send masks for many more servers in drivers.conf
o Removal of the debugging warning about the now legitimate case where RS's
  add_forward_ipc cannot find the IPC destination's label yet
This commit is contained in:
David van Moolenbroek
2009-07-02 16:25:31 +00:00
parent aa84986819
commit b8b8f537bd
13 changed files with 297 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
kernel/main.c
View File

@@ -83,6 +83,10 @@ PUBLIC void main()
priv(rp)->s_flags = ip->flags; /* process flags */
priv(rp)->s_trap_mask = ip->trap_mask; /* allowed traps */
/* Warn about violations of the boot image table order consistency. */
if (priv_id(rp) != s_nr_to_id(ip->proc_nr))
kprintf("Warning: boot image table has wrong process order\n");
/* Initialize call mask bitmap from unordered set.
* A single SYS_ALL_CALLS is a special case - it
* means all calls are allowed.
@@ -99,12 +103,9 @@ PUBLIC void main()
SET_BIT(priv(rp)->s_k_call_mask,
ip->k_calls[ci]-KERNEL_CALL);
priv(rp)->s_ipc_to.chunk[0] = ip->ipc_to; /* restrict targets */
for (j=0; j<BITMAP_CHUNKS(NR_SYS_PROCS); j++) {
rp->p_priv->s_ipc_sendrec.chunk[j] = ~0L;
}
unset_sys_bit(rp->p_priv->s_ipc_sendrec, USER_PRIV_ID);
for (j = 0; j < NR_SYS_PROCS && j < BITCHUNK_BITS; j++)
if (ip->ipc_to & (1 << j))
set_sendto_bit(rp, j); /* restrict targets */
if (iskerneln(proc_nr(rp))) { /* part of the kernel? */
if (ip->stksize > 0) { /* HARDWARE stack size is 0 */