On 1 Aug 2021, at 11:36, Jimmy Brush via Devel
<[email protected]<mailto:[email protected]>> wrote:
On 8/1/21, Gernot Heiser wrote:
On 1 Aug 2021, at 10:12, William ML Leslie
<[email protected]<mailto:[email protected]>> wrote:
Wouldn't there be a risk that a Linux system call would present an
argument that happens to look like a capability and not get
intercepted if system calls were implemented by just catching the
existing invalid-syscall exceptions?
Not if you don't have any capabilities mapped into the address space.
Correct, which would be a reasonable design for a legacy subsystem, it forces
each syscall to raise an exception. Silly me for not pointing this out in the
first place.
I think there are some syscalls that a linux application could issue that would
not trigger a fault:
* The yield syscall takes no arguments
* It looks to me like the non-blocking send syscalls do not raise exceptions
I can confirm that "yield" is the only syscall in seL4 that does not need a
cap[*]. That is probably something that should be changed.
Cheers,
Gerwin
[*]: You can double-check this fairly easily by following
https://github.com/seL4/l4v/blob/master/spec/abstract/Syscall_A.thy#L326 one or
two layers down
_______________________________________________
Devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
