RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 12:07:45 +00:00
Code Issues Activity Actions

Kernel: Make copy_to/from_user safe and remove unnecessary checks

Browse source 
Since the CPU already does almost all necessary validation steps
for us, we don't really need to attempt to do this. Doing it
ourselves doesn't really work very reliably, because we'd have to
account for other processors modifying virtual memory, and we'd
have to account for e.g. pages not being able to be allocated
due to insufficient resources.

So change the copy_to/from_user (and associated helper functions)
to use the new safe_memcpy, which will return whether it succeeded
or not. The only manual validation step needed (which the CPU
can't perform for us) is making sure the pointers provided by user
mode aren't pointing to kernel mappings.

To make it easier to read/write from/to either kernel or user mode
data add the UserOrKernelBuffer helper class, which will internally
either use copy_from/to_user or directly memcpy, or pass the data
through directly using a temporary buffer on the stack.

Last but not least we need to keep syscall params trivial as we
need to copy them from/to user mode using copy_from/to_user.
This commit is contained in:
Tom 2020-09-11 21:11:07 -06:00 committed by Andreas Kling
parent 7d1b8417bd
commit c8d9f1b9c9
149 changed files with 1585 additions and 1244 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Kernel/TTY/MasterPTY.cpp
View file

@ -60,14 +60,14 @@ String MasterPTY::pts_name() const
return m_pts_name;
}
KResultOr<size_t> MasterPTY::read(FileDescription&, size_t, u8* buffer, size_t size)
KResultOr<size_t> MasterPTY::read(FileDescription&, size_t, UserOrKernelBuffer& buffer, size_t size)
{
if (!m_slave && m_buffer.is_empty())
return 0;
return m_buffer.read(buffer, size);
}
KResultOr<size_t> MasterPTY::write(FileDescription&, size_t, const u8* buffer, size_t size)
KResultOr<size_t> MasterPTY::write(FileDescription&, size_t, const UserOrKernelBuffer& buffer, size_t size)
{
if (!m_slave)
return KResult(-EIO);
@ -98,12 +98,11 @@ void MasterPTY::notify_slave_closed(Badge<SlavePTY>)
m_slave = nullptr;
}
ssize_t MasterPTY::on_slave_write(const u8* data, ssize_t size)
ssize_t MasterPTY::on_slave_write(const UserOrKernelBuffer& data, ssize_t size)
{
if (m_closed)
return -EIO;
m_buffer.write(data, size);
return size;
return m_buffer.write(data, size);
}
bool MasterPTY::can_write_from_slave() const

6
Kernel/TTY/MasterPTY.h
View file

@ -41,7 +41,7 @@ public:
unsigned index() const { return m_index; }
String pts_name() const;
ssize_t on_slave_write(const u8*, ssize_t);
ssize_t on_slave_write(const UserOrKernelBuffer&, ssize_t);
bool can_write_from_slave() const;
void notify_slave_closed(Badge<SlavePTY>);
bool is_closed() const { return m_closed; }
@ -50,8 +50,8 @@ public:
private:
// ^CharacterDevice
virtual KResultOr<size_t> read(FileDescription&, size_t, u8*, size_t) override;
virtual KResultOr<size_t> write(FileDescription&, size_t, const u8*, size_t) override;
virtual KResultOr<size_t> read(FileDescription&, size_t, UserOrKernelBuffer&, size_t) override;
virtual KResultOr<size_t> write(FileDescription&, size_t, const UserOrKernelBuffer&, size_t) override;
virtual bool can_read(const FileDescription&, size_t) const override;
virtual bool can_write(const FileDescription&, size_t) const override;
virtual KResult close() override;

4
Kernel/TTY/PTYMultiplexer.h
View file

@ -48,8 +48,8 @@ public:
// ^CharacterDevice
virtual KResultOr<NonnullRefPtr<FileDescription>> open(int options) override;
virtual KResultOr<size_t> read(FileDescription&, size_t, u8*, size_t) override { return 0; }
virtual KResultOr<size_t> write(FileDescription&, size_t, const u8*, size_t) override { return 0; }
virtual KResultOr<size_t> read(FileDescription&, size_t, UserOrKernelBuffer&, size_t) override { return 0; }
virtual KResultOr<size_t> write(FileDescription&, size_t, const UserOrKernelBuffer&, size_t) override { return 0; }
virtual bool can_read(const FileDescription&, size_t) const override { return true; }
virtual bool can_write(const FileDescription&, size_t) const override { return true; }

