IPC privileges fixes

Kernel: o Remove s_ipc_sendrec, instead using s_ipc_to for all send primitives o Centralize s_ipc_to bit manipulation, - disallowing assignment of bits pointing to unused priv structs; - preventing send-to-self by not setting bit for own priv struct; - preserving send mask matrix symmetry in all cases o Add IPC send mask checks to SENDA, which were missing entirely somehow o Slightly improve IPC stats accounting for SENDA o Remove SYSTEM from user processes' send mask o Half-fix the dependency between boot image order and process numbers, - correcting the table order of the boot processes; - documenting the order requirement needed for proper send masks; - warning at boot time if the order is violated RS: o Add support in /etc/drivers.conf for servers that talk to user processes, - disallowing IPC to user processes if no "ipc" field is present - adding a special "USER" label to explicitly allow IPC to user processes o Always apply IPC masks when specified; remove -i flag from service(8) o Use kernel send mask symmetry to delay adding IPC permissions for labels that do not exist yet, adding them to that label's process upon creation o Add VM to ipc permissions list for rtl8139 and fxp in drivers.conf Left to future fixes: o Removal of the table order vs process numbers dependency altogether, possibly using per-process send list structures as used for SYSTEM calls o Proper assignment of send masks to boot processes; some of the assigned (~0) masks are much wider than necessary o Proper assignment of IPC send masks for many more servers in drivers.conf o Removal of the debugging warning about the now legitimate case where RS's add_forward_ipc cannot find the IPC destination's label yet
2009-07-02 16:25:31 +00:00
parent aa84986819
commit b8b8f537bd
13 changed files with 297 additions and 170 deletions
--- a/kernel/system/do_privctl.c
+++ b/kernel/system/do_privctl.c
@@ -70,25 +70,15 @@ message *m_ptr;			/* pointer to request message */

 	/* Now update the process' privileges as requested. */
 	rp->p_priv->s_trap_mask = FILLED_MASK;
-	for (i=0; i<BITMAP_CHUNKS(NR_SYS_PROCS); i++) {
-		rp->p_priv->s_ipc_to.chunk[i] = FILLED_MASK;
-	}
-	unset_sys_bit(rp->p_priv->s_ipc_to, USER_PRIV_ID);

-	/* All process that this process can send to must be able to reply. 
-	 * Therefore, their send masks should be updated as well. 
-	 */
-	for (i=0; i<NR_SYS_PROCS; i++) {
-	    if (get_sys_bit(rp->p_priv->s_ipc_to, i)) {
-		  set_sys_bit(priv_addr(i)->s_ipc_to, priv_id(rp));
-	    }
+	/* Set a default send mask. */
+	for (i=0; i < NR_SYS_PROCS; i++) {
+		if (i != USER_PRIV_ID)
+			set_sendto_bit(rp, i);
+		else
+			unset_sendto_bit(rp, i);
 	}

-	for (i=0; i<BITMAP_CHUNKS(NR_SYS_PROCS); i++) {
-		rp->p_priv->s_ipc_sendrec.chunk[i] = FILLED_MASK;
-	}
-	unset_sys_bit(rp->p_priv->s_ipc_sendrec, USER_PRIV_ID);
-
 	/* No I/O resources, no memory resources, no IRQs, no grant table */
 	priv(rp)->s_nr_io_range= 0;
 	priv(rp)->s_nr_mem_range= 0;
@@ -142,10 +132,14 @@ message *m_ptr;			/* pointer to request message */

 		memcpy(priv(rp)->s_k_call_mask, priv.s_k_call_mask,
 			sizeof(priv(rp)->s_k_call_mask));
-		memcpy(&priv(rp)->s_ipc_to, &priv.s_ipc_to,
-			sizeof(priv(rp)->s_ipc_to));
-		memcpy(&priv(rp)->s_ipc_sendrec, &priv.s_ipc_sendrec,
-			sizeof(priv(rp)->s_ipc_sendrec));
+
+		/* Set a custom send mask. */
+		for (i=0; i < NR_SYS_PROCS; i++) {
+			if (get_sys_bit(priv.s_ipc_to, i))
+				set_sendto_bit(rp, i);
+			else
+				unset_sendto_bit(rp, i);
+		}
 	}

 	/* Done. Privileges have been set. Allow process to run again. */