RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 22:57:34 +00:00
Code Issues Activity Actions

Kernel: Track allocated FileDescriptionAndFlag elements in each Process

Browse source 
The way the Process::FileDescriptions::allocate() API works today means
that two callers who allocate back to back without associating a
FileDescription with the allocated FD, will receive the same FD and thus
one will stomp over the other.

Naively tracking which FileDescriptions are allocated and moving onto
the next would introduce other bugs however, as now if you "allocate"
a fd and then return early further down the control flow of the syscall
you would leak that fd.

This change modifies this behavior by tracking which descriptions are
allocated and then having an RAII type to "deallocate" the fd if the
association is not setup the end of it's scope.
This commit is contained in:
Brian Gianforcaro 2021-07-27 23:59:24 -07:00 committed by Andreas Kling
parent ba03b6ad02
commit 4b2651ddab
11 changed files with 104 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

17
Kernel/Syscalls/pipe.cpp
View file

@ -33,19 +33,20 @@ KResultOr<FlatPtr> Process::sys$pipe(int pipefd[2], int flags)
auto reader_fd_or_error = m_fds.allocate();
if (reader_fd_or_error.is_error())
return reader_fd_or_error.error();
auto reader_fd = reader_fd_or_error.value();
m_fds[reader_fd].set(open_reader_result.release_value(), fd_flags);
m_fds[reader_fd].description()->set_readable(true);
if (!copy_to_user(&pipefd[0], &reader_fd))
auto reader_fd = reader_fd_or_error.release_value();
m_fds[reader_fd.fd].set(open_reader_result.release_value(), fd_flags);
m_fds[reader_fd.fd].description()->set_readable(true);
if (!copy_to_user(&pipefd[0], &reader_fd.fd))
return EFAULT;
auto writer_fd_or_error = m_fds.allocate();
if (writer_fd_or_error.is_error())
return writer_fd_or_error.error();
auto writer_fd = writer_fd_or_error.value();
m_fds[writer_fd].set(open_writer_result.release_value(), fd_flags);
m_fds[writer_fd].description()->set_writable(true);
if (!copy_to_user(&pipefd[1], &writer_fd))
auto writer_fd = writer_fd_or_error.release_value();
m_fds[writer_fd.fd].set(open_writer_result.release_value(), fd_flags);
m_fds[writer_fd.fd].description()->set_writable(true);
if (!copy_to_user(&pipefd[1], &writer_fd.fd))
return EFAULT;
return 0;