Jan Kiszka wrote:
> Gilles Chanteperdrix wrote:
>> Philippe Gerum wrote:
>>> Gilles Chanteperdrix wrote:
>>>> Hi Jan,
>>>>
>>>> Please do not use my address at gmail, gna does not want me to post from
>>>> this address:
>>>>
>>>> 2008-08-23 12:10:19 1KWq4T-0000zD-9E ** xenomai-core@gna.org
>>>> <Xenomai-core@gna.org
>>>>> R=dnslookup T=remote_smtp: SMTP error from remote mailer after RCPT
>>>>> TO:<Xenomai-
>>>> [EMAIL PROTECTED]>: host mail.gna.org [88.191.250.46]: 550 rejected
>>>> because gmail.com i
>>>> s in a black list at dsn.rfc-ignorant.org
>>>>
>>>> so, here is a repost of my answer:
>>>>
>>>> Jan Kiszka wrote:
>>>>>> Hi Gilles,
>>>>>>
>>>>>> trying to understand the cb_read/write lock usage, some question came up
>>>>>> here: What prevents that the mutexq iteration in pse51_mutex_check_init
>>>>>> races against pse51_mutex_destroy_internal?
>>>> Well, I am afraid the mechanism used is not 100% safe. Anyway, the aim
>>>> is to catch most of invalid usages, it seems we can not catch them all.
>>>>
>>>>>> If nothing, then I wonder if we actually have to iterate over the whole
>>>>>> queue to find out whether a given object has been initialized and
>>>>>> registered already or not. Can't this be encoded differently?
>>>>>>
>>>>>> BTW, shadow_mutex.mutex is a kernel pointer sitting in a user-reachable
>>>>>> memory region? Why not using a handle here, like the native skin does?
>>>>>> Won't that allow to resolve the issue above as well?
>>>> This has been so from the beginning, and I did not change it.
>>>>
>>> To get registry handles, you first need to register objects. The POSIX skin
>>> still does not use the built-in registry, that's why.
>> Well the registry is about associating objects with their name, and
>> since most posix skin objects have no name, I did not see the point of
>> using the registry. And for the named objects, the nucleus registry was
>> not compatible with the posix skin requirements, which is why I did not
>> use it...
>
> The registry is also about providing user-safe handles for unnamed
> object - so that you don't risk accepting borken kernel pointers from
> user space.
Yes, and from a security point of view, accepting pointers from
user-space may help an ordinary user become root by passing cleverly
crafted kernel-space addresses.
--
Gilles.
_______________________________________________
Xenomai-core mailing list
Xenomai-core@gna.org
https://mail.gna.org/listinfo/xenomai-core
