Group creation logic must use new group flag when allocating resources so that the privileges on the resource are set correctly

sched/group/Make.defs

@@ -52,6 +52,14 @@ ifneq ($(CONFIG_DISABLE_SIGNALS),y)
 GRP_SRCS += group_signal.c
 endif
 
+ifeq ($(CONFIG_BUILD_PROTECTED),y)
+GRP_SRCS += group_malloc.c group_zalloc.c group_free.c
+else
+ifeq ($(CONFIG_BUILD_KERNEL),y)
+GRP_SRCS += group_malloc.c group_zalloc.c group_free.c
+endif
+endif
+
 # Include group build support
 
 DEPPATH += --dep-path group

sched/group/group.h

@@ -114,6 +114,25 @@ int group_foreachchild(FAR struct task_group_s *group,
 int group_killchildren(FAR struct task_tcb_s *tcb);
 #endif
 
+/* Group memory management */
+
+#if (defined(CONFIG_BUILD_PROTECTED) || defined(CONFIG_BUILD_KERNEL)) && \
+     defined(CONFIG_MM_KERNEL_HEAP)
+  /* Functions to pick the correct allocator based on group privileges */
+
+FAR void *group_malloc(FAR struct task_group_s *group, size_t nbytes);
+FAR void *group_zalloc(FAR struct task_group_s *group, size_t nbytes);
+void group_free(FAR struct task_group_s *group, FAR void *mem);
+
+#else
+  /* There is only one allocator */
+
+#  define group_malloc(g,n) kumm_malloc(size)
+#  define group_zalloc(g,n) kumm_zalloc(size)
+#  define group_free(g,m)   kumm_free(size)
+
+#endif
+
 #ifdef CONFIG_ARCH_ADDRENV
 /* Group address environment management */
 

sched/group/group_create.c

@@ -157,7 +157,7 @@ static void group_assigngid(FAR struct task_group_s *group)
  * Description:
  *   Create and a new task group structure for the specified TCB. This
  *   function is called as part of the task creation sequence.  The structure
- *   allocated and zered, but otherwise uninitialized.  The full creation
+ *   allocated and zeroed, but otherwise uninitialized.  The full creation
  *   of the group of a two step process:  (1) First, this function allocates
  *   group structure early in the task creation sequence in order to provide a
  *   group container, then (2) group_initialize() is called to set up the
@@ -192,6 +192,14 @@ int group_allocate(FAR struct task_tcb_s *tcb)
 
 #if CONFIG_NFILE_STREAMS > 0 && (defined(CONFIG_BUILD_PROTECTED) || \
     defined(CONFIG_BUILD_KERNEL)) && defined(CONFIG_MM_KERNEL_HEAP)
+  /* If this group is being created for a privileged thread, then all elements
+   * of the group must be created for privileged access.
+   */
+
+  if ((tcb->cmn.flags & TCB_FLAG_TTYPE_MASK) == TCB_FLAG_TTYPE_KERNEL)
+    {
+      group->tg_flags |= GROUP_FLAG_PRIVILEGED;
+    }
 
   /* In a flat, single-heap build.  The stream list is allocated with the
    * group structure.  But in a kernel build with a kernel allocator, it
@@ -199,7 +207,7 @@ int group_allocate(FAR struct task_tcb_s *tcb)
    */
 
   group->tg_streamlist = (FAR struct streamlist *)
-    kumm_zalloc(sizeof(struct streamlist));
+    group_zalloc(group, sizeof(struct streamlist));
 
   if (!group->tg_streamlist)
     {
@@ -228,7 +236,7 @@ int group_allocate(FAR struct task_tcb_s *tcb)
     {
 #if CONFIG_NFILE_STREAMS > 0 && (defined(CONFIG_BUILD_PROTECTED) || \
     defined(CONFIG_BUILD_KERNEL)) && defined(CONFIG_MM_KERNEL_HEAP)
-      kumm_free(group->tg_streamlist);
+      group_free(group, group->tg_streamlist);
 #endif
       kmm_free(group);
       tcb->cmn.group = NULL;

sched/group/group_free.c

@@ -0,0 +1,103 @@
+/************************************************************************
+ * sched/group/group_free.c
+ *
+ *   Copyright (C) 2014 Gregory Nutt. All rights reserved.
+ *   Author: Gregory Nutt <gnutt@nuttx.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ************************************************************************/
+
+/************************************************************************
+ * Included Files
+ ************************************************************************/
+
+#include <sys/types.h>
+
+#include <nuttx/sched.h>
+#include <nuttx/kmalloc.h>
+
+#include "group/group.h"
+
+#if (defined(CONFIG_BUILD_PROTECTED) || defined(CONFIG_BUILD_KERNEL)) && \
+     defined(CONFIG_MM_KERNEL_HEAP)
+
+/************************************************************************
+ * Pre-processor Definitions
+ ************************************************************************/
+
+/************************************************************************
+ * Private Type Declarations
+ ************************************************************************/
+
+/************************************************************************
+ * Global Variables
+ ************************************************************************/
+
+/************************************************************************
+ * Private Variables
+ ************************************************************************/
+
+/************************************************************************
+ * Private Function Prototypes
+ ************************************************************************/
+
+/************************************************************************
+ * Public Functions
+ ************************************************************************/
+
+/************************************************************************
+ * Name: group_free
+ *
+ * Description:
+ *   Free memory appropriate previously allocated via group_malloc() using
+ *   the appropriate memory manager.
+ *
+ ************************************************************************/
+
+void group_free(FAR struct task_group_s *group, FAR void *mem)
+{
+  /* Check the group is privileged */
+
+  if ((group->tg_flags & GROUP_FLAG_PRIVILEGED) != 0)
+    {
+      /* It is a privileged group... use the kernel mode memory allocator */
+
+      return kmm_free(mem);
+    }
+  else
+    {
+      /* This is an unprivileged group... use the user mode memory
+       * allocator.
+       */
+
+      return kumm_free(mem);
+    }
+}
+
+#endif  /* CONFIG_BUILD_PROTECTED || CONFIG_BUILD_KERNEL) && CONFIG_MM_KERNEL_HEAP */

