feat: 实现基于异常表的安全用户空间内存访问机制#1383
Merged
fslongjin merged 2 commits intoDragonOS-Community:masterfrom Nov 18, 2025
Merged
Conversation
Member
fslongjin
commented
Nov 18, 2025
fslongjin
commented
- 新增异常表机制,在系统调用中安全处理用户空间内存访问错误
- 实现带异常表保护的memcpy和memset函数,防止无效用户地址导致内核在内存拷贝处以及pagefault处理程序之间反复横跳
- 重构用户空间访问API,提供安全的UserBuffer包装类型
- 更新页错误处理程序,支持异常表修复路径
- 添加异常表测试程序,验证各种边界情况
- 更新内存管理文档,详细说明异常表设计原理和使用场景
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR implements a comprehensive exception table mechanism for safe user space memory access in DragonOS, addressing a critical kernel stability issue where invalid user addresses could cause kernel panics. The implementation adds exception table entries to memory copy operations, allowing the page fault handler to gracefully recover from invalid user memory accesses by redirecting to fixup code.
Key changes:
- Added exception table infrastructure with binary search for fast fixup lookup during page faults
- Implemented protected memory operations (
copy_from_user_protected,copy_to_user_protected,memset_with_exception_table) with inline assembly for x86_64 - Introduced
UserBufferwrapper type that guarantees all user space accesses go through exception-protected paths - Refactored system call handlers (sigaction, process management) to use the new protected APIs
Reviewed Changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| user/apps/c_unitest/test_exception_table.c | Test suite verifying exception table behavior with invalid pointers across multiple syscalls |
| kernel/src/syscall/user_buffer.rs | New UserBuffer type providing safe read/write/clear operations for user space memory |
| kernel/src/syscall/user_access.rs | Added protected copy functions and integration with UserBuffer API |
| kernel/src/syscall/mod.rs | Added user_buffer module to syscall subsystem |
| kernel/src/process/mod.rs | Updated to use clear_user_protected for thread cleanup |
| kernel/src/mm/mod.rs | Added trait methods for exception-table-protected memcpy and memset |
| kernel/src/ipc/syscall/sys_sigaction.rs | Refactored to use protected buffer access, removing unsafe pointer dereferences |
| kernel/src/ipc/signal_types.rs | Modified UserSigaction derive attributes for compatibility |
| kernel/src/exception/mod.rs | Added extable module to exception handling |
| kernel/src/exception/extable.rs | Core exception table search implementation with binary search algorithm |
| kernel/src/arch/x86_64/mm/mod.rs | x86_64-specific implementations of protected copy and memset using inline assembly |
| kernel/src/arch/x86_64/mm/fault.rs | Enhanced page fault handler to check exception table and perform fixups |
| kernel/src/arch/x86_64/link.lds | Added __ex_table section to linker script for exception table storage |
| docs/kernel/memory_management/extable_safe_copy_design.md | Comprehensive design documentation explaining mechanism and use cases |
| docs/kernel/memory_management/index.rst | Updated documentation index to include exception table design |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fslongjin
force-pushed
the
feat-kernel-fault-exception-table
branch
2 times, most recently
from
5686d8f to
b6b0512
Compare
- 新增异常表机制,在系统调用中安全处理用户空间内存访问错误 - 实现带异常表保护的memcpy和memset函数,防止无效用户地址导致内核在内存拷贝处以及pagefault处理程序之间反复横跳 - 重构用户空间访问API,提供安全的UserBuffer包装类型 - 更新页错误处理程序,支持异常表修复路径 - 添加异常表测试程序,验证各种边界情况 - 更新内存管理文档,详细说明异常表设计原理和使用场景 Signed-off-by: longjin <longjin@DragonOS.org>
fslongjin
force-pushed
the
feat-kernel-fault-exception-table
branch
from
b6b0512 to
c338171
Compare
- 添加 test_ebpf_new, test_ebpf_tp 到黑名单,原因:aya上游发版问题导致CI失败 Signed-off-by: longjin <longjin@DragonOS.org>
fslongjin
force-pushed
the
feat-kernel-fault-exception-table
branch
from
7a1c597 to
2ae13af
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.