Hi guys,
just a note.
I understand that this is by design and, as pointed out, constrained to
users with access to device memory, but be aware that the media don't
understand (also don't care about) this kind of technical "details".
Moreover, based on my experience, I guess that potential attackers will go
hunting this kind of DoSs by abusing "by design" features (the same they
will target info leaks, side channels, etc). Expect a very high focus on
this kind of attacks.
Cheers,
El jue., 27 may. 2021 3:29, Gerwin Klein
Hi Indan,
On 27 May 2021, at 00:51, Indan Zupancic
wrote: I have an Atlassian account, but it seems you can't attach patches there, so I'm not sure how else to send this patch, other than creating a Github account. What is the preferred way to submit patches as an outsider?
As Axel says, the preferred method would be a pull request on GitHub, which also puts the code discussion directly next to the code.
It sounds like you might have already attached a patch to you message, but it didn't come through on the mailing list. This happened to me before as well -- I think the list is set up to strip attachments for security. If the GitHub option doesn't work for you, feel free to send me the patch directly and I'll raise a GitHub PR for you.
For the Jira tracker, there should be an "Attach" button on the top left of the issue screen once an issue is created. That should allow you to attach a file. Does that button appear for you? (If not, there might be some configuration option we might be able to tweak)
In terms of content: yes, halting the machine based on errors the user can trigger from user space is definitely not ideal, and we should do something about it. This case is at least somewhat constrained to users that have direct access to device memory, but if we can lock it down more, that would be good.
Cheers, Gerwin
_______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems