[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Map PCI Device Registers at User level code requires your EXPERT review!!

Subject: Re: Map PCI Device Registers at User level code requires your EXPERT review!!
From: Dean Reece <email@hidden>
Date: Wed, 23 May 2007 09:21:46 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

Please consider the security implications of this design before proceeding. The purpose of a subclass of IOUserClient is to vend a new service from the kernel, and along with that comes the responsibility of defending the kernel from (buggy and malicious) clients. In general, this means validating all parameters, never granting a client access to memory that they are not specifically allowed to see, and not allowing a client to interfere with the operation of the system.

Mapping device registers into user space is almost always a violation of that responsibility. If your device registers provide access to a DMA engine, then the client could use that to scrape physical memory that is mapped into other processes. If the registers can cause the device to generate spurious interrupts, or interfere with the bus it is attached to (say, alter PCI timings), it could potentially crash or lock-up the system.

There are a few cases where mapping registers into user-space can be OK: If you are sure the registers can do no harm - say they provide read-only access to a random-number seed generator and no combination of reads or writes to those registers can alter any other memory or interfere with any other device on the system. Or, if you are just writing an experimenter kext for helping with your bringup or for private use and you don't plan to deploy this solution, then mapping registers is obviously fine.

Sorry I didn't answer your question, but I thought this was important to bring up, Thanks, - Dean

On May 23, 2007, at 2:17 AM, rohit dhamija wrote:

Dear All,
I am developing a KEXT for PCI device for Mac OS X 10.4.9 (ppc and intel) and stuck up while mapping device memory at user level. I searched all the older archives for this but could no where get the hint. Also, couldnot find any relevant sample for this. I hope you would please help me out in this matter.

Below is the piece of code that I wrote at kernel level. To allow user client to map hardware registers into my application, I am using IOConnectMapMemory. This API returns success, and I get an address corresponding to the same. But when i see the memory contents corresponding to it, it shows all values as AAAAAAAAA, AAAAAAA, i.e. it seems nothing is mapped. /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ #define super IOUserClient OSDefineMetaClassAndStructors(MyDriver_drv_user, IOUserClient)

/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ extern IODeviceMemory *physicalMem;

IOReturn MyDriver_drv_user::clientMemoryForType(UInt32 type, IOOptionBits * options, IOMemoryDescriptor ** memory) { physicalMem->map( fTask, kIOMapAnywhere, kIOMapAnywhere, 0, 0); if (!physicalMem) return -1; physicalMem->retain(); *memory = physicalMem; return kIOReturnSuccess; }

/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ #define super IOService OSDefineMetaClassAndStructors(MyDriver_drv, IOService)

IOMemoryMap * fRegisterMap = NULL; IODeviceMemory *physicalMem = NULL; IOPCIDevice * fPCIDevice = NULL; /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
bool MyDriver_drv::start(IOService * provider)
{
    if (!super::start(provider))
        return false;
 fPCIDevice = (IOPCIDevice *) provider;
  if(!fPCIDevice)
  return false;
fPCIDevice->setMemoryEnable( true ); fPCIDevice->setIOEnable( true ); fRegisterMap = fPCIDevice->mapDeviceMemoryWithRegister (kIOPCIConfigBaseAddress2);

if(fRegisterMap) { physicalMem = IODeviceMemory::withRange(fRegisterMap- >getPhysicalAddress(),fRegisterMap->getLength()); physicalMem->initWithPhysicalAddress(fRegisterMap- >getPhysicalAddress(),fRegisterMap->getLength(), kIODirectionOutIn)); }
    registerService();
    return true;
}
Please let me know the fault with above piece of code and if possible, let me know the link of any sample application (if at all it exists)
Thanks and Regards,
Rohit Dhamija
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-drivers mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-drivers/dean.reece% 40apple.com

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-drivers mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-drivers/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Map PCI Device Registers at User level code requires your EXPERT review!!
  - From: "rohit dhamija" <email@hidden>

References:
	>Map PCI Device Registers at User level code requires your EXPERT review!! (From: "rohit dhamija" <email@hidden>)

Prev by Date: [darwin-drivers] Hint: More Logging from the IOKit
Next by Date: Re: Map PCI Device Registers at User level code requires your EXPERT review!!
Previous by thread: Map PCI Device Registers at User level code requires your EXPERT review!!
Next by thread: Re: Map PCI Device Registers at User level code requires your EXPERT review!!
Index(es):
- Date
- Thread

Home