Communication between kernel and userspace via local socket

[Maxim Ignatenko]

On вт, 15 лис 2011 23:17:41 mdf at freebsd.org wrote:
> On Tue, Nov 15, 2011 at 12:18 PM, Maxim Ignatenko <gelraen.ua at gmail.com> 
wrote:
> > frHi,
> > 
> > I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch
> > and looking for most convenient way to establish communication between
> > userspace processes and kernel part. Communication pattern best fits to
> > listening PF_LOCAL socket opened from kernel and userspace processes
> > connecting to it. Clients should be able to send requests and receive
> > responses from kernel (to retrieve list of loaded modules, active
> > ruleset, add or remove rules, ...) and vice versa: kernel should be able
> > to send request to userspace process and receive response (I'm planning
> > to add interactive features like in most firewalls for windows(r)).
> > 
> > First part can be implemented via ioctl, but it should be called not only
> > by processes with euid == 0, so supplied pointer to receive buffer
> > cannot be trusted (is there any mechanism to check memory allocation?)
> > and any unprivileged user can instruct kernel to write some trash at
> > arbitrary address (for example, VM just rebooted ungracefully when I
> > supplied (void*)123 as pointer to destination buffer).
> 
> Were you using copyout(9)?  I think FreeBSD's memory isolation between
> processes is pretty decent. I would be very surprised if copyout to an
> invalid address did something other than return EFAULT.  At least the
> amd64 implementation of copyout(9) will also explicitly check that the
> address is a user address, so that you can't corrupt kernel memory
> with a rogue pointer from user-space.
> 

Yep. I've used this https://gitorious.org/acpi_call-freebsd/acpi_call-
freebsd/blobs/master/acpi_call.c#line49 for tests.