From bf4e536f00232acd6dc42f57eda9d916c7dd746b Mon Sep 17 00:00:00 2001 From: Rodrigo Tobar Date: Mon, 11 Oct 2021 21:47:21 +0800 Subject: [PATCH] Kernel: Correctly interpret ioctl's FIONBIO user value Values in `ioctl` are given through a pointer, but ioctl's FIONBIO implementation was interpreting this pointer as an integer directly. This meant that programs using `ioctl` to set a file descriptor in blocking mode met with incorrect behavior: they passed a non-null pointer pointing to a value of 0, but the kernel interpreted the pointer as a non-zero integer, thus making the file non-blocking. This commit fixes this behavior by reading the value from the userspace pointer and using that to set the non-blocking flag on the file descriptor. This bug was found while trying to run the openssl tool on serenity, which used `ioctl` to ensure newly-created sockets are in blocking mode. --- Kernel/Syscalls/ioctl.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Kernel/Syscalls/ioctl.cpp b/Kernel/Syscalls/ioctl.cpp index b5b078186e..0f2a675dfd 100644 --- a/Kernel/Syscalls/ioctl.cpp +++ b/Kernel/Syscalls/ioctl.cpp @@ -4,6 +4,7 @@ * SPDX-License-Identifier: BSD-2-Clause */ +#include #include #include #include @@ -15,7 +16,9 @@ KResultOr Process::sys$ioctl(int fd, unsigned request, FlatPtr arg) VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this) auto description = TRY(fds().open_file_description(fd)); if (request == FIONBIO) { - description->set_blocking(arg == 0); + int non_blocking; + TRY(copy_from_user(&non_blocking, Userspace(arg))); + description->set_blocking(non_blocking == 0); return KSuccess; } return description->file().ioctl(*description, request, arg);