[haiku-commits] haiku: hrev53377 - src/system/kernel/fs

  • From: waddlesplash <waddlesplash@xxxxxxxxx>
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Wed, 14 Aug 2019 19:11:27 -0400 (EDT)

hrev53377 adds 1 changeset to branch 'master'
old head: 925cb64e3cef4fe24227ec6be6d7f9761ce9ca06
new head: 8e84b3964633e545412cb2a053404246900938fc
overview: 
https://git.haiku-os.org/haiku/log/?qt=range&q=8e84b3964633+%5E925cb64e3cef

----------------------------------------------------------------------------

8e84b3964633: kernel: Reinstate the USER_ADDRESS check in ioctl (sort of).
  
  Thinking over this carefully, I realized that adding checks to
  every ioctl implementation in every driver would be very prohibitive,
  because there, one has to check is_called_via_syscall() in addition
  to IS_USER_ADDRESS(), and this would have to be done in every case.
  So that would take a massive amount of work, and it would be
  very easy to miss a case.
  
  Instead, we can take advantage of the fact that all we really care
  about is the buffer not existing within the kernel address space.
  This should allow using constants in the umappable range between
  0x0 and the beginning of the user address space, too.
  
  Change-Id: I2eeb46e806a5aac32e152c72076a042aa847be0d

                              [ Augustin Cavalier <waddlesplash@xxxxxxxxx> ]

----------------------------------------------------------------------------

Revision:    hrev53377
Commit:      8e84b3964633e545412cb2a053404246900938fc
URL:         https://git.haiku-os.org/haiku/commit/?id=8e84b3964633
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Fri Jul 12 03:58:33 2019 UTC

----------------------------------------------------------------------------

1 file changed, 5 insertions(+), 2 deletions(-)
src/system/kernel/fs/fd.cpp | 7 +++++--

----------------------------------------------------------------------------

diff --git a/src/system/kernel/fs/fd.cpp b/src/system/kernel/fs/fd.cpp
index 61ae1099a5..837d1d07a0 100644
--- a/src/system/kernel/fs/fd.cpp
+++ b/src/system/kernel/fs/fd.cpp
@@ -925,8 +925,11 @@ _user_ioctl(int fd, uint32 op, void* buffer, size_t length)
        TRACE(("user_ioctl: fd %d\n", fd));
 
        // "buffer" is not always a pointer depending on "op", so we cannot
-       // check that it is a userland buffer here; the underlying 
implementation
-       // must do that.
+       // check that it is a userland buffer here. Instead we check that
+       // it is at least not within the bounds of kernel memory; as in
+       // the cases where it is a numeric constant it is usually a low one.
+       if (IS_KERNEL_ADDRESS(buffer))
+               return B_BAD_ADDRESS;
 
        SyscallRestartWrapper<status_t> status;
 


Other related posts:

  • » [haiku-commits] haiku: hrev53377 - src/system/kernel/fs - waddlesplash