Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lib: os: fdtable: Add syscalls for POSIX read/write/close operations #26117

Closed

Conversation

pfalcon
Copy link
Contributor

@pfalcon pfalcon commented Jun 11, 2020

lib: os: fdtable: Add syscalls for POSIX read/write/close operations

Fdtable is a kernel-level structure, so functions accessing it, like
read(), write(), close(), should be syscalls. This conversion however
emphasizes a difference between "syscall" and "C standard library
function". C stdlib functions should be represented by just a
standard linkage symbol, and can be used even without prototype.
Syscall is however a special code sequence, which may require special
attributes and thus a prototype for usage. To deal with these
distinction, we define a convention that "sys_name" is a syscall,
while "name" is a normal C function (implemented as a wrapper around
syscall). (And we also need to define "_name" to interface with Newlib
(actually, just "_write".))

Fixes: #25407

@pfalcon pfalcon added area: POSIX POSIX API Library area: Sockets Networking sockets labels Jun 11, 2020
@zephyrbot zephyrbot added area: Networking area: API Changes to public APIs area: Tests Issues related to a particular existing or missing test labels Jun 11, 2020
#ifdef CONFIG_USERSPACE
ssize_t z_vrfy_sys_write(int fd, const void *buf, size_t sz)
{
Z_OOPS(Z_SYSCALL_MEMORY_READ(buf, sz));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we need to make a copy of the buf data here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, why?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just looking the existing calls in sockets.c, but indeed we do not copy the data buffer there either.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to copy only stuff which may lead to security issues. E.g., if some memory block contains pointers, we need to copy those pointers (not necessarily the entire memory block!), then validate the copies, then let the kernel use copies for dereferencing.

(Yeah, yeah, someone looking for side-channel (e.g., timing) attacks hardening may copy more stuff, e.g. control-dependent data. Good luck with that to whoever will do that.)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The contents of buf are really application dependent, and generally are not used by the kernel, unless it is a kernel type of socket / block / char device.

Validating the application has access to the memory should be sufficient.

pfalcon added 2 commits June 11, 2020 15:32
Fdtable is a kernel-level structure, so functions accessing it, like
read(), write(), close(), should be syscalls. This conversion however
emphasizes a difference between "syscall" and "C standard library
function". C stdlib functions should be represented by just a
standard linkage symbol, and can be used even without prototype.
Syscall is however a special code sequence, which may require special
attributes and thus a prototype for usage. To deal with these
distinction, we define a convention that "sys_name" is a syscall,
while "name" is a normal C function (implemented as a wrapper around
syscall). (And we also need to define "_name" to interface with Newlib
(actually, just "_write".))

Fixes: zephyrproject-rtos#25407

Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With POSIX subsystem enabled (CONFIG_POSIX_API=y), it's possible to
use generic POSIX read()/write() calls on a socket file descriptor.
This test verifies their operaration on this case.

Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
@pfalcon pfalcon force-pushed the read-write-syscalls-only branch from 6063242 to e089e26 Compare June 11, 2020 12:32
Copy link
Contributor

@andrewboie andrewboie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this code allows all threads on the system to use all file descriptors with these APIs.

@pfalcon
Copy link
Contributor Author

pfalcon commented Jun 11, 2020

This is split off from #25443, for read/write/close syscalls which didn't lead to controversy and need for further work. Happy to see it pass CI.

@pfalcon
Copy link
Contributor Author

pfalcon commented Jun 11, 2020

this code allows all threads on the system to use all file descriptors with these APIs.

Yes, this is addition to the POSIX subsystem, which follows POSIX semantics. This also follows your suggestion to split off parts not related to ioctl into a separate PR.

@pfalcon pfalcon requested a review from cfriedt June 12, 2020 08:33
@@ -0,0 +1,9 @@
# SPDX-License-Identifier: Apache-2.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awww... why didn't you use socketpair(2)? ... jk. ;-)

Copy link
Member

@cfriedt cfriedt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Just one question though - do you think it might be possible to get rid of posix/unistd.h at some point?

@cfriedt
Copy link
Member

cfriedt commented Jun 19, 2020

this code allows all threads on the system to use all file descriptors with these APIs.

From what I understand, it is unfortunately a pre-existing condition. I agree though, it's an issue that should be addressed, but maybe in a separate ticket.

@github-actions
Copy link

This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time.

@github-actions github-actions bot added the Stale label Aug 19, 2020
@github-actions github-actions bot closed this Sep 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: API Changes to public APIs area: Networking area: POSIX POSIX API Library area: Sockets Networking sockets area: Tests Issues related to a particular existing or missing test Stale
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants