pussuw commented on PR #11165: URL: https://github.com/apache/nuttx/pull/11165#issuecomment-1807967384
> @pussuw what are the pros and cons of moving the cancellation points to user space/libc ? @acassis My primary concern and motivation for doing these changes is to improve security via cleaner kernel/userspace separation. Improving security is a pro for me. It is also the most important improvement point in NuttX for me. The con is of course a possible regression. I presume many people are happy with how things are right now and would rather not see such architectural changes. **So why do it at all then ?** It is a prerequisite for moving `sem_` `pthread_` et all into libc/userspace as well (from the sched/ folder) and instead of exposing e.g. `sem_wait()` as system call, `nxsem_wait()` would be the gate into kernel, while the libc part handles errno and cancel points. **What is the problem I'm trying to fix?** I am trying to find a fix for the current user space semaphores, specifically for the kernel build. The problem is that the sem_t data goes into user memory (waitlist, flags, holderlist). The user should only need access to the counter, the rest is needed by the kernel. The problem with having that data in user memory is obviously that the user memory might not always be accessible via a user space pointer (wrong address environment can be active). This is a long story but some of it is in here https://github.com/apache/nuttx/issues/8917 and some is on the mailing list -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
