From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <48AFF584.3070506@domain.hid> Date: Sat, 23 Aug 2008 13:33:24 +0200 From: Gilles Chanteperdrix MIME-Version: 1.0 References: <48AFCB3F.6070902@domain.hid> <48AFE498.2060805@domain.hid> <48AFEC44.8000407@domain.hid> <48AFEF7C.8090503@domain.hid> <48AFF4FB.1020702@domain.hid> In-Reply-To: <48AFF4FB.1020702@domain.hid> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Xenomai-core] Racy pse51_mutex_check_init? List-Id: "Xenomai life and development \(bug reports, patches, discussions\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jan Kiszka Cc: Xenomai-core@domain.hid Jan Kiszka wrote: > Gilles Chanteperdrix wrote: >> Philippe Gerum wrote: >>> Gilles Chanteperdrix wrote: >>>> Hi Jan, >>>> >>>> Please do not use my address at gmail, gna does not want me to post from >>>> this address: >>>> >>>> 2008-08-23 12:10:19 1KWq4T-0000zD-9E ** xenomai@xenomai.org >>>> R=dnslookup T=remote_smtp: SMTP error from remote mailer after RCPT TO:>>> core@domain.hid>: host mail.gna.org [88.191.250.46]: 550 rejected because gmail.com i >>>> s in a black list at dsn.rfc-ignorant.org >>>> >>>> so, here is a repost of my answer: >>>> >>>> Jan Kiszka wrote: >>>>>> Hi Gilles, >>>>>> >>>>>> trying to understand the cb_read/write lock usage, some question came up >>>>>> here: What prevents that the mutexq iteration in pse51_mutex_check_init >>>>>> races against pse51_mutex_destroy_internal? >>>> Well, I am afraid the mechanism used is not 100% safe. Anyway, the aim >>>> is to catch most of invalid usages, it seems we can not catch them all. >>>> >>>>>> If nothing, then I wonder if we actually have to iterate over the whole >>>>>> queue to find out whether a given object has been initialized and >>>>>> registered already or not. Can't this be encoded differently? >>>>>> >>>>>> BTW, shadow_mutex.mutex is a kernel pointer sitting in a user-reachable >>>>>> memory region? Why not using a handle here, like the native skin does? >>>>>> Won't that allow to resolve the issue above as well? >>>> This has been so from the beginning, and I did not change it. >>>> >>> To get registry handles, you first need to register objects. The POSIX skin >>> still does not use the built-in registry, that's why. >> Well the registry is about associating objects with their name, and >> since most posix skin objects have no name, I did not see the point of >> using the registry. And for the named objects, the nucleus registry was >> not compatible with the posix skin requirements, which is why I did not >> use it... > > The registry is also about providing user-safe handles for unnamed > object - so that you don't risk accepting borken kernel pointers from > user space. Yes, and from a security point of view, accepting pointers from user-space may help an ordinary user become root by passing cleverly crafted kernel-space addresses. -- Gilles.