base: decouple 'Pd_session' from 'Ram_allocator'

With this patch, the 'Pd_session' interface no longer implements the 'Ram_allocator' interface, which allows us to change the 'Genode::Ram_allocator' semantics (as a subsequent step) without affecting core's PD service. The patch also replaces the client-local implementation of 'Pd_session_client::dataspace_size' by the proper RPC call 'ram_size' to core, which mitigates the potential risk of de-referencing a dataspace cap of an untrusted origin. E.g., in scenarios where the monitor component requests the size of a dataspace allocated by the debugging target. Since 'ram_size' is an RPC call, it cannot be const. Hence, the 'Ram_alloctor::dataspace_size' has become non-const. The new 'Pd_ram_allocator' implements the 'Ram_allocator' interface by using a PD session. Issue #5502
2025-06-22 08:50:09 +00:00 · 2025-03-31 18:31:53 +02:00
parent 25fb8a07eb
commit ff83de2bbc
49 changed files with 279 additions and 132 deletions
--- a/repos/base-linux/src/core/stack_area.cc
+++ b/repos/base-linux/src/core/stack_area.cc
@ -81,7 +81,7 @@ struct Stack_area_ram_allocator : Genode::Ram_allocator

 	void free(Genode::Ram_dataspace_capability) override { }

-	Genode::size_t dataspace_size(Genode::Ram_dataspace_capability) const override { return 0; }
+	Genode::size_t dataspace_size(Genode::Ram_dataspace_capability) override { return 0; }
 };


--- a/repos/base-linux/src/include/base/internal/platform.h
+++ b/repos/base-linux/src/include/base/internal/platform.h
@ -52,9 +52,11 @@ struct Genode::Platform

 	Local_pd_session pd { parent, pd_cap };

+	Pd_ram_allocator ram { pd };
+
 	Expanding_cpu_session_client cpu { parent, cpu_cap, Parent::Env::cpu() };

-	Heap heap { pd, rm };
+	Heap heap { ram, rm };

 	Platform() { _attach_stack_area(); }

--- a/repos/base-linux/src/lib/base/attach_stack_area.cc
+++ b/repos/base-linux/src/lib/base/attach_stack_area.cc
@ -33,5 +33,5 @@ void Platform::_attach_stack_area()
 	});

 	env_stack_area_region_map    = &pd._stack_area;
-	env_stack_area_ram_allocator = &pd;
+	env_stack_area_ram_allocator = &ram;
 }
--- a/repos/base-linux/src/lib/base/platform.cc
+++ b/repos/base-linux/src/lib/base/platform.cc
@ -156,7 +156,7 @@ Platform &Genode::init_platform()
 	init_thread(platform.cpu, platform.rm);
 	init_thread_start(platform.pd.rpc_cap());
 	init_thread_bootstrap(platform.cpu, platform.parent.main_thread_cap());
-	init_exception_handling(platform.pd, platform.rm);
+	init_exception_handling(platform.ram, platform.rm);
 	init_signal_receiver(platform.pd, platform.parent);

 	return platform;
--- a/repos/base-linux/src/test/region_map_mmap/main.cc
+++ b/repos/base-linux/src/test/region_map_mmap/main.cc
@ -31,8 +31,11 @@ static void test_linux_rmmap_bug(Env &env)

 	log("line: ", __LINE__);
 	for (unsigned i = 0; i < ROUNDS; ++i) {
-		Ram_dataspace_capability ds(pd.alloc(CHUNK));
-		log(i + 1, " of ", (unsigned)ROUNDS, " pages allocated");
+		Pd_session::Alloc_ram_result const result = pd.alloc_ram(CHUNK);
+		if (result.ok())
+			log(i + 1, " of ", (unsigned)ROUNDS, " pages allocated");
+		else
+			error("allocation ", i + 1, " of ", (unsigned)ROUNDS, " failed");
 	}

 	log("Done.");