From d0ac24ddbfc548dff56c382b3faafc65b4361242 Mon Sep 17 00:00:00 2001 From: Pankaj Raghav Date: Fri, 24 Mar 2023 09:59:28 +0100 Subject: [PATCH] Kernel/Syscalls: Use copy_n_to_user when applicable copy_to_user() with bytes as the last argument could be changed to using copy_n_to_user() with a count. --- Kernel/Syscalls/getuid.cpp | 2 +- Kernel/Syscalls/keymap.cpp | 10 +++++----- Kