patacongo edited a comment on pull request #1341: URL: https://github.com/apache/incubator-nuttx/pull/1341#issuecomment-652127320
It is an incorrect design to call C++ constructors or destructors from the OS in kernel mode (PROTECTED and KERNEL builds) or with interrupts disabled. Calling the constructors.destructors introduces new problems similar to those discussed in Issue #1263 and which I am working toward fixing in PR #1328 Executing the constructors/destructors in kernel mode is a security violation. Running the constructors/destructors with interrupts disabled is just wrong. What if they need to wait for an event in a busy loop? No user code should ever run with interrupts disabled: This change should not be done. You should consider contributing to the correct fix that does not introduce additional problems of this nature. I would recommend that this change not be merged is it is not correct. It is expedient... but it is wrong. That is forbidden in the INVIOLABLES.txt: The Enemies =========== No Short Cuts ------------- o Doing things the easy way instead of the correct way. o Reducing effort at the expense of Quality, Portability, or Consistency. o Focus on the values of the organization, not the values of the Open Source project. Need to support both. o It takes work to support the Inviolables. There are no shortcuts. Let's do things right. There is also a bug already listed in the to-level TODO list (This is also Issue #1265 ): Title: C++ CONSTRUCTORS HAVE TOO MANY PRIVILEGES (PROTECTED MODE) Description: When a C++ ELF module is loaded, its C++ constructors are called via sched/task_starthook.c logic. This logic runs in protected mode. The is a security hole because the user code runs with kernel- privileges when the constructor executes. Destructors likely have the opposite problem. The probably try to execute some kernel logic in user mode? Obviously this needs to be investigated further. Status: Open Priority: Low (unless you need build a secure C++ system). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org