Re: BSD Sockets in mainline, and how that affects design decisions for the rest of IP stack (e.g. send MTU handling)
On Wed, 11 Oct 2017 18:53:24 +0000
"Boie, Andrew P" <andrew.p.boie@...> wrote:
Thanks for sharing these. What caught my attention is "No good way toThe userspace work has progressed to the point where we have enoughThere has not been any public talk in mailing list aboutThat's true, but we can/should think how it may be affected, or
assert validity of k_mem_block object passed to k_mem_pool_free() - Just
tell userspace to use heap memory APIs in newlib! No need to re-invent
the C library..."
That's pretty much what I talked about - that with new requirements and
challenges, we may find out that a well-known and proven API like BSD
Sockets is a very good way to address them, instead of continuing to
add complexity to existing adhoc APIs.
I suspect the biggest implication for the network stack is that itThat's half of the work BSD Sockets do - they put network packets as
delivered via a callback into per-socket fifo.
We are also looking into supporting user-mode workqueues. We alsonet_pkt's and net_buf's as used by native networking API do share this
problem - they have internal kernel data. Not only that, they are also
allocated from the pool, and are small objects, which can't be
protected by MPU or MMU individually. Which means that one application
could have access/corrupt networking data for other apps.
And above you write about protecting kernel from userspace, but is
there a requirement to protect one userspace entity (a thread in our
case, as we don't support processes) from another? I hope there's,
because it doesn't make much sense to go so long way of kernel vs
userspace separation and don't think about task separation. Just
imagine that the could be a thread running OTA, and another thread
running an application level 3rd-party lib. We don't want
vulnerability in the latter to compromise OTA process.
The solution to the problem is well known - don't try to export
kernel-level object (like network buffers) to userspace, just copy
*data* there as needed. That's 2nd part of what BSD Sockets do.
Ideally in the fullness of time, we could migrate some parts of the
Linaro.org | Open source software for ARM SoCs
Follow Linaro: http://www.facebook.com/pages/Linaro
http://twitter.com/#!/linaroorg - http://www.linaro.org/linaro-blog