bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Recent libpciaccess changes

From: Samuel Thibault
Subject: Re: Recent libpciaccess changes
Date: Mon, 7 Feb 2022 23:25:44 +0100
User-agent: NeoMutt/20170609 (1.8.3) 
Joan Lledó, le lun. 07 févr. 2022 23:08:55 +0100, a ecrit:
> > Samuel suggested on IRC that we could make it try the x86 map range 
> > function first
> > and then fall back to hurd method, is there any problem with that?
> 
> I don't have the time now to study it, but I'd say that would bypass the
> protection set from the parent arbiter, since it would test the permissions
> the current user has over "mem", before testing the permissions in the file
> system created by the parent arbiter.

That is fine, since libpciaccess will notice that the user has no
permissions over "mem". That being said,

> Is there a way to detect, from the hurd_create() function, when is your
> scenario running?

> yes, it should use the x86 backend, but it calls
> pci_system_x86_create() at [1], does that call fail in your scenario?

His scenario is within the pci-arbiter, so !strcmp(netfs_server_name,
"pci-arbiter") should be properly detecting it, and thus use the x86
backend, it's not expected that it doesn't happen so. I checked the
code:

   0x0806b40c <+28>:      mov    $0x81d606c,%eax  (&netfs_server_name)
   0x0806b412 <+34>:      test   %eax,%eax
   0x0806b414 <+36>:      je     0x806b437 <pci_system_hurd_create+71>
   0x0806b416 <+38>:      mov    (%eax),%eax      (netfs_server_name)
   0x0806b418 <+40>:      test   %eax,%eax
   0x0806b41a <+42>:      je     0x806b437 <pci_system_hurd_create+71>
   0x0806b41c <+44>:      sub    $0x8,%esp
   0x0806b41f <+47>:      lea    -0x7077a(%ebx),%edx
   0x0806b425 <+53>:      push   %edx
   0x0806b426 <+54>:      push   %eax
   0x0806b427 <+55>:      call   0x8048270 (strcmp)
   0x0806b42c <+60>:      add    $0x10,%esp
   0x0806b42f <+63>:      test   %eax,%eax
   0x0806b431 <+65>:      je     0x806b568 <pci_system_hurd_create+376> 
(x86_create)
   0x0806b437 <+71>:      sub    $0x8,%esp
   0x0806b43a <+74>:      push   $0x1c
   0x0806b43c <+76>:      push   $0x1
   0x0806b43e <+78>:      call   0x80aee30 <calloc>
   [etc.]

(gdb) p &netfs_server_name
$2 = (char **) 0x81d606c <netfs_server_name>
(gdb) p netfs_server_name
$1 = 0x81650ae "pci-arbiter"

So it's properly accessing netfs_server_name.

Possibly it's actually pci_system_x86_create that fails?
Perhaps x86_enable_io()?

Putting prints would help to make sure where things start to go
unexpectedly.

Samuel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]