michaelh/zephyr
1
0
Fork 0
Code Releases Activity

userspace: restrict k_object_access_all_grant()

Browse source 
This is too powerful for user mode, the other access APIs
require explicit permissions on the threads that are being
granted access.

The API is no longer exposed as a system call and hence will
only be usable by supervisor threads.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
Andrew Boie 2017-10-14 14:42:23 -07:00 committed by Andrew Boie
commit 41bab6e360
3 changed files with 3 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
include/kernel.h
View file

@ -212,7 +212,7 @@ static inline void _impl_k_object_access_revoke(void *object,
ARG_UNUSED(thread); ARG_UNUSED(thread);
} }
static inline void _impl_k_object_access_all_grant(void *object) static inline void k_object_access_all_grant(void *object)
{ {
ARG_UNUSED(object); ARG_UNUSED(object);
} }
@ -259,7 +259,7 @@ __syscall void k_object_access_revoke(void *object, struct k_thread *thread);
* *
* @param object Address of kernel object * @param object Address of kernel object
*/ */
__syscall void k_object_access_all_grant(void *object); void k_object_access_all_grant(void *object);
/* timeouts */ /* timeouts */

2
kernel/userspace.c
View file

@ -211,7 +211,7 @@ void _impl_k_object_access_revoke(void *object, struct k_thread *thread)
} }
} }
void _impl_k_object_access_all_grant(void *object) void k_object_access_all_grant(void *object)
{ {
struct _k_object *ko = _k_object_find(object); struct _k_object *ko = _k_object_find(object);

11
kernel/userspace_handler.c
View file

@ -58,14 +58,3 @@ _SYSCALL_HANDLER(k_object_access_revoke, object, thread)
return 0; return 0;
} }
_SYSCALL_HANDLER(k_object_access_all_grant, object)
{
struct _k_object *ko;
ko = validate_any_object((void *)object);
_SYSCALL_VERIFY_MSG(ko, "object %p access denied", (void *)object);
ko->flags |= K_OBJ_FLAG_PUBLIC;
return 0;
}