[haiku-commits] haiku: hrev51866 - src/system/kernel src/system/kernel/vm headers/private/kernel/vm

  • From: mmlr@xxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Tue, 3 Apr 2018 18:10:44 -0400 (EDT)

hrev51866 adds 2 changesets to branch 'master'
old head: e1ceb339a0d71da3795ca3e32c8434d8efc1b1ca
new head: c101b576828471a84228eb01407efe2b370b0603
overview: 
http://cgit.haiku-os.org/haiku/log/?qt=range&q=c101b5768284+%5Ee1ceb339a0d7

----------------------------------------------------------------------------

321372e3ef2a: kernel: Make size argument to create_area_etc() size_t.
  
  It was limited to a uint32 and could for example be overflown by the
  slab MemoryManager that uses size_t on a 64 bit system.
  
  This aligns the signature with create_area() that already uses size_t
  for the size argument.
  
  Note that the function is currently private, so the impact should be
  limited.

c101b5768284: kernel: Implement FD limit check for select/poll.
  
  The amount of FDs that can be selected/polled needs to be limited by
  the RLIMIT_NOFILES.

                                            [ Michael Lotz <mmlr@xxxxxxxx> ]

----------------------------------------------------------------------------

3 files changed, 15 insertions(+), 3 deletions(-)
headers/private/kernel/vm/vm.h         |  2 +-
src/system/kernel/vm/vm.cpp            |  2 +-
src/system/kernel/wait_for_objects.cpp | 14 +++++++++++++-

############################################################################

Commit:      321372e3ef2a633c565697bc31a97006537b5e3c
URL:         http://cgit.haiku-os.org/haiku/commit/?id=321372e3ef2a
Author:      Michael Lotz <mmlr@xxxxxxxx>
Date:        Tue Apr  3 21:44:00 2018 UTC

kernel: Make size argument to create_area_etc() size_t.

It was limited to a uint32 and could for example be overflown by the
slab MemoryManager that uses size_t on a 64 bit system.

This aligns the signature with create_area() that already uses size_t
for the size argument.

Note that the function is currently private, so the impact should be
limited.

----------------------------------------------------------------------------

diff --git a/headers/private/kernel/vm/vm.h b/headers/private/kernel/vm/vm.h
index ce85089594..9cbf9848e4 100644
--- a/headers/private/kernel/vm/vm.h
+++ b/headers/private/kernel/vm/vm.h
@@ -76,7 +76,7 @@ void permit_page_faults(void);
 void forbid_page_faults(void);
 
 // private kernel only extension (should be moved somewhere else):
-area_id create_area_etc(team_id team, const char *name, uint32 size,
+area_id create_area_etc(team_id team, const char *name, size_t size,
                        uint32 lock, uint32 protection, uint32 flags, uint32 
guardSize,
                        const virtual_address_restrictions* 
virtualAddressRestrictions,
                        const physical_address_restrictions* 
physicalAddressRestrictions,
diff --git a/src/system/kernel/vm/vm.cpp b/src/system/kernel/vm/vm.cpp
index c3c1fb1123..478a0e5ba7 100644
--- a/src/system/kernel/vm/vm.cpp
+++ b/src/system/kernel/vm/vm.cpp
@@ -6079,7 +6079,7 @@ clone_area(const char* name, void** _address, uint32 
addressSpec,
 
 
 area_id
-create_area_etc(team_id team, const char* name, uint32 size, uint32 lock,
+create_area_etc(team_id team, const char* name, size_t size, uint32 lock,
        uint32 protection, uint32 flags, uint32 guardSize,
        const virtual_address_restrictions* virtualAddressRestrictions,
        const physical_address_restrictions* physicalAddressRestrictions,

############################################################################

Revision:    hrev51866
Commit:      c101b576828471a84228eb01407efe2b370b0603
URL:         http://cgit.haiku-os.org/haiku/commit/?id=c101b5768284
Author:      Michael Lotz <mmlr@xxxxxxxx>
Date:        Tue Apr  3 21:50:39 2018 UTC

kernel: Implement FD limit check for select/poll.

The amount of FDs that can be selected/polled needs to be limited by
the RLIMIT_NOFILES.

----------------------------------------------------------------------------

diff --git a/src/system/kernel/wait_for_objects.cpp 
b/src/system/kernel/wait_for_objects.cpp
index dbb6ffdb54..edc3b8a286 100644
--- a/src/system/kernel/wait_for_objects.cpp
+++ b/src/system/kernel/wait_for_objects.cpp
@@ -906,6 +906,15 @@ _kern_wait_for_objects(object_wait_info* infos, int 
numInfos, uint32 flags,
 //     #pragma mark - User syscalls
 
 
+static bool
+check_max_fds(int numFDs)
+{
+       struct io_context *context = get_current_io_context(false);
+       MutexLocker(&context->io_mutex);
+       return numFDs <= context->table_size;
+}
+
+
 ssize_t
 _user_select(int numFDs, fd_set *userReadSet, fd_set *userWriteSet,
        fd_set *userErrorSet, bigtime_t timeout, const sigset_t *userSigMask)
@@ -917,7 +926,7 @@ _user_select(int numFDs, fd_set *userReadSet, fd_set 
*userWriteSet,
 
        syscall_restart_handle_timeout_pre(timeout);
 
-       if (numFDs < 0)
+       if (numFDs < 0 || !check_max_fds(numFDs))
                return B_BAD_VALUE;
 
        if ((userReadSet != NULL && !IS_USER_ADDRESS(userReadSet))
@@ -1013,6 +1022,9 @@ _user_poll(struct pollfd *userfds, int numFDs, bigtime_t 
timeout)
                        ? syscall_restart_handle_timeout_post(result, timeout) 
: result;
        }
 
+       if (!check_max_fds(numFDs))
+               return B_BAD_VALUE;
+
        // copy parameters
        if (userfds == NULL || !IS_USER_ADDRESS(userfds))
                return B_BAD_ADDRESS;


Other related posts:

  • » [haiku-commits] haiku: hrev51866 - src/system/kernel src/system/kernel/vm headers/private/kernel/vm - mmlr