> Just noticed new signal based mechanism does not work on
> glibc based systems, as glibc restarts interrupted syscalls by default,
> so we never see abort_vm=1 condition.
Ah, I see. Unfortunately your patch breaks on my (libc5) system, because
the struct sigaction layout is different :-/ I've modified it to fill
only those members that are needed; hopefully it should work everywhere
now ...
This modified version is now in CVS, please check it out whether it
works for you.
> Attached patch fixes this and
> buffer overflows in user (we'll need to make user suid in future
> anyway, if we want ordinar users to access it, ain't we?)
Actually, I think we should try to avoid that. I know that VMWare
forces the user mode app to run as root, because they cannot allow
non-root access to their device node. This is because they export
extremely dangerous functionality via ioctl(); in fact, one of their
ioctl()s basically says: here's a function pointer, please call this
function while executing at ring-0 :-)
The point of this appears to be that they want to keep most of their
ring-0 code out of the kernel module (presumably so that they don't need
to make the source public). As we don't need to do that (we simply have
the complete ring-0 part of the monitor inside the kernel module), we
don't need to export dangerous functionality. This implies that we
should be able to have enough safeguards at the user/kernel boundary
that *no* action of the user mode can endanger system stability or
compromise security (of the host system, that is. Of course you can
corrupt the *guest*, but I don't think that matters ...).
Therefore, we should be able to allow everyone to access the device
node, and hence there's no need for the user mode app to run suid root ...
> Also I suggest to add this piece to kernel/include/host-linux.c:
> #if LINUX_VERSION_CODE >= VERSION_CODE(2,3,26)
> # define vm_offset vm_pgoff
> #endif
Ah, that is not enough. The point of the name change is that the
*contents* changed, too. The new vm_pgoff now contains a *page* number,
not a byte offset, AFAIK. This means that the use of the variable needs
to change too (basically, you'd need to replace vm_offset by
(vm_pgoff * PAGE_SIZE) or something like that) ...
There will be more problems in any case; this whole new BIGMEM/HIGHMEM
stuff completely breaks our idea of what the page tables look like ;-)
Bye,
Ulrich
--
Ulrich Weigand,
IMMD 1, Universitaet Erlangen-Nuernberg,
Martensstr. 3, D-91058 Erlangen, Phone: +49 9131 85-7688
