mirror of
https://github.com/RGBCube/serenity
synced 2025-05-31 06:48:12 +00:00
Kernel: Make copy_to/from_user safe and remove unnecessary checks
Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
This commit is contained in:
Tom
Andreas Kling
parent
7d1b8417bd
commit
c8d9f1b9c9
149 changed files with 1585 additions and 1244 deletions
|
|
@ -222,7 +222,7 @@ inline constexpr const char* to_string(Function function)
|
|||
|
||||
#ifdef __serenity__
|
||||
struct StringArgument {
|
||||
Userspace<const char*> characters;
|
||||
const char* characters;
|
||||
size_t length { 0 };
|
||||
};
|
||||
|
||||
|
|
@ -239,7 +239,7 @@ struct ImmutableBufferArgument {
|
|||
};
|
||||
|
||||
struct StringListArgument {
|
||||
Userspace<StringArgument*> strings {};
|
||||
StringArgument* strings {};
|
||||
size_t length { 0 };
|
||||
};
|
||||
|
||||
|
|
@ -273,22 +273,22 @@ struct SC_select_params {
|
|||
struct SC_poll_params {
|
||||
struct pollfd* fds;
|
||||
unsigned nfds;
|
||||
Userspace<const struct timespec*> timeout;
|
||||
Userspace<const u32*> sigmask;
|
||||
const struct timespec* timeout;
|
||||
const u32* sigmask;
|
||||
};
|
||||
|
||||
struct SC_clock_nanosleep_params {
|
||||
int clock_id;
|
||||
int flags;
|
||||
Userspace<const struct timespec*> requested_sleep;
|
||||
Userspace<struct timespec*> remaining_sleep;
|
||||
const struct timespec* requested_sleep;
|
||||
struct timespec* remaining_sleep;
|
||||
};
|
||||
|
||||
struct SC_sendto_params {
|
||||
int sockfd;
|
||||
ImmutableBufferArgument<void, size_t> data;
|
||||
int flags;
|
||||
Userspace<const sockaddr*> addr;
|
||||
const sockaddr* addr;
|
||||
socklen_t addr_length;
|
||||
};
|
||||
|
||||
|
|
@ -296,50 +296,50 @@ struct SC_recvfrom_params {
|
|||
int sockfd;
|
||||
MutableBufferArgument<void, size_t> buffer;
|
||||
int flags;
|
||||
Userspace<sockaddr*> addr;
|
||||
Userspace<socklen_t*> addr_length;
|
||||
sockaddr* addr;
|
||||
socklen_t* addr_length;
|
||||
};
|
||||
|
||||
struct SC_getsockopt_params {
|
||||
int sockfd;
|
||||
int level;
|
||||
int option;
|
||||
Userspace<void*> value;
|
||||
Userspace<socklen_t*> value_size;
|
||||
void* value;
|
||||
socklen_t* value_size;
|
||||
};
|
||||
|
||||
struct SC_setsockopt_params {
|
||||
int sockfd;
|
||||
int level;
|
||||
int option;
|
||||
Userspace<const void*> value;
|
||||
const void* value;
|
||||
socklen_t value_size;
|
||||
};
|
||||
|
||||
struct SC_getsockname_params {
|
||||
int sockfd;
|
||||
Userspace<sockaddr*> addr;
|
||||
Userspace<socklen_t*> addrlen;
|
||||
sockaddr* addr;
|
||||
socklen_t* addrlen;
|
||||
};
|
||||
|
||||
struct SC_getpeername_params {
|
||||
int sockfd;
|
||||
Userspace<sockaddr*> addr;
|
||||
Userspace<socklen_t*> addrlen;
|
||||
sockaddr* addr;
|
||||
socklen_t* addrlen;
|
||||
};
|
||||
|
||||
struct SC_futex_params {
|
||||
Userspace<const i32*> userspace_address;
|
||||
const i32* userspace_address;
|
||||
int futex_op;
|
||||
i32 val;
|
||||
Userspace<const timespec*> timeout;
|
||||
const timespec* timeout;
|
||||
};
|
||||
|
||||
struct SC_setkeymap_params {
|
||||
Userspace<const u32*> map;
|
||||
Userspace<const u32*> shift_map;
|
||||
Userspace<const u32*> alt_map;
|
||||
Userspace<const u32*> altgr_map;
|
||||
const u32* map;
|
||||
const u32* shift_map;
|
||||
const u32* alt_map;
|
||||
const u32* altgr_map;
|
||||
StringArgument map_name;
|
||||
};
|
||||
|
||||
|
|
@ -354,7 +354,7 @@ struct SC_create_thread_params {
|
|||
unsigned int m_guard_page_size = 0; // Rounded up to PAGE_SIZE
|
||||
unsigned int m_reported_guard_page_size = 0; // The lie we tell callers
|
||||
unsigned int m_stack_size = 4 * MiB; // Default PTHREAD_STACK_MIN
|
||||
Userspace<void*> m_stack_location; // nullptr means any, o.w. process virtual address
|
||||
void* m_stack_location; // nullptr means any, o.w. process virtual address
|
||||
};
|
||||
|
||||
struct SC_realpath_params {
|
||||
|
|
@ -426,26 +426,26 @@ struct SC_unveil_params {
|
|||
struct SC_waitid_params {
|
||||
int idtype;
|
||||
int id;
|
||||
Userspace<struct siginfo*> infop;
|
||||
struct siginfo* infop;
|
||||
int options;
|
||||
};
|
||||
|
||||
struct SC_stat_params {
|
||||
StringArgument path;
|
||||
Userspace<struct stat*> statbuf;
|
||||
struct stat* statbuf;
|
||||
bool follow_symlinks;
|
||||
};
|
||||
|
||||
struct SC_ptrace_params {
|
||||
int request;
|
||||
pid_t tid;
|
||||
Userspace<u8*> addr;
|
||||
u8* addr;
|
||||
int data;
|
||||
};
|
||||
|
||||
struct SC_ptrace_peek_params {
|
||||
Userspace<const u32*> address;
|
||||
Userspace<u32*> out_data;
|
||||
const u32* address;
|
||||
u32* out_data;
|
||||
};
|
||||
|
||||
void initialize();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue