The isolation between users

[rampant1018]

Because we can not provide virtual memory space for each user's application, we protect memory by MPU with each thread's address space. But I found that map_user_sections in user/root_thread.c will map user_text, user_data and user_bss to every users. That means every users can touch other users' code and data. I wrote a small example:

// user/app/prog1/main.c
int main(user_struct *user)
{
    int *ptr = (int *)0x2000f70c; // variable address in another application
    *ptr = 123456;
    printf("Modified\n");
}

// user/app/prog2/main.c
static __USER_DATA int var = 0; // at 0x2000f70c
int main(user_struct *user)
{
    printf("var = %d\n", var);
}

I declared a variable in prog2 then modify the value of the address in prog1. It won't cause memory fault. Below is output:

Press '?' to print KDB menu
Modified
var = 123456

Is there any solution to deal with isolation between users without MMU?

[georgekang]

First, we should split user space to public and private one. Public user space is free for all user threads. Private user space is split for each app. Each app could only access its own private user space.

Because functions and global variables in the same file could be put together, we can tell root thread the private scope of app. Then root thread could map proper space for each app. However, we should care about alignment issue.

Here is an example. app.c:

__USER_PRIVATE_DATA
data1;
__USER_PRIVATE_DATA
data2;

__USER_PRIVATE_BSS
bss_data1;
__USER_PRIVATE_BSS
bss_data2;

__USER_PRIVATE_TEXT
f1()
{
...
}

__USER_PRIVATE_TEXT
f2()
{
...
}

__USER_PRIVATE_TEXT
my_entry()
{
...
}

DECLARE_USER(
tid,
my_name,
my_entry,
&f1,                // start address of my private text
&data1,          // start address of my private data
&bss_data1    // start address of my private bss
DECLARE_FPAGE(...)
);

DECLARE_USER marco would declare hidden function and global variable for app, the end address could be set by them.