From 1d920fa1b519004359b73c3ad75f2e3f43207b34 Mon Sep 17 00:00:00 2001 From: Alexander Boettcher Date: Mon, 5 Jan 2015 22:09:51 +0100 Subject: [PATCH] nova: fix usage of portal permission The commit - fixes the syscall bindings for using portal permissions - revokes PT_CTRL permission after pager in core set local badge name - revokes PT_CTRL permission after server entrypoint code set local badge name Fixes #1335 --- repos/base-nova/include/cap_session/client.h | 14 +----- .../base-nova/include/nova/syscall-generic.h | 4 +- repos/base-nova/src/base/pager/pager.cc | 5 ++- repos/base-nova/src/base/server/server.cc | 44 +++++++++++++++---- 4 files changed, 44 insertions(+), 23 deletions(-) diff --git a/repos/base-nova/include/cap_session/client.h b/repos/base-nova/include/cap_session/client.h index 42badbdfaa..8604d84887 100644 --- a/repos/base-nova/include/cap_session/client.h +++ b/repos/base-nova/include/cap_session/client.h @@ -6,7 +6,7 @@ */ /* - * Copyright (C) 2006-2013 Genode Labs GmbH + * Copyright (C) 2006-2015 Genode Labs GmbH * * This file is part of the Genode OS framework, which is distributed * under the terms of the GNU General Public License version 2. @@ -29,17 +29,7 @@ namespace Genode { Native_capability alloc(Native_capability ep, addr_t entry = 0, addr_t flags = 0) { - Native_capability cap = call(ep, entry, flags); - - using namespace Nova; - - /* set our local name */ - if (NOVA_OK != pt_ctrl(cap.local_name(), cap.local_name())) - nova_die(); - /* disable the feature for security reasons now */ - revoke(Obj_crd(cap.local_name(), 0, Obj_crd::RIGHT_PT_CTRL)); - - return cap; + return call(ep, entry, flags); } void free(Native_capability cap) { call(cap); } diff --git a/repos/base-nova/include/nova/syscall-generic.h b/repos/base-nova/include/nova/syscall-generic.h index 1f18bc71b3..21f8fcc2b4 100644 --- a/repos/base-nova/include/nova/syscall-generic.h +++ b/repos/base-nova/include/nova/syscall-generic.h @@ -362,8 +362,8 @@ namespace Nova { enum { RIGHT_EC_RECALL = 0x1U, - RIGHT_PT_CALL = 0x1U, - RIGHT_PT_CTRL = 0x2U, + RIGHT_PT_CALL = 0x2U, + RIGHT_PT_CTRL = 0x1U, RIGHT_SM_UP = 0x1U, RIGHT_SM_DOWN = 0x2U }; diff --git a/repos/base-nova/src/base/pager/pager.cc b/repos/base-nova/src/base/pager/pager.cc index 5af39a4e2f..63d0d98b8e 100644 --- a/repos/base-nova/src/base/pager/pager.cc +++ b/repos/base-nova/src/base/pager/pager.cc @@ -7,7 +7,7 @@ */ /* - * Copyright (C) 2010-2013 Genode Labs GmbH + * Copyright (C) 2010-2015 Genode Labs GmbH * * This file is part of the Genode OS framework, which is distributed * under the terms of the GNU General Public License version 2. @@ -466,6 +466,9 @@ Pager_capability Pager_entrypoint::manage(Pager_object *obj) Native_capability cap_session = _cap_session->alloc(pager_thread_cap, obj->handler_address()); + /* disable PT_CTRL feature */ + revoke(Obj_crd(cap_session.local_name(), 0, Obj_crd::RIGHT_PT_CTRL)); + /* add server object to object pool */ obj->Object_pool::Entry::cap(cap_session); insert(obj); diff --git a/repos/base-nova/src/base/server/server.cc b/repos/base-nova/src/base/server/server.cc index c06e17a5f1..b36797fc08 100644 --- a/repos/base-nova/src/base/server/server.cc +++ b/repos/base-nova/src/base/server/server.cc @@ -7,7 +7,7 @@ */ /* - * Copyright (C) 2010-2013 Genode Labs GmbH + * Copyright (C) 2010-2015 Genode Labs GmbH * * This file is part of the Genode OS framework, which is distributed * under the terms of the GNU General Public License version 2. @@ -25,6 +25,32 @@ using namespace Genode; +static Untyped_capability create_portal(Cap_session * cap_session, + Untyped_capability ec_cap, + addr_t entry) +{ + Untyped_capability obj_cap; + + obj_cap = cap_session->alloc(ec_cap, entry); + + if (!obj_cap.valid()) + return obj_cap; + + using namespace Nova; + + /* set local badge */ + if (pt_ctrl(obj_cap.local_name(), obj_cap.local_name()) != NOVA_OK) { + cap_session->free(obj_cap); + return Untyped_capability(); + } + + /* disable PT_CTRL permission - feature for security reasons now */ + revoke(Obj_crd(obj_cap.local_name(), 0, Obj_crd::RIGHT_PT_CTRL)); + + return obj_cap; +} + + /*********************** ** Server entrypoint ** ***********************/ @@ -33,7 +59,7 @@ Untyped_capability Rpc_entrypoint::_manage(Rpc_object_base *obj) { using namespace Nova; - Untyped_capability ec_cap, ep_cap; + Untyped_capability ec_cap, obj_cap; /* _ec_sel is invalid until thread gets started */ if (tid().ec_sel != Native_thread::INVALID_INDEX) @@ -41,14 +67,16 @@ Untyped_capability Rpc_entrypoint::_manage(Rpc_object_base *obj) else ec_cap = _thread_cap; - ep_cap = _cap_session->alloc(ec_cap, (addr_t)_activation_entry); + obj_cap = create_portal(_cap_session, ec_cap, (addr_t)_activation_entry); + if (!obj_cap.valid()) + return obj_cap; /* add server object to object pool */ - obj->cap(ep_cap); + obj->cap(obj_cap); insert(obj); - /* return entrypoint capability */ - return ep_cap; + /* return object capability managed by entrypoint thread */ + return obj_cap; } @@ -218,8 +246,8 @@ Rpc_entrypoint::Rpc_entrypoint(Cap_session *cap_session, size_t stack_size, Thread_base::start(); /* create cleanup portal */ - _cap = _cap_session->alloc(Native_capability(_tid.ec_sel), - (addr_t)_activation_entry); + _cap = create_portal(cap_session, Native_capability(_tid.ec_sel), + (addr_t)_activation_entry); if (!_cap.valid()) throw Cpu_session::Thread_creation_failed();