On Fri, Feb 21, 2020 at 10:29 PM Gregory Nutt <spudan...@gmail.com> wrote: > > > > while looking at PROTECTED build, > > i noticed that it was trivial for userspace code to bypass the > > protection and access kernel memory. > > eg. by passing kernel pointer to system calls. > > and it seems that it isn't the only way for userspace to trick the kernel. > I am not clear how that would work. The system call itself it through > an interrtupt handler and only a syscall number is attached. But, yes, > there is no checking of system call arguments if that is what you are > referring to. > > Greg
i meant that, if userspace wants to read some kernel memory, it can pass the kernel pointer to eg. write system call as the buffer argument, and then read the contents of the file. my question was if these kinds of checks were for some reasons considered unnecessary for nuttx.