17
Kernel/TTY/SlavePTY.cpp
View file

@ -62,17 +62,22 @@ String SlavePTY::tty_name() const
void SlavePTY::echo(u8 ch)
{
if (should_echo_input()) {
m_master->on_slave_write(&ch, 1);
auto buffer = UserOrKernelBuffer::for_kernel_buffer(&ch);
m_master->on_slave_write(buffer, 1);
}
}
void SlavePTY::on_master_write(const u8* buffer, ssize_t size)
void SlavePTY::on_master_write(const UserOrKernelBuffer& buffer, ssize_t size)
{
for (ssize_t i = 0; i < size; ++i)
emit(buffer[i]);
ssize_t nread = buffer.read_buffered<128>(size, [&](const u8* data, size_t data_size) {
for (size_t i = 0; i < data_size; ++i)
emit(data[i]);
return (ssize_t)data_size;
});
(void)nread;
}
ssize_t SlavePTY::on_tty_write(const u8* data, ssize_t size)
ssize_t SlavePTY::on_tty_write(const UserOrKernelBuffer& data, ssize_t size)
{
m_time_of_last_write = kgettimeofday().tv_sec;
return m_master->on_slave_write(data, size);
@ -90,7 +95,7 @@ bool SlavePTY::can_read(const FileDescription& description, size_t offset) const
return TTY::can_read(description, offset);
}
KResultOr<size_t> SlavePTY::read(FileDescription& description, size_t offset, u8* buffer, size_t size)
KResultOr<size_t> SlavePTY::read(FileDescription& description, size_t offset, UserOrKernelBuffer& buffer, size_t size)
{
if (m_master->is_closed())
return 0;

6
Kernel/TTY/SlavePTY.h
View file

@ -37,7 +37,7 @@ class SlavePTY final : public TTY {
public:
virtual ~SlavePTY() override;
void on_master_write(const u8*, ssize_t);
void on_master_write(const UserOrKernelBuffer&, ssize_t);
unsigned index() const { return m_index; }
time_t time_of_last_write() const { return m_time_of_last_write; }
@ -45,12 +45,12 @@ public:
private:
// ^TTY
virtual String tty_name() const override;
virtual ssize_t on_tty_write(const u8*, ssize_t) override;
virtual ssize_t on_tty_write(const UserOrKernelBuffer&, ssize_t) override;
virtual void echo(u8) override;
// ^CharacterDevice
virtual bool can_read(const FileDescription&, size_t) const override;
virtual KResultOr<size_t> read(FileDescription&, size_t, u8*, size_t) override;
virtual KResultOr<size_t> read(FileDescription&, size_t, UserOrKernelBuffer&, size_t) override;
virtual bool can_write(const FileDescription&, size_t) const override;
virtual const char* class_name() const override { return "SlavePTY"; }
virtual KResult close() override;

71
Kernel/TTY/TTY.cpp
View file

@ -52,7 +52,7 @@ void TTY::set_default_termios()
memcpy(m_termios.c_cc, default_cc, sizeof(default_cc));
}
KResultOr<size_t> TTY::read(FileDescription&, size_t, u8* buffer, size_t size)
KResultOr<size_t> TTY::read(FileDescription&, size_t, UserOrKernelBuffer& buffer, size_t size)
{
if (Process::current()->pgid() != pgid()) {
// FIXME: Should we propigate this error path somehow?
@ -63,33 +63,40 @@ KResultOr<size_t> TTY::read(FileDescription&, size_t, u8* buffer, size_t size)
if (m_input_buffer.size() < static_cast<size_t>(size))
size = m_input_buffer.size();
ssize_t nwritten;
if (in_canonical_mode()) {
size_t i = 0;
for (; i < size; i++) {
u8 ch = m_input_buffer.dequeue();
if (ch == '\0') {
//Here we handle a ^D line, so we don't add the
//character to the output.
m_available_lines--;
break;
} else if (ch == '\n' || is_eol(ch)) {
buffer[i] = ch;
i++;
m_available_lines--;
break;
nwritten = buffer.write_buffered<512>(size, [&](u8* data, size_t data_size) {
size_t i = 0;
for (; i < data_size; i++) {
u8 ch = m_input_buffer.dequeue();
if (ch == '\0') {
//Here we handle a ^D line, so we don't add the
//character to the output.
m_available_lines--;
break;
} else if (ch == '\n' || is_eol(ch)) {
data[i] = ch;
i++;
m_available_lines--;
break;
}
data[i] = ch;
}
buffer[i] = ch;
}
return i;
return (ssize_t)i;
});
} else {
nwritten = buffer.write_buffered<512>(size, [&](u8* data, size_t data_size) {
for (size_t i = 0; i < data_size; i++)
data[i] = m_input_buffer.dequeue();
return (ssize_t)data_size;
});
}
for (size_t i = 0; i < size; i++)
buffer[i] = m_input_buffer.dequeue();
return size;
if (nwritten < 0)
return KResult(nwritten);
return (size_t)nwritten;
}
KResultOr<size_t> TTY::write(FileDescription&, size_t, const u8* buffer, size_t size)
KResultOr<size_t> TTY::write(FileDescription&, size_t, const UserOrKernelBuffer& buffer, size_t size)
{
if (Process::current()->pgid() != pgid()) {
(void)Process::current()->send_signal(SIGTTOU, nullptr);
@ -337,19 +344,17 @@ int TTY::ioctl(FileDescription&, unsigned request, FlatPtr arg)
}
case TCGETS: {
user_termios = reinterpret_cast<termios*>(arg);
if (!current_process.validate_write(user_termios, sizeof(termios)))
if (!copy_to_user(user_termios, &m_termios))
return -EFAULT;
copy_to_user(user_termios, &m_termios);
return 0;
}
case TCSETS:
case TCSETSF:
case TCSETSW: {
user_termios = reinterpret_cast<termios*>(arg);
if (!current_process.validate_read(user_termios, sizeof(termios)))
return -EFAULT;
termios termios;
copy_from_user(&termios, user_termios);
if (!copy_from_user(&termios, user_termios))
return -EFAULT;
set_termios(termios);
if (request == TCSETSF)
flush_input();
@ -365,21 +370,19 @@ int TTY::ioctl(FileDescription&, unsigned request, FlatPtr arg)
return 0;
case TIOCGWINSZ:
user_winsize = reinterpret_cast<winsize*>(arg);
if (!current_process.validate_write(user_winsize, sizeof(winsize)))
return -EFAULT;
winsize ws;
ws.ws_row = m_rows;
ws.ws_col = m_columns;
ws.ws_xpixel = 0;
ws.ws_ypixel = 0;
copy_to_user(user_winsize, &ws);
if (!copy_to_user(user_winsize, &ws))
return -EFAULT;
return 0;
case TIOCSWINSZ: {
user_winsize = reinterpret_cast<winsize*>(arg);
if (!current_process.validate_read(user_winsize, sizeof(winsize)))
return -EFAULT;
winsize ws;
copy_from_user(&ws, user_winsize);
if (!copy_from_user(&ws, user_winsize))
return -EFAULT;
if (ws.ws_col == m_columns && ws.ws_row == m_rows)
return 0;
m_rows = ws.ws_row;

