University of Queensland 昆士兰大学
COMP3301 - Operating System Architecture

2 Background

Two processes can communicate via file descriptors (e.g., pipes, open files) or shared memory (e.g., memory mapped using mmap() with MAP_SHARED). However, the file descriptors or shared memory can only be inherited when there is a parent-child relationship between the processes. For example, open a file or create a shared memory mapping, and then fork, after which both the parent and the child can access the same file descriptors or shared memory.

This becomes an issue when two unrelated processes wish to communicate via file descrip- tors or shared memory. UNIX allows the passing of file descriptors between any two processes via UNIX-domain sockets using the socket control message SCM_RIGHTS.

3 Overview

This assignment has three main tasks:

• Find where SCM_RIGHTS is implemented in the kernel and understand how it works.

• Implement an inter-process communication mechanism for sharing memory pages via the socket control message interface, similar to SCM_RIGHTS.

• Identify at least one potential security flaw in the way this task is designed or in the code that you have written, and talk about how you have mitigated the risk or how the risk could be mitigated.

Note: Various sections of this specification sheet are intentionally vague to provide you with more freedom and to test your abilities to make design decisions. You may freely decide on any- thing not explicitly stated in this specification sheet. However, your decisions must be reasonable (i.e., you can justify it during the demo).

5.1 Understanding SCM_RIGHTS

Read and understand how SCM_RIGHTS is implemented in OpenBSD 7.5 and how file descriptors are passed between processes. You are required to fill out and submit a flow chart template provided to you on Blackboard. The completed flow chart is to be submitted as a part of your reflection. You must also, in your reflection, include the steps you took to find the relevant code in the kernel source tree and list the utilities which you have used to accomplish that (e.g., grep/fgrep, cscope), if applicable.

Virtual Addresses

The address(es) of the page(s) mapped into the receiver’s address space do not need to match that of the sender. This means if a page is mapped at 0x123456789000 in the sender’s address space, it does not need to come out at 0x123456789000 in the receiver’s address space. It could be mapped at any address. This behaviour is consistent with that of SCM_RIGHTS - there is no guarantee that the file descriptors would have the same numbers between the sender and receiver either.

If multiple consecutive pages are to be sent using the same memshareblk structure (i.e., msb_- len is greater than PAGE_SIZE), you must ensure that they are also consecutive when they are mapped into the receiver’s address space.

Memory Protection

The memshareblk structure defines two fields for memory protection - msb_flags and msb_- prot. If the flag MSB_SAME_PROT is specified in msb_flags, then the memory protection shall be preserved when page(s) are shared, that is the receiver should have the same access to the page(s) as the sender. If the flag MSB_NEW_PROT is specified in msb_flags, the memory protec- tion flags for all the page(s) being shared shall be set to msb_prot for the receiver. If both or none of MSB_SAME_PROT and MSB_NEW_PROT flags are specified, the sendmsg() syscall should fail with EINVAL.

6 Misc. Requirements 6.1 Code Style

Your code is to be written according to OpenBSD’s style guide, as per the style(9) man page. An automatic tool for checking for style violations is available at: https://stluc.manta.uqcloud.net/comp3301/public/2022/cstyle.pl.

Code style marks will be calculated based on the number of style violations in the code which you have written yourself or modified - style violations in the OpenBSD source tree or in the base code will not affect code style marks. Some level of functionality is required to score marks for code style (i.e., no submission implies no style violations, however no style marks will be awarded in that case).

6.2 Reliability, Robustness, Portability and Modularity

In order to score higher marks, your code is expected to be reliable and robust, that is it should handle all errors appropriately and should not crash unexpectedly. Your code should also be portable and modular, in the sense that constants such as page sizes should not be hard coded and similar code should not be duplicated in multiple areas.

6.3 Compilation

Your code must be compile-able under the GENERIC.MP (generic multiprocessor) configuration for the AMD64 (aka x86-64 and x64) architecture. Code with compile-time errors will be marked manually, and may result in heavy penalties.