From 56a2c21e0c9177ce8ee66fee66eaaa497b6dfcb6 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Tue, 7 Jan 2020 07:29:50 +0100 Subject: [PATCH] Kernel: Don't leak kmalloc pointers through FIFO absolute paths Instead of using the FIFO's memory address as part of its absolute path identity, just use an incrementing FIFO index instead. Note that this is not used for anything other than debugging (it helps you identify which file descriptors refer to the same FIFO by looking at /proc/PID/fds --- Kernel/FileSystem/FIFO.cpp | 12 +++--------- Kernel/FileSystem/FIFO.h | 4 ++-- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/Kernel/FileSystem/FIFO.cpp b/Kernel/FileSystem/FIFO.cpp index 390a05d16f..967a77d7b0 100644 --- a/Kernel/FileSystem/FIFO.cpp +++ b/Kernel/FileSystem/FIFO.cpp @@ -16,14 +16,7 @@ Lockable>& all_fifos() return *s_table; } -RefPtr FIFO::from_fifo_id(u32 id) -{ - auto* ptr = reinterpret_cast(id); - LOCKER(all_fifos().lock()); - if (auto it = all_fifos().resource().find(ptr); it == all_fifos().resource().end()) - return nullptr; - return ptr; -} +static int s_next_fifo_id = 1; NonnullRefPtr FIFO::create(uid_t uid) { @@ -43,6 +36,7 @@ FIFO::FIFO(uid_t uid) { LOCKER(all_fifos().lock()); all_fifos().resource().set(this); + m_fifo_id = ++s_next_fifo_id; } FIFO::~FIFO() @@ -121,5 +115,5 @@ ssize_t FIFO::write(FileDescription&, const u8* buffer, ssize_t size) String FIFO::absolute_path(const FileDescription&) const { - return String::format("fifo:%u", this); + return String::format("fifo:%u", m_fifo_id); } diff --git a/Kernel/FileSystem/FIFO.h b/Kernel/FileSystem/FIFO.h index 2869545fe6..c38515f6d1 100644 --- a/Kernel/FileSystem/FIFO.h +++ b/Kernel/FileSystem/FIFO.h @@ -14,8 +14,6 @@ public: Writer }; - static RefPtr from_fifo_id(u32); - static NonnullRefPtr create(uid_t); virtual ~FIFO() override; @@ -43,4 +41,6 @@ private: DoubleBuffer m_buffer; uid_t m_uid { 0 }; + + int m_fifo_id { 0 }; };