6
Kernel/TTY/TTY.h
View file

@ -39,8 +39,8 @@ class TTY : public CharacterDevice {
public:
virtual ~TTY() override;
virtual KResultOr<size_t> read(FileDescription&, size_t, u8*, size_t) override;
virtual KResultOr<size_t> write(FileDescription&, size_t, const u8*, size_t) override;
virtual KResultOr<size_t> read(FileDescription&, size_t, UserOrKernelBuffer&, size_t) override;
virtual KResultOr<size_t> write(FileDescription&, size_t, const UserOrKernelBuffer&, size_t) override;
virtual bool can_read(const FileDescription&, size_t) const override;
virtual bool can_write(const FileDescription&, size_t) const override;
virtual int ioctl(FileDescription&, unsigned request, FlatPtr arg) override final;
@ -63,7 +63,7 @@ public:
void hang_up();
protected:
virtual ssize_t on_tty_write(const u8*, ssize_t) = 0;
virtual ssize_t on_tty_write(const UserOrKernelBuffer&, ssize_t) = 0;
void set_size(unsigned short columns, unsigned short rows);
TTY(unsigned major, unsigned minor);

14
Kernel/TTY/VirtualConsole.cpp
View file

@ -241,14 +241,17 @@ void VirtualConsole::on_key_pressed(KeyboardDevice::Event event)
m_terminal.handle_key_press(event.key, event.code_point, event.flags);
}
ssize_t VirtualConsole::on_tty_write(const u8* data, ssize_t size)
ssize_t VirtualConsole::on_tty_write(const UserOrKernelBuffer& data, ssize_t size)
{
ScopedSpinLock lock(s_lock);
for (ssize_t i = 0; i < size; ++i)
m_terminal.on_input(data[i]);
ssize_t nread = data.read_buffered<512>((size_t)size, [&](const u8* buffer, size_t buffer_bytes) {
for (size_t i = 0; i < buffer_bytes; ++i)
m_terminal.on_input(buffer[i]);
return (ssize_t)buffer_bytes;
});
if (m_active)
flush_dirty_lines();
return size;
return nread;
}
void VirtualConsole::set_vga_start_row(u16 row)
@ -336,7 +339,8 @@ void VirtualConsole::emit(const u8* data, size_t size)
void VirtualConsole::echo(u8 ch)
{
if (should_echo_input()) {
on_tty_write(&ch, 1);
auto buffer = UserOrKernelBuffer::for_kernel_buffer(&ch);
on_tty_write(buffer, 1);
}
}

2
Kernel/TTY/VirtualConsole.h
View file

@ -54,7 +54,7 @@ private:
virtual void on_key_pressed(KeyboardDevice::Event) override;
// ^TTY
virtual ssize_t on_tty_write(const u8*, ssize_t) override;
virtual ssize_t on_tty_write(const UserOrKernelBuffer&, ssize_t) override;
virtual String tty_name() const override { return m_tty_name; }
virtual void echo(u8) override;