***Server sets mode: +nt
***Server sets mode: +nt
***Server sets mode: +nt
***Server sets mode: +nt
<tpanmajia>does anyone know how GNU Mach restricts raw device read and write? <tpanmajia>for example, the kernel only allows some threads to make raw access of a SCSI disk <tpanmajia>OK, I'm trying to clarity, had been on a headache just now <tpanmajia>I'm not quite sure whether there is a mechanism provided by GNU Mach that can restrict raw device access <tpanmajia>...to certain processes, such as a Hurd block manager daemon <damo22>tpanmajia: im not an expert but im guessing the file permissions on the device node would do it <tpanmajia>IIRC microkernel-based OSes typically delegate block device access functionality to some userspace daemons <damo22>a lot of hurd is managed by permissions on file nodes <tpanmajia>damo22: therefore there is a concept on file nodes as special device nodes, representing block and character devices? <damo22>there is a concept of nodes that are backed by "translators" <damo22>so when you access a file node that activates a translator, if you have access to the node you can run the translator <tpanmajia>but the translators providing indirect access of raw devices must access the corresponding raw devices itself... <tpanmajia>so I guess it's the old unix model applied here? <tpanmajia>translators ran as root providing access to raw devices <damo22>not all translators must run as root <tpanmajia>and only root could invoke raw device-related syscalls <tpanmajia>I'm not quite sure that there are actual syscalls in Hurd <tpanmajia>...so who in terms of user could invoke raw device-related syscalls? <tpanmajia>then anyone could do the equivalent of `dd if=/dev/zero of=/some/disk` and ruin the OS <damo22>no because the device node is not owned by them <tpanmajia>but if any user could have access to all devices <tpanmajia>...why wouldn't they do the raw things themselves? <damo22>yeah, any user can share the devices <tpanmajia>then any user could do a raw write to the disk <tpanmajia>simply overwrite it with zero and "call it a day" <damo22>its up to you how you share the permissions <damo22>if you want to grant a user access to a raw disk, you can <tpanmajia>granting the access of a raw disk to some user is traditional... <damo22>but you can share files on a mounted filesystem <tpanmajia>I mean if any user could be granted access to raw devices it could constitute a security bypass <damo22>well if you are mounting a filesystem from a block device, you cant exactly mount it twice <damo22>so it makes sense for root to control that <tpanmajia>by "granted" I mean granted the ability of directly making syscalls to access the device <damo22>but i am working on PCI such that users can share access to other devices <tpanmajia>so the ability of sharing devices is determined by the actual device driver? <tpanmajia>sharing of PCI devices is uncommon in conventional OSes <damo22>we are working on a pci-arbiter that should allow users to share access to pci card <damo22>so instead of root owning everything <damo22>root doesnt need to own the ethernet card if your user has opened the card instead <damo22>and other users can share the card perhaps <tpanmajia>so... what exactly is the translator providing conventional devices nodes, such as disk nodes and tty nodes? <damo22>there are different translators for different jobs <tpanmajia>...where users serves the purpose of lightweight VMs here <tpanmajia>I'm *assuming* that there is such thing like `udevd` in Hurd, which is not correct <damo22>i am working on rumpdisk translator for disk <tpanmajia>they've built their own rumpkernel implementations and interfaces as well <tpanmajia>FreeBSD's rumpkernel is somewhat more impressionable in my mind <damo22>currently it needs work so it can boot / <tpanmajia>therefore the new translator you're writing just needs R/W and ioctl access to the underlying nodes? <damo22>it actually implements the device node <tpanmajia>so what parts that is more low-level the device driver would talk to? <damo22>the driver talks PCI to the AHCI controller <tpanmajia>maybe I'm assuming that a device driver in Hurd must talk to something else <damo22>with only one purpose, to expose the disk driver <tpanmajia>I just mean that does it use `device_read()` or something in the Mach kernel? <damo22>it implements the mach device interface <damo22>yes, so it appears as a mach device <tpanmajia>my best guess is a struct of many function pointers... <tpanmajia>therefore how does the mach device interface work? <damo22>but to contribute code to hurd i think you have to assign copyright to FSF <tpanmajia>I'm not surprised to see FSF in copyright lines now... <youpi>tpanmajia: just one thing I see missing in the discussion: raw I/O access (inb/outb) are restricted through the I/O task mask in the x86 processor <youpi>root-owned processes can request allowance through the ioperm() function that calls into the kernel <youpi>the actual call into the kernel is actually a capability-based thing <youpi>and pci-arbiter will be able to just transfer that capability <youpi>thus effectively transferring the right to manipulate a given PCI card, and only that <youpi>with DMA virtualization (VT-D), that's safe <youpi>not the same exact call, but same principle: capability <tpanmajia>I'm wondering that why there is no equivalent of process capability in Hurd <youpi>there is, it's basically *all* about it <youpi>*everything* is a capability <youpi>an open file is simply a capability to read/write its data <youpi>__i386_io_perm_create for the I/O port access <youpi>the capabilities being represented by a mach port <tpanmajia>...and I'm researching how a microkernel could restrict its potential of raw device access <youpi>err, by not providing the capability to everybody, simply? <tpanmajia>...since without restriction everyone could access raw devices <damo22>i was thinking of implementing IOMMU support for the pci-arbiter but its not easy <youpi>it's not about "restricting", it's about "allowing" <youpi>by default (without any mach port) a process can really not do much <youpi>apart from allocating memory, creating a thread, and computing <tpanmajia>can ports be understood as transfered capabilities... <youpi>transferred and transferrable <bk1603>Hey! Is the task for GNU mach code cleanup still up for grabs? I'd like to help with it if possible :) <youpi>bk1603: sure, it's always welcome :) <bk1603>youpi: Cool then! I will start right away. Also a disclaimer, I am a bit new to kernel development in general, and am also currently supposed to spend 6-7 hours on another project (the lockdown still leaves me with enough time though), so I might not be very productive in the beginning :p <bk1603>Though I hope to learn a lot from this and improve over time ***rekado_ is now known as rekado
<janneke>i'm writing a shepherd service for guix (on gnu/linux) that starts a qemu vm running the hurd <janneke>the working-title of that service is 'hurd-vm' <janneke>but we were wondering if there's a real name for such a thing <janneke>(thinking of neighborhurd, subhurd, ...) <ThinkT510>would subhurd imply that the parent is a hurd <ThinkT510>it's a shame the website doesn't have any news posts since 2016. it gives the impression nothing noteworthy has happened since. ***slyfox_ is now known as slyfox