From owner-freebsd-hackers@FreeBSD.ORG  Wed Nov 16 06:00:29 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 24E0F1065686
	for <freebsd-hackers@freebsd.org>; Wed, 16 Nov 2011 06:00:29 +0000 (UTC)
	(envelope-from gelraen.ua@gmail.com)
Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com
	[209.85.214.54])
	by mx1.freebsd.org (Postfix) with ESMTP id AAA368FC16
	for <freebsd-hackers@freebsd.org>; Wed, 16 Nov 2011 06:00:19 +0000 (UTC)
Received: by bkbzs8 with SMTP id zs8so174408bkb.13
	for <multiple recipients>; Tue, 15 Nov 2011 22:00:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=from:to:subject:date:user-agent:cc:references:in-reply-to
	:mime-version:content-type:content-transfer-encoding:message-id;
	bh=Ho99Kqi5Ok4wxKL2BfgnAnSmG0jCizyXYNLKPWSlllk=;
	b=Z23nnwuJtiltGskSYlCBf2U66Knjuv3fdpAEYhHO/sZ5A4Nem5YJ6HI+cqZuM0svPV
	kaQjzjGM6iY+ECYrenHfYmZMZhem7TlOjUPvOZr84bJh4WZiIYNTaBrZnux2vE5fYreu
	U+ccOMv5DiJsPmH5IIfd2pXwDD24dWFnYNqK4=
Received: by 10.204.130.85 with SMTP id r21mr26942649bks.38.1321423218273;
	Tue, 15 Nov 2011 22:00:18 -0800 (PST)
Received: from imax.localnet (76-55-133-95.pool.ukrtel.net. [95.133.55.76])
	by mx.google.com with ESMTPS id a10sm4411222fam.20.2011.11.15.22.00.15
	(version=TLSv1/SSLv3 cipher=OTHER);
	Tue, 15 Nov 2011 22:00:16 -0800 (PST)
From: Maxim Ignatenko <gelraen.ua@gmail.com>
To: mdf@freebsd.org
Date: Wed, 16 Nov 2011 08:00:00 +0200
User-Agent: KMail/1.13.7 (FreeBSD/8.2-STABLE; KDE/4.7.3; i386; ; )
References: <201111152218.41031.gelraen.ua@gmail.com>
	<CAMBSHm-d4chsZpZKo1ufuYJtKTw+L6_z3i7HL4Ad=8KOpuK6eQ@mail.gmail.com>
In-Reply-To: <CAMBSHm-d4chsZpZKo1ufuYJtKTw+L6_z3i7HL4Ad=8KOpuK6eQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <201111160800.02270.gelraen.ua@gmail.com>
X-Mailman-Approved-At: Wed, 16 Nov 2011 12:07:05 +0000
Cc: freebsd-hackers@freebsd.org
Subject: Re: Communication between kernel and userspace via local socket
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2011 06:00:29 -0000

On =D0=B2=D1=82, 15 =D0=BB=D0=B8=D1=81 2011 23:17:41 mdf@freebsd.org wrote:
> On Tue, Nov 15, 2011 at 12:18 PM, Maxim Ignatenko <gelraen.ua@gmail.com>=
=20
wrote:
> > frHi,
> >=20
> > I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch
> > and looking for most convenient way to establish communication between
> > userspace processes and kernel part. Communication pattern best fits to
> > listening PF_LOCAL socket opened from kernel and userspace processes
> > connecting to it. Clients should be able to send requests and receive
> > responses from kernel (to retrieve list of loaded modules, active
> > ruleset, add or remove rules, ...) and vice versa: kernel should be able
> > to send request to userspace process and receive response (I'm planning
> > to add interactive features like in most firewalls for windows(r)).
> >=20
> > First part can be implemented via ioctl, but it should be called not on=
ly
> > by processes with euid =3D=3D 0, so supplied pointer to receive buffer
> > cannot be trusted (is there any mechanism to check memory allocation?)
> > and any unprivileged user can instruct kernel to write some trash at
> > arbitrary address (for example, VM just rebooted ungracefully when I
> > supplied (void*)123 as pointer to destination buffer).
>=20
> Were you using copyout(9)?  I think FreeBSD's memory isolation between
> processes is pretty decent. I would be very surprised if copyout to an
> invalid address did something other than return EFAULT.  At least the
> amd64 implementation of copyout(9) will also explicitly check that the
> address is a user address, so that you can't corrupt kernel memory
> with a rogue pointer from user-space.
>=20

Yep. I've used this https://gitorious.org/acpi_call-freebsd/acpi_call-
freebsd/blobs/master/acpi_call.c#line49 for tests.=20