nuttx icon indicating copy to clipboard operation
nuttx copied to clipboard
verified publisher icon apache

Addresses an issue of multiple invalid loops in the rpmsgfs_mkpath function

Open sszllxos opened this issue 1 month ago • 4 comments

Summary

This commit addresses an issue of multiple invalid loops in the rpmsgfs_mkpath function under specific cross-system mount scenarios.

Problem Description: The mount command in the NuttX shell is as follows:

mount -t rpmsgfs -o cpu=server,fs=/root/demo/fold /nuttx_fold

Running “ls nuttx_fold“ correctly lists the contents of the /root/demo/fold directory on the Linux side. However, if NuttX is compromised by a hacker, the hacker could modify the input parameters of the ls command. Without directory access restrictions implemented on the Linux side, this would allow the hacker to arbitrarily access any directory on the Linux system.

When directory access restrictions are implemented on the Linux side—such as modifying the rpmsgfs driver on the Linux side to return "permission deny" upon detecting unauthorized access—the rpmsgfs_client_stat function in rpmsgfs_mkpath (on the NuttX side) fails to handle this error and continues waiting in the while loop.

Impact

Only modifies the error handling branch in rpmsgfs_mkpath, with no impact on other functions of the rpmsgfs module.

Testing

In the Linux shell, create the directory /root/demo/fold, and restrict NuttX from accessing the fold directory itself by configuring the rpmsg_fs driver.

In Nuttx shell:

mount -t rpmsgfs -o cpu=server,fs=/root/demo/fold /nuttx_fold
ls /nuttx_fold

Nuttx shell output:

proxy> mount -t rpmsgfs -o cpu=server,fs=/root/demo/fold nuttx_fold
proxy> ls
proxy> ls nuttx_fold
nsh: ls: stat failed: 13

Signed-off-by: Lijing [email protected]

sszllxos avatar Nov 01 '25 03:11 sszllxos

Note: I re-formatted your PR description so that it displays with wrapped lines on GitHub. Otherwise it was very difficult to read because text required scrolling to the right quite far.

linguini1 avatar Nov 01 '25 19:11 linguini1

@sszllxos nice finding. Could you please tell me which link interface are you using to connect Linux and NuttX?

@xiaoxiang781216 did you submit the RPMsg SPI driver to Linux mainline?

acassis avatar Nov 01 '25 21:11 acassis

@xiaoxiang781216 did you submit the RPMsg SPI driver to Linux mainline?

not yet.

xiaoxiang781216 avatar Nov 02 '25 06:11 xiaoxiang781216

@acassis RPMsg SPI driver

sszllxos avatar Nov 02 '25 13:11 sszllxos