Commit 46fb605d authored by Jeffrey Lee's avatar Jeffrey Lee Committed by ROOL
Browse files

Protect the dynamic area

The PipeFS dynamic area was being created with AP 0, granting usermode
full read/write/execute access. Attempt to restrict it to just the
minimum required permissions - privileged read/write for PipeFS access,
and usermode read for TaskWindow (or other potential UpCall_Sleep
handlers) checking pollwords.

This isn't an ideal situation, both because we're exposing the contents
to everyone, and because systems which are using the long descriptor
page table format will be forced to use the kernel's AP1 emulation to
provide usermode read access, adding unnecessary overhead to pollword

Moving the pollwords to the RMA could be one solution to this (although
it will re-introducing the possibility for user code to scribble on

Version 0.25. Tagged as 'PipeFS-0_25'
parent c6b281a8
; This file is automatically maintained by srccommit, do not edit manually.
; Last processed by srccommit version: 1.1.
GBLS Module_MajorVersion
GBLA Module_Version
......@@ -10,14 +9,12 @@
GBLS Module_ApplicationDate
GBLS Module_HelpVersion
GBLS Module_ComponentName
GBLS Module_ComponentPath
Module_MajorVersion SETS "0.24"
Module_Version SETA 24
Module_MajorVersion SETS "0.25"
Module_Version SETA 25
Module_MinorVersion SETS ""
Module_Date SETS "08 Jun 2018"
Module_ApplicationDate SETS "08-Jun-18"
Module_Date SETS "23 Jan 2023"
Module_ApplicationDate SETS "23-Jan-23"
Module_ComponentName SETS "PipeFS"
Module_ComponentPath SETS "castle/RiscOS/Sources/FileSys/PipeFS"
Module_FullVersion SETS "0.24"
Module_HelpVersion SETS "0.24 (08 Jun 2018)"
Module_FullVersion SETS "0.25"
Module_HelpVersion SETS "0.25 (23 Jan 2023)"
/* (0.24)
/* (0.25)
* This file is automatically maintained by srccommit, do not edit manually.
* Last processed by srccommit version: 1.1.
#define Module_MajorVersion_CMHG 0.24
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 08 Jun 2018
#define Module_MajorVersion_CMHG 0.25
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 23 Jan 2023
#define Module_MajorVersion "0.24"
#define Module_Version 24
#define Module_MajorVersion "0.25"
#define Module_Version 25
#define Module_MinorVersion ""
#define Module_Date "08 Jun 2018"
#define Module_Date "23 Jan 2023"
#define Module_ApplicationDate "08-Jun-18"
#define Module_ApplicationDate "23-Jan-23"
#define Module_ComponentName "PipeFS"
#define Module_ComponentPath "castle/RiscOS/Sources/FileSys/PipeFS"
#define Module_FullVersion "0.24"
#define Module_HelpVersion "0.24 (08 Jun 2018)"
#define Module_LibraryVersionInfo "0:24"
#define Module_FullVersion "0.25"
#define Module_HelpVersion "0.25 (23 Jan 2023)"
#define Module_LibraryVersionInfo "0:25"
......@@ -357,6 +357,19 @@ PipeFS_Init Entry
[ dynamicareas
; Ideally we'd set up the DA so that it only supports read/write access
; from privileged modes. Unfortunately that isn't possible at the
; moment, because we're storing our pollwords in the DA, and TaskWindow
; checks them from user mode. So we must also give out usermode read
; access. Find which AP most closely matches those requirements (which
; will render the DA non-executable on modern systems)
MOV R0, #OSMemReason_FindAccessPrivilege
MOV R1, #MemPermission_PrivR+MemPermission_PrivW+MemPermission_UserR
MOV R2, #MemPermission_PrivR+MemPermission_PrivW+MemPermission_UserR
SWI XOS_Memory
MOVVS R0, #1 ; Old kernel, fall back to privileged R/W/X + user R/X
ORR R4, R0, #DynAreaFlags_NotUserDraggable
SWI XOS_ReadMemMapInfo
STR R0, PipeFS_PageSize
......@@ -365,7 +378,6 @@ PipeFS_Init Entry
MOV R0, #DAReason_Create
MVN R1, #0 ; must be -1
MVN R3, #0 ; must be -1
MOV R4, #1<<7 ; flags: bit 7 set -> not resizeable from Task Manager
MOV R5, #&1000000 ; 16MB maximum size
MOV R6, #0 ; no handler routine
MOV R7, #0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment