[haiku-commits] haiku: hrev53481 - in src: system/kernel/device_manager system/kernel add-ons/kernel/bus_managers/acpi add-ons/kernel/busses/usb system/kernel/fs

  • From: waddlesplash <waddlesplash@xxxxxxxxx>
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Fri, 13 Sep 2019 22:34:25 -0400 (EDT)

hrev53481 adds 6 changesets to branch 'master'
old head: b3a12553f88eee076182bbe4b7479bd3b918fdd9
new head: 2b5ebfcfd578f177968c5b923e5ccd6eb0195674
overview: 
https://git.haiku-os.org/haiku/log/?qt=range&q=2b5ebfcfd578+%5Eb3a12553f88e

----------------------------------------------------------------------------

19e017cb130a: XHCI: Clarify a comment.
  
  No functional change.

cf344027f830: kernel: Add padding in mutex fields for equivalent 
KDEBUG/non-KDEBUG sizing.
  
  Non-KDEBUG kernels and kernel add-ons use atomic operations to acquire
  and release the locks inline, so non-KDEBUG kernels/addons are only
  compatible with other non-KDEBUG kernels/addons.
  
  Following this change, though, KDEBUG kernels/addons should be able
  to run under non-KDEBUG kernels/addons, too, since they always call
  into the actual kernel functions and do not inline anything of
  consequence.

48a00c0f66b2: acpi: Support namespace reads into user addresses.
  
  Fixes #15176.

750b43405ad6: kernel/device_manager: Add NULL checks before function calls.
  
  Fixes #15175.

e315daa9c1dd: kernel/thread: Clarify permissions checking logic.
  
  No functional change intended; but if I missed a case,
  it will now be caught by the "return false" instead of
  the "return true", which is a better default.

2b5ebfcfd578: kernel/fs: Add missing IS_USER_ADDRESS check in user_vector_io.
  
  The iovecs themselves were checked before they were copied,
  but the iov_base inside each was not, making it possible
  for evil (or just broken) user applications to put kernel
  addresses in here.
  
  Part of #14961.

                              [ Augustin Cavalier <waddlesplash@xxxxxxxxx> ]

----------------------------------------------------------------------------

6 files changed, 33 insertions(+), 8 deletions(-)
headers/private/kernel/lock.h                            |  3 +++
src/add-ons/kernel/bus_managers/acpi/NamespaceDump.cpp   |  6 +++++-
src/add-ons/kernel/busses/usb/xhci.cpp                   |  3 +--
.../kernel/device_manager/AbstractModuleDevice.cpp       | 12 ++++++++++++
src/system/kernel/fs/fd.cpp                              |  7 +++++++
src/system/kernel/thread.cpp                             | 10 +++++-----

############################################################################

Commit:      19e017cb130ab53050fe3aeb8cda3c7aadc81e4f
URL:         https://git.haiku-os.org/haiku/commit/?id=19e017cb130a
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Sat Sep 14 01:32:58 2019 UTC

XHCI: Clarify a comment.

No functional change.

----------------------------------------------------------------------------

diff --git a/src/add-ons/kernel/busses/usb/xhci.cpp 
b/src/add-ons/kernel/busses/usb/xhci.cpp
index c0f9b34ac2..831b1feab3 100644
--- a/src/add-ons/kernel/busses/usb/xhci.cpp
+++ b/src/add-ons/kernel/busses/usb/xhci.cpp
@@ -325,8 +325,7 @@ XHCI::XHCI(pci_info *info, Stack *stack)
        legctlsts |= XHCI_LEGCTLSTS_EVENTS_SMI;
        WriteCapReg32(eecp + XHCI_LEGCTLSTS, legctlsts);
 
-       // On Intel's Panther Point and Lynx Point Chipset taking ownership
-       // of EHCI owned ports, is what we do here.
+       // We need to explicitly take ownership of EHCI ports on earlier Intel 
chipsets.
        if (fPCIInfo->vendor_id == PCI_VENDOR_INTEL) {
                switch (fPCIInfo->device_id) {
                        case PCI_DEVICE_INTEL_PANTHER_POINT_XHCI:

############################################################################

Commit:      cf344027f830f8ecf9e834c49117e8c745db6bd6
URL:         https://git.haiku-os.org/haiku/commit/?id=cf344027f830
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Sat Sep 14 01:36:59 2019 UTC

kernel: Add padding in mutex fields for equivalent KDEBUG/non-KDEBUG sizing.

Non-KDEBUG kernels and kernel add-ons use atomic operations to acquire
and release the locks inline, so non-KDEBUG kernels/addons are only
compatible with other non-KDEBUG kernels/addons.

Following this change, though, KDEBUG kernels/addons should be able
to run under non-KDEBUG kernels/addons, too, since they always call
into the actual kernel functions and do not inline anything of
consequence.

----------------------------------------------------------------------------

diff --git a/headers/private/kernel/lock.h b/headers/private/kernel/lock.h
index bcc53c54d9..500118bf53 100644
--- a/headers/private/kernel/lock.h
+++ b/headers/private/kernel/lock.h
@@ -24,6 +24,7 @@ typedef struct mutex {
        spinlock                                lock;
 #if KDEBUG
        thread_id                               holder;
+       uint16                                  _unused;
 #else
        int32                                   count;
        uint16                                  ignore_unlock_count;
@@ -38,6 +39,8 @@ typedef struct recursive_lock {
        mutex           lock;
 #if !KDEBUG
        thread_id       holder;
+#else
+       int32           _unused;
 #endif
        int                     recursion;
 } recursive_lock;

############################################################################

Commit:      48a00c0f66b21df1167d7b8cf5a8940c7425c0f9
URL:         https://git.haiku-os.org/haiku/commit/?id=48a00c0f66b2
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Sat Sep 14 02:03:10 2019 UTC

Ticket:      https://dev.haiku-os.org/ticket/15176

acpi: Support namespace reads into user addresses.

Fixes #15176.

----------------------------------------------------------------------------

diff --git a/src/add-ons/kernel/bus_managers/acpi/NamespaceDump.cpp 
b/src/add-ons/kernel/bus_managers/acpi/NamespaceDump.cpp
index 3a0e90126f..3b930b947f 100644
--- a/src/add-ons/kernel/bus_managers/acpi/NamespaceDump.cpp
+++ b/src/add-ons/kernel/bus_managers/acpi/NamespaceDump.cpp
@@ -14,6 +14,7 @@
 
 #include <Drivers.h>
 
+#include <kernel.h>
 #include <util/kernel_cpp.h>
 #include <util/ring_buffer.h>
 
@@ -389,7 +390,10 @@ RingBuffer::~RingBuffer()
 size_t
 RingBuffer::Read(void *buffer, ssize_t size)
 {
-       return ring_buffer_read(fBuffer, (uint8*)buffer, size);
+       if (IS_USER_ADDRESS(buffer))
+               return ring_buffer_user_read(fBuffer, (uint8*)buffer, size);
+       else
+               return ring_buffer_read(fBuffer, (uint8*)buffer, size);
 }
 
 

############################################################################

Commit:      750b43405ad64601c738d87fe2348b2ea7ad655d
URL:         https://git.haiku-os.org/haiku/commit/?id=750b43405ad6
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Sat Sep 14 02:09:53 2019 UTC

Ticket:      https://dev.haiku-os.org/ticket/15175

kernel/device_manager: Add NULL checks before function calls.

Fixes #15175.

----------------------------------------------------------------------------

diff --git a/src/system/kernel/device_manager/AbstractModuleDevice.cpp 
b/src/system/kernel/device_manager/AbstractModuleDevice.cpp
index e78673fd15..c03675db52 100644
--- a/src/system/kernel/device_manager/AbstractModuleDevice.cpp
+++ b/src/system/kernel/device_manager/AbstractModuleDevice.cpp
@@ -68,6 +68,8 @@ AbstractModuleDevice::Open(const char* path, int openMode, 
void** _cookie)
 status_t
 AbstractModuleDevice::Read(void* cookie, off_t pos, void* buffer, size_t* 
_length)
 {
+       if (Module()->read == NULL)
+               return BaseDevice::Read(cookie, pos, buffer, _length);
        return Module()->read(cookie, pos, buffer, _length);
 }
 
@@ -75,6 +77,8 @@ AbstractModuleDevice::Read(void* cookie, off_t pos, void* 
buffer, size_t* _lengt
 status_t
 AbstractModuleDevice::Write(void* cookie, off_t pos, const void* buffer, 
size_t* _length)
 {
+       if (Module()->write == NULL)
+               return BaseDevice::Write(cookie, pos, buffer, _length);
        return Module()->write(cookie, pos, buffer, _length);
 }
 
@@ -82,6 +86,8 @@ AbstractModuleDevice::Write(void* cookie, off_t pos, const 
void* buffer, size_t*
 status_t
 AbstractModuleDevice::IO(void* cookie, io_request* request)
 {
+       if (Module()->io == NULL)
+               return BaseDevice::IO(cookie, request);
        return Module()->io(cookie, request);
 }
 
@@ -89,6 +95,8 @@ AbstractModuleDevice::IO(void* cookie, io_request* request)
 status_t
 AbstractModuleDevice::Control(void* cookie, int32 op, void* buffer, size_t 
length)
 {
+       if (Module()->control == NULL)
+               return BaseDevice::Control(cookie, op, buffer, length);
        return Module()->control(cookie, op, buffer, length);
 }
 
@@ -96,6 +104,8 @@ AbstractModuleDevice::Control(void* cookie, int32 op, void* 
buffer, size_t lengt
 status_t
 AbstractModuleDevice::Select(void* cookie, uint8 event, selectsync* sync)
 {
+       if (Module()->select == NULL)
+               return BaseDevice::Select(cookie, event, sync);
        return Module()->select(cookie, event, sync);
 }
 
@@ -103,6 +113,8 @@ AbstractModuleDevice::Select(void* cookie, uint8 event, 
selectsync* sync)
 status_t
 AbstractModuleDevice::Deselect(void* cookie, uint8 event, selectsync* sync)
 {
+       if (Module()->deselect == NULL)
+               return BaseDevice::Deselect(cookie, event, sync);
        return Module()->deselect(cookie, event, sync);
 }
 

############################################################################

Commit:      e315daa9c1ddc75e252aa8f15c88857f14ff5ca8
URL:         https://git.haiku-os.org/haiku/commit/?id=e315daa9c1dd
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Sat Sep 14 02:10:23 2019 UTC

kernel/thread: Clarify permissions checking logic.

No functional change intended; but if I missed a case,
it will now be caught by the "return false" instead of
the "return true", which is a better default.

----------------------------------------------------------------------------

diff --git a/src/system/kernel/thread.cpp b/src/system/kernel/thread.cpp
index a893434374..4ea3f605c7 100644
--- a/src/system/kernel/thread.cpp
+++ b/src/system/kernel/thread.cpp
@@ -3008,12 +3008,12 @@ thread_check_permissions(const Thread* currentThread, 
const Thread* thread,
        if (thread->team->id == team_get_kernel_team_id())
                return false;
 
-       if (thread->team != currentThread->team
-                       && currentThread->team->effective_uid != 0
-                       && thread->team->real_uid != 
currentThread->team->real_uid)
-               return false;
+       if (thread->team == currentThread->team
+                       || currentThread->team->effective_uid == 0
+                       || thread->team->real_uid == 
currentThread->team->real_uid)
+               return true;
 
-       return true;
+       return false;
 }
 
 

############################################################################

Revision:    hrev53481
Commit:      2b5ebfcfd578f177968c5b923e5ccd6eb0195674
URL:         https://git.haiku-os.org/haiku/commit/?id=2b5ebfcfd578
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Sat Sep 14 02:11:27 2019 UTC

Ticket:      https://dev.haiku-os.org/ticket/14961

kernel/fs: Add missing IS_USER_ADDRESS check in user_vector_io.

The iovecs themselves were checked before they were copied,
but the iov_base inside each was not, making it possible
for evil (or just broken) user applications to put kernel
addresses in here.

Part of #14961.

----------------------------------------------------------------------------

diff --git a/src/system/kernel/fs/fd.cpp b/src/system/kernel/fs/fd.cpp
index 837d1d07a0..db0f34b120 100644
--- a/src/system/kernel/fs/fd.cpp
+++ b/src/system/kernel/fs/fd.cpp
@@ -822,6 +822,13 @@ common_user_vector_io(int fd, off_t pos, const iovec* 
userVecs, size_t count,
 
        ssize_t bytesTransferred = 0;
        for (uint32 i = 0; i < count; i++) {
+               if (!IS_USER_ADDRESS(vecs[i].iov_base)) {
+                       status = B_BAD_ADDRESS;
+                       if (bytesTransferred == 0)
+                               return status;
+                       break;
+               }
+
                size_t length = vecs[i].iov_len;
                if (write) {
                        status = descriptor->ops->fd_write(descriptor, pos,


Other related posts:

  • » [haiku-commits] haiku: hrev53481 - in src: system/kernel/device_manager system/kernel add-ons/kernel/bus_managers/acpi add-ons/kernel/busses/usb system/kernel/fs - waddlesplash