8000 kernel: StoragePermissions: add "kerneluser" storage access by bradjc · Pull Request #3470 · tock/tock · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

kernel: StoragePermissions: add "kerneluser" storage access #3470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 23, 2023
Merged

kernel: StoragePermissions: add "kerneluser" storage access #3470

merged 3 commits into from
Jun 23, 2023

Conversation

bradjc
Copy link
Contributor
@bradjc bradjc commented Jun 7, 2023
edited
Loading

Pull Request Overview

This pull request adds a mechanism for the kernel to have special access to its items on a board, and to use a storage platform shared with processes while keeping keys reserved for itself. This should allow us to use TicKV in the kernel.

Since the TBF definition already effectively reserved write_id 0 to mean "this process cannot write items" this PR uses write_id 0 for the kernel. This also formalizes that 0 means no writing by saving write_id as an Option<NonZeroU32>.

To give the kernel access I added a kerneluser flag to the StoragePermission. It allows the kernel to access items with write_id 0.

To create a kernel level StoragePermission I added a capability (KerneluserStorageCapability) and then made the constructor protected on that capability.

Testing Strategy

This pull request was tested by compiling. The changes are largely mechanical.

TODO or Help Wanted

Thoughts on reserving 0 for the kernel?

Documentation Updated

  • Updated the relevant files in /docs, or no updates are required.

The TBF doc already reserves the write id 0, so I didn't need to update anything.

Formatting

  • Ran make prepush.

@github-actions github-actions bot added kernel tock-libraries This affects libraries supported by the Tock project labels Jun 7, 2023
@bradjc
Copy link
Contributor Author
bradjc commented Jun 8, 2023

I should have referenced #3457.

alistair23
alistair23 suggested changes Jun 12, 2023
View reviewed changes
kernel/src/storage_permissions.rs Outdated
Comment on lines 88 to 90
if self.superuser {
// Superuser grants all permissions.
true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a few thoughts about this.

Obviously the kernel can do anything, it has direct access to the flash. But I think it would make more sense to allow apps to specify if the kernel can access their files. Accesses happen from capsules, which are only semi-trusted in Tock. That allows applications to apply some restrictions on what the kernel can/can't do.

I also worry about having a single branch instruction to allow/disallow access like this. Doesn't that expose us to glitch attacks? In saying that though, I'm not sure if anything else here is hardened against attacks like that.

I think it would be better to make the kernel ID 0x00 a user, the same as all other users. That way apps can choose to share data with the kernel or not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That seems reasonable to me. I think my current use case doesn't need superuser permissions, just having reserved kernel storage is sufficient. Updated.

alistair23
alistair23 suggested changes Jun 13, 2023
View reviewed changes
alistair23
alistair23 reviewed Jun 13, 2023
View reviewed changes
@bradjc bradjc changed the title kernel: StoragePermissions: add "superuser" storage access kernel: StoragePermissions: add "kerneluser" storage access Jun 13, 2023
@lschuermann lschuermann added this pull request to the merge queue Jun 23, 2023
Merged via the queue into master with commit 467f734 Jun 23, 2023
@bors bors bot deleted the storage-perms-kernel branch June 23, 2023 17:23
@hudson-ayers hudson-ayers mentioned this pull request Jul 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alistair23 alistair23 alistair23 approved these changes

@lschuermann lschuermann lschuermann approved these changes

Assignees
No one assigned
Labels
kernel tock-libraries This affects libraries supported by the Tock project
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bradjc @alistair23 @lschuermann
0