1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 04:07:44 +00:00

Kernel: Use Userspace<T> in sys$sigaction()

fuzz-syscalls found a bunch of unaligned accesses into struct sigaction
via this syscall. This patch fixes that issue by porting the syscall
to Userspace<T> which we should have done anyway. :^)

Fixes #5500.
This commit is contained in:
Andreas Kling 2021-03-01 14:05:42 +01:00
parent 261b30e120
commit 6a6eb8844a
2 changed files with 14 additions and 10 deletions

View file

@ -69,23 +69,27 @@ KResultOr<int> Process::sys$sigpending(Userspace<sigset_t*> set)
return 0;
}
KResultOr<int> Process::sys$sigaction(int signum, const sigaction* act, sigaction* old_act)
KResultOr<int> Process::sys$sigaction(int signum, Userspace<const sigaction*> user_act, Userspace<sigaction*> user_old_act)
{
REQUIRE_PROMISE(sigaction);
if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP)
return EINVAL;
sigaction act {};
if (!copy_from_user(&act, user_act))
return EFAULT;
InterruptDisabler disabler; // FIXME: This should use a narrower lock. Maybe a way to ignore signals temporarily?
auto& action = Thread::current()->m_signal_action_data[signum];
if (old_act) {
if (!copy_to_user(&old_act->sa_flags, &action.flags))
return EFAULT;
if (!copy_to_user(&old_act->sa_sigaction, &action.handler_or_sigaction, sizeof(action.handler_or_sigaction)))
if (user_old_act) {
sigaction old_act {};
old_act.sa_flags = action.flags;
old_act.sa_sigaction = reinterpret_cast<decltype(old_act.sa_sigaction)>(action.handler_or_sigaction.as_ptr());
if (!copy_to_user(user_old_act, &old_act))
return EFAULT;
}
if (!copy_from_user(&action.flags, &act->sa_flags))
return EFAULT;
if (!copy_from_user(&action.handler_or_sigaction, &act->sa_sigaction, sizeof(action.handler_or_sigaction)))
return EFAULT;
action.flags = act.sa_flags;
action.handler_or_sigaction = VirtualAddress { reinterpret_cast<void*>(act.sa_sigaction) };
return 0;
}