sched/group/group_malloc.c

@@ -0,0 +1,106 @@
+/************************************************************************
+ * sched/group/group_malloc.c
+ *
+ *   Copyright (C) 2014 Gregory Nutt. All rights reserved.
+ *   Author: Gregory Nutt <gnutt@nuttx.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ************************************************************************/
+
+/************************************************************************
+ * Included Files
+ ************************************************************************/
+
+#include <sys/types.h>
+
+#include <nuttx/sched.h>
+#include <nuttx/kmalloc.h>
+
+#include "group/group.h"
+
+#if (defined(CONFIG_BUILD_PROTECTED) || defined(CONFIG_BUILD_KERNEL)) && \
+     defined(CONFIG_MM_KERNEL_HEAP)
+
+/************************************************************************
+ * Pre-processor Definitions
+ ************************************************************************/
+
+/************************************************************************
+ * Private Type Declarations
+ ************************************************************************/
+
+/************************************************************************
+ * Global Variables
+ ************************************************************************/
+
+/************************************************************************
+ * Private Variables
+ ************************************************************************/
+
+/************************************************************************
+ * Private Function Prototypes
+ ************************************************************************/
+
+/************************************************************************
+ * Public Functions
+ ************************************************************************/
+
+/************************************************************************
+ * Name: group_malloc
+ *
+ * Description:
+ *   Allocate memory appropriate for the group type.  If the memory is
+ *   part of a privileged, then it should be allocated so that it is
+ *   only accessed by privileged code;  Otherwise, it is a user mode
+ *   group and must be allocated so that it accessible by unprivileged
+ *   code.
+ *
+ ************************************************************************/
+
+FAR void *group_malloc(FAR struct task_group_s *group, size_t nbytes)
+{
+  /* Check the group type */
+
+  if ((group->tg_flags & GROUP_FLAG_PRIVILEGED) != 0)
+    {
+      /* It is a privileged group... use the kernel mode memory allocator */
+
+      return kmm_malloc(nbytes);
+    }
+  else
+    {
+      /* This is an unprivileged group... use the user mode memory
+       * allocator.
+       */
+
+      return kumm_malloc(nbytes);
+    }
+}
+
+#endif  /* CONFIG_BUILD_PROTECTED || CONFIG_BUILD_KERNEL) && CONFIG_MM_KERNEL_HEAP */

sched/group/group_zalloc.c

@@ -0,0 +1,95 @@
+/************************************************************************
+ * sched/group/group_zalloc.c
+ *
+ *   Copyright (C) 2014 Gregory Nutt. All rights reserved.
+ *   Author: Gregory Nutt <gnutt@nuttx.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ************************************************************************/
+
+/************************************************************************
+ * Included Files
+ ************************************************************************/
+
+#include <sys/types.h>
+
+#include <string.h>
+
+#include "group/group.h"
+
+#if (defined(CONFIG_BUILD_PROTECTED) || defined(CONFIG_BUILD_KERNEL)) && \
+     defined(CONFIG_MM_KERNEL_HEAP)
+
+/************************************************************************
+ * Pre-processor Definitions
+ ************************************************************************/
+
+/************************************************************************
+ * Private Type Declarations
+ ************************************************************************/
+
+/************************************************************************
+ * Global Variables
+ ************************************************************************/
+
+/************************************************************************
+ * Private Variables
+ ************************************************************************/
+
+/************************************************************************
+ * Private Function Prototypes
+ ************************************************************************/
+
+/************************************************************************
+ * Public Functions
+ ************************************************************************/
+
+/************************************************************************
+ * Name: group_malloc
+ *
+ * Description:
+ *   Allocate memory and clear appropriate for the group type.  If the
+ *   memory is part of a privileged, then it should be allocated so
+ *   that it is only accessed by privileged code;  Otherwise, it must be
+ *   allocated so that it accessible by unprivileged code.
+ *
+ ************************************************************************/
+
+FAR void *group_zalloc(FAR struct task_group_s *group, size_t nbytes)
+{
+  FAR void *mem = group_malloc(group, nbytes);
+  if (mem)
+    {
+      memset(mem, 0, nbytes);
+    }
+
+  return mem;
+}
+
+#endif  /* CONFIG_BUILD_PROTECTED || CONFIG_BUILD_KERNEL) && CONFIG_MM_KERNEL_HEAP */