Re: Vulnerabilities in Synchronous IPC Designs

[Espen Skoglund]

[Niels Möller]
> Is there any documentation, besides the IDL4 source code, which
> specifies how an rpc (as described by the idl input) is mapped to L4
> ipc operations? I would really like to see a specification for that,
> which should ideally make it straight forward to hand code a server
> that communicates with a client that uses idl4-generated stubs, or
> vice versa, and to write idl input that matches the kernel and
> sigma0 protocols.

> To me, such a specification is more important than the
> implementation of it. Undocumented black-box protocols don't give me
> that warn and fuzzy feeling...

Consider the following considerations that the IDL compiler must make
in order to generate fully optimized IPC operations:

  o The API implemented by the kernel (V2, X0, X2, V4, etc.)

  o The architecture to compiled for (IA-32, IA-64, PowerPC, etc.)

  o The CPU to optimize for (PentiumIII vs. Pentium4 vs. Athlon,
    Itanium vs. Itanium2, etc.)

  o The kernel to optimize for (Pistachio, Hazelnut, Fiasco, P4,
    various asm kernels)

  o The kernel version to optimize for (various kernel versions can
    have different costs for, e.g., register transfer)

As such, there exist no simple mapping from input variables to IPC
operations.  The mapping gets even more complex when you take into
consideration the various semantics of RPC operations discussed in
this thread (e.g., using pinned memory vs. retrying the RPC).

        eSk