[ipc] Verify if shared buffer length is a power of 2 #2741
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Overview
This pull request adds a verification for the ipc shared buffer length if it is 0 or a power of two.
As each shared buffer should be mapped as an MPU region. at least for ARM architectures, the length of these buffers should be a power of 2 or zero (if the buffer is unallowed). At least this is my understanding, but I do not have a lot of experience working with the MPU.
Without this verification, all the ipc functions in user space return success values, but when the service tries to access the shared buffer, the process faults. I am not sure that this verification solves completely the problem, but at least diminishes the possibility of errors as it rejects buffers that do not have a suitable length.
I tried adding this verification in the
schedule_upcall
function when the kernel tries to map the new MPU region. It turns out that the MPU returnsNone
if the requested region already exists or overlaps with another region, thus making it impossible to distinguish between an error and a region that already exists. Adding the MPU region withinallow_readwrite
is not a solution as the buffer will be unallowed and allowed again by the process. The second time the same buffer is allowed, theadd_mpu_region
function will returnNone
as the region is already there.A better solution would probably be to verify whether the shared buffer is accessible by the process before scheduling the upcall. This implies adding a function like
has_access_to
toProcess
. Considering that this approach is not a quick fix and requires a larger discussion, I think the solution of checking the length of the buffer is simple and good enough for now.Testing Strategy
This pull request was tested using a Micro:bit.
TODO or Help Wanted
I might have misunderstood the requirements for the buffer length.
Documentation Updated
/docs
, or no updates are required.Formatting
make prepush
.