diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-01-26 22:02:50 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-02-02 08:15:15 +0100 |
| commit | b1687570df3e080c961cdcc0d59b708cfbdf955e (patch) | |
| tree | caf93583ab36ab2b62b95fcfbea4b63e29857e0d /src/lib/ssm/tests | |
| parent | 37e3dbdd8206e4f0f03fab13ff3f38aa932be065 (diff) | |
| download | ouroboros-b1687570df3e080c961cdcc0d59b708cfbdf955e.tar.gz ouroboros-b1687570df3e080c961cdcc0d59b708cfbdf955e.zip | |
lib: Add per-user packet pools
The IRMd will now check the user UID and GID for privileged access,
avoiding unprivileged users being able to disrupt all IPC (e.g. by
shm_open the single pool and corrupting its metadata).
Non-privileged users are now limited to a PUP (per-user pool) for
sending/receiving packets. It is still created by the IRMd, but owned
by the user (uid) with 600 permissions. It does not add additional
copies for local IPC between their own processes (i.e. over the local
IPCP), but packets between processes owned by a different user or
destined over the network (other IPCPs) will incur a copy when
crossing the PUP / PUP or the PUP / GSPP boundary.
Privileged users and users in the ouroboros group still have direct
access to the GSPP (globally shared private pool) for packet transfer
that will avoid additional copies when processing packets between
processes owned by different users and to the network.
This aligns the security model with UNIX trust domains defined by UID
and GID by leveraging file permission on the pools in shared memory.
┌─────────────────────────────────────────────────────────────┐
│ Source Pool │ Dest Pool │ Operation │ Copies │
├─────────────────────────────────────────────────────────────┤
│ GSPP │ GSPP │ Zero-copy │ 0 │
│ PUP.uid │ PUP.uid │ Zero-copy │ 0 │
│ PUP.uid1 │ PUP.uid2 │ memcpy() │ 1 │
│ PUP.uid │ GSPP │ memcpy() │ 1 │
│ GSPP │ PUP.uid │ memcpy() │ 1 │
└─────────────────────────────────────────────────────────────┘
This also renames the struct ai ("application instance") in dev.c to
struct proc (process).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/ssm/tests')
| -rw-r--r-- | src/lib/ssm/tests/pool_sharding_test.c | 23 | ||||
| -rw-r--r-- | src/lib/ssm/tests/pool_test.c | 32 |
2 files changed, 22 insertions, 33 deletions
diff --git a/src/lib/ssm/tests/pool_sharding_test.c b/src/lib/ssm/tests/pool_sharding_test.c index 72ae1cb7..46eecd8d 100644 --- a/src/lib/ssm/tests/pool_sharding_test.c +++ b/src/lib/ssm/tests/pool_sharding_test.c @@ -54,6 +54,7 @@ static struct _ssm_pool_hdr * get_pool_hdr(struct ssm_pool * pool) */ struct _ssm_pool_hdr ** hdr_ptr = (struct _ssm_pool_hdr **)((uint8_t *)pool + sizeof(void *)); + return *hdr_ptr; } @@ -67,9 +68,7 @@ static int test_lazy_distribution(void) TEST_START(); - ssm_pool_purge(); - - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) { printf("Failed to create pool.\n"); goto fail; @@ -142,9 +141,7 @@ static int test_shard_migration(void) TEST_START(); - ssm_pool_purge(); - - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) { printf("Failed to create pool.\n"); goto fail; @@ -216,9 +213,7 @@ static int test_fallback_stealing(void) TEST_START(); - ssm_pool_purge(); - - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) { printf("Failed to create pool.\n"); goto fail; @@ -331,9 +326,7 @@ static int test_multiprocess_sharding(void) TEST_START(); - ssm_pool_purge(); - - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) { printf("Failed to create pool.\n"); goto fail; @@ -355,7 +348,7 @@ static int test_multiprocess_sharding(void) ssize_t off; int my_shard; - child_pool = ssm_pool_open(); + child_pool = ssm_pool_open(0); if (child_pool == NULL) exit(EXIT_FAILURE); @@ -449,9 +442,7 @@ static int test_exhaustion_with_fallback(void) TEST_START(); - ssm_pool_purge(); - - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) { printf("Failed to create pool.\n"); goto fail; diff --git a/src/lib/ssm/tests/pool_test.c b/src/lib/ssm/tests/pool_test.c index e298d9ab..53f7f541 100644 --- a/src/lib/ssm/tests/pool_test.c +++ b/src/lib/ssm/tests/pool_test.c @@ -61,7 +61,7 @@ static int test_ssm_pool_basic_allocation(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -119,7 +119,7 @@ static int test_ssm_pool_multiple_allocations(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -212,7 +212,7 @@ static int test_ssm_pool_no_fallback_for_large(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -248,7 +248,7 @@ static int test_ssm_pool_blocking_vs_nonblocking(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -295,7 +295,7 @@ static int test_ssm_pool_stress_test(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -392,7 +392,7 @@ static int test_ssm_pool_open_initializes_ssm(void) TEST_START(); - creator = ssm_pool_create(); + creator = ssm_pool_create(0, getgid()); if (creator == NULL) goto fail_create; @@ -403,7 +403,7 @@ static int test_ssm_pool_open_initializes_ssm(void) } ssm_pool_remove(creator, ret); - opener = ssm_pool_open(); + opener = ssm_pool_open(0); if (opener == NULL) { printf("Open failed.\n"); goto fail_creator; @@ -439,7 +439,7 @@ static int test_ssm_pool_bounds_checking(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -502,7 +502,7 @@ static int test_ssm_pool_inter_process_communication(void) len = strlen(msg) + 1; - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -606,7 +606,7 @@ static int test_ssm_pool_read_operation(void) len = strlen(data) + 1; - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -656,7 +656,7 @@ static int test_ssm_pool_mlock_operation(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -690,7 +690,7 @@ static int test_ssm_pk_buff_operations(void) dlen = strlen(data); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -798,7 +798,7 @@ static int test_ssm_pool_size_class_boundaries(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -859,7 +859,7 @@ static int test_ssm_pool_exhaustion(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -937,7 +937,7 @@ static int test_ssm_pool_reclaim_orphans(void) TEST_START(); - pool = ssm_pool_create(); + pool = ssm_pool_create(0, getgid()); if (pool == NULL) goto fail_create; @@ -1017,8 +1017,6 @@ int pool_test(int argc, (void) argc; (void) argv; - ssm_pool_purge(); - ret |= test_ssm_pool_basic_allocation(); ret |= test_ssm_pool_multiple_allocations(); ret |= test_ssm_pool_no_fallback_for_large(); |