RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 16:47:36 +00:00
Code Issues Activity Actions

Kernel: Fix SMAP violation in writev() syscall

Browse source
This commit is contained in:
Andreas Kling 2020-01-05 19:20:08 +01:00
parent f6691ad26e
commit c4a1ea34c2
1 changed files with 4 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Kernel/Process.cpp
View file

@ -1289,13 +1289,11 @@ ssize_t Process::sys$writev(int fd, const struct iovec* iov, int iov_count)
u64 total_length = 0; u64 total_length = 0;
Vector<iovec, 32> vecs; Vector<iovec, 32> vecs;
vecs.ensure_capacity(iov_count); vecs.ensure_capacity(iov_count);
for (int i = 0; i < iov_count; ++i) { copy_from_user(vecs.data(), iov, iov_count * sizeof(iovec));
void* base = iov[i].iov_base; for (auto& vec : vecs) {
size_t len = iov[i].iov_len; if (!validate_read(vec.iov_base, vec.iov_len))
if (!validate_read(base, len))
return -EFAULT; return -EFAULT;
vecs.append({ base, len }); total_length += vec.iov_len;
total_length += len;
if (total_length > INT32_MAX) if (total_length > INT32_MAX)
return -EINVAL; return -EINVAL;
} }