RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 02:17:34 +00:00
Code Issues Activity Actions

Kernel: Use Userspace<T> in sys$sigaction()

Browse source 
fuzz-syscalls found a bunch of unaligned accesses into struct sigaction
via this syscall. This patch fixes that issue by porting the syscall
to Userspace<T> which we should have done anyway. :^)

Fixes #5500.
This commit is contained in:
Andreas Kling 2021-03-01 14:05:42 +01:00
parent 261b30e120
commit 6a6eb8844a
2 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Process.h
View file

@ -279,7 +279,7 @@ public:
KResultOr<pid_t> sys$fork(RegisterState&); KResultOr<pid_t> sys$fork(RegisterState&);
KResultOr<int> sys$execve(Userspace<const Syscall::SC_execve_params*>); KResultOr<int> sys$execve(Userspace<const Syscall::SC_execve_params*>);
KResultOr<int> sys$dup2(int old_fd, int new_fd); KResultOr<int> sys$dup2(int old_fd, int new_fd);
KResultOr<int> sys$sigaction(int signum, const sigaction* act, sigaction* old_act); KResultOr<int> sys$sigaction(int signum, Userspace<const sigaction*> act, Userspace<sigaction*> old_act);
KResultOr<int> sys$sigprocmask(int how, Userspace<const sigset_t*> set, Userspace<sigset_t*> old_set); KResultOr<int> sys$sigprocmask(int how, Userspace<const sigset_t*> set, Userspace<sigset_t*> old_set);
KResultOr<int> sys$sigpending(Userspace<sigset_t*>); KResultOr<int> sys$sigpending(Userspace<sigset_t*>);
KResultOr<int> sys$getgroups(ssize_t, Userspace<gid_t*>); KResultOr<int> sys$getgroups(ssize_t, Userspace<gid_t*>);

22
Kernel/Syscalls/sigaction.cpp
View file

@ -69,23 +69,27 @@ KResultOr<int> Process::sys$sigpending(Userspace<sigset_t*> set)
return 0; return 0;
} }
KResultOr<int> Process::sys$sigaction(int signum, const sigaction* act, sigaction* old_act) KResultOr<int> Process::sys$sigaction(int signum, Userspace<const sigaction*> user_act, Userspace<sigaction*> user_old_act)
{ {
REQUIRE_PROMISE(sigaction); REQUIRE_PROMISE(sigaction);
if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP) if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP)
return EINVAL; return EINVAL;
sigaction act {};
if (!copy_from_user(&act, user_act))
return EFAULT;
InterruptDisabler disabler; // FIXME: This should use a narrower lock. Maybe a way to ignore signals temporarily? InterruptDisabler disabler; // FIXME: This should use a narrower lock. Maybe a way to ignore signals temporarily?
auto& action = Thread::current()->m_signal_action_data[signum]; auto& action = Thread::current()->m_signal_action_data[signum];
if (old_act) { if (user_old_act) {
if (!copy_to_user(&old_act->sa_flags, &action.flags)) sigaction old_act {};
return EFAULT; old_act.sa_flags = action.flags;
if (!copy_to_user(&old_act->sa_sigaction, &action.handler_or_sigaction, sizeof(action.handler_or_sigaction))) old_act.sa_sigaction = reinterpret_cast<decltype(old_act.sa_sigaction)>(action.handler_or_sigaction.as_ptr());
if (!copy_to_user(user_old_act, &old_act))
return EFAULT; return EFAULT;
} }
if (!copy_from_user(&action.flags, &act->sa_flags)) action.flags = act.sa_flags;
return EFAULT; action.handler_or_sigaction = VirtualAddress { reinterpret_cast<void*>(act.sa_sigaction) };
if (!copy_from_user(&action.handler_or_sigaction, &act->sa_sigaction, sizeof(action.handler_or_sigaction)))
return EFAULT;
return 0; return 0;
} }