The security side of it is basically non existant anyway. If you can map it
you can play naughty. If I decide to do raw I/O DMA directly into that
segment you either litter the kernel with special cases or accept that
if you do stupid things it breaks.
I'm for the latter 8)
> +static inline struct ksem *get_ksem(struct fast_sem *s)
> +{
> + struct ksem *r = (struct ksem*)s->__opaque_ksem;
> + if(!r) return NULL;
> + if(r->magic != FS_SIG_MAGIC) return NULL;
Bang, dead, raw hardware access - game over. You can't dereference the
untrusted pointer to check if its valid, even to look at it. Wouldn't it
be easier and safer to create a two page map, where page 0 is the r/w
objects and page 1 is mapped r/o or kernel private and consists of identical
sized objects ? Then its a case of offset from page start + array bias.
> + struct ksem *s;
> + s = kmalloc(sizeof(*s), GFP_KERNEL);
if(s==NULL) check missing
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/