vm/map: implement mapBelongs for NOMMU#797
Conversation
There was a problem hiding this comment.
Code Review
This pull request updates the _vm_mapBelongs function in vm/map.c to support memory map validation on NOMMU architectures. It introduces checks to verify that the memory is accessible from userspace and resolves the map using syspage_mapAddrResolve and vm_getSharedMap. The review feedback correctly identifies a potential null pointer dereference when calling vm_getSharedMap and suggests adding a safety check before accessing its tree member.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
4bfd909 to
8fc7315
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request enables memory map validation on NOMMU systems within _vm_mapBelongs by checking userspace accessibility and resolving the memory range against shared maps. The review feedback highlights critical issues in this implementation, including a potential data race due to missing locks when querying a shared map, a missing boundary check for the resolved map's end, and a missing integer overflow check on the input memory range (ptr + size).
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
8fc7315 to
ae7ca32
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request refactors _vm_mapBelongs to map_belongs, moving the locking mechanism inside the function and adding support for NOMMU systems by resolving shared maps. It also introduces an overflow check for the memory range. The review feedback highlights a critical security vulnerability where lib_rbFind only checks for range overlap rather than full containment, potentially allowing access to unmapped or kernel memory. Additionally, checking the found entry outside the locked section poses a use-after-free risk. It is recommended to perform the containment check within the locked sections as suggested.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
30acb23 to
88a2776
Compare
Improve separation between processes with different physical maps. Verifying if provided memory is allocated at all can simplify debugging user applications. TASK: RTOS-1365
88a2776 to
b8caaf9
Compare
|
Containment and overflow checks suggested by gemini will be introduced in separate PR, as they break some CI tests. |
|
It's worth to notice this check introduces a silent assumption that checked region is contained within a single map. |
julianuziemblo
left a comment
There was a problem hiding this comment.
Could you also add simple test to test the case where map_belongs should fail and the syscall produce -EFAULT (on NOMMU and MMU)?
This is problematic, as currently kernel hangs on assertion when mapBelongs check fails in debug mode. |
| f = lib_treeof(map_entry_t, linkage, lib_rbFind(&proc->imapp->tree, &e.linkage)); | ||
| } | ||
| (void)proc_lockSet(&map->lock); | ||
| f = lib_treeof(map_entry_t, linkage, lib_rbFind(&map->tree, &e.linkage)); |
There was a problem hiding this comment.
so here, map is proc->mapp on MMU and the shared map resolved from syspage on NOMMU, yes?
Description
Improve separation between processes with different physical maps.
Verifying if provided memory is allocated at all can simplify debugging user applications.
Motivation and Context
Improves future partitioning isolation.
Fixes phoenix-rtos/phoenix-rtos-project#1593
Types of changes
How Has This Been Tested?
Checklist:
Special treatment