Jan Kiszka wrote: > Gilles Chanteperdrix wrote: >> Philippe Gerum wrote: >>> Gilles Chanteperdrix wrote: >>>> Hi Jan, >>>> >>>> Please do not use my address at gmail, gna does not want me to post from >>>> this address: >>>> >>>> 2008-08-23 12:10:19 1KWq4T-0000zD-9E ** xenomai-core@gna.org >>>> <Xenomai-core@gna.org >>>>> R=dnslookup T=remote_smtp: SMTP error from remote mailer after RCPT >>>>> TO:<Xenomai- >>>> [EMAIL PROTECTED]>: host mail.gna.org [88.191.250.46]: 550 rejected >>>> because gmail.com i >>>> s in a black list at dsn.rfc-ignorant.org >>>> >>>> so, here is a repost of my answer: >>>> >>>> Jan Kiszka wrote: >>>>>> Hi Gilles, >>>>>> >>>>>> trying to understand the cb_read/write lock usage, some question came up >>>>>> here: What prevents that the mutexq iteration in pse51_mutex_check_init >>>>>> races against pse51_mutex_destroy_internal? >>>> Well, I am afraid the mechanism used is not 100% safe. Anyway, the aim >>>> is to catch most of invalid usages, it seems we can not catch them all. >>>> >>>>>> If nothing, then I wonder if we actually have to iterate over the whole >>>>>> queue to find out whether a given object has been initialized and >>>>>> registered already or not. Can't this be encoded differently? >>>>>> >>>>>> BTW, shadow_mutex.mutex is a kernel pointer sitting in a user-reachable >>>>>> memory region? Why not using a handle here, like the native skin does? >>>>>> Won't that allow to resolve the issue above as well? >>>> This has been so from the beginning, and I did not change it. >>>> >>> To get registry handles, you first need to register objects. The POSIX skin >>> still does not use the built-in registry, that's why. >> Well the registry is about associating objects with their name, and >> since most posix skin objects have no name, I did not see the point of >> using the registry. And for the named objects, the nucleus registry was >> not compatible with the posix skin requirements, which is why I did not >> use it... > > The registry is also about providing user-safe handles for unnamed > object - so that you don't risk accepting borken kernel pointers from > user space.
Yes, and from a security point of view, accepting pointers from user-space may help an ordinary user become root by passing cleverly crafted kernel-space addresses. -- Gilles. _______________________________________________ Xenomai-core mailing list Xenomai-core@gna.org https://mail.gna.org/listinfo/xenomai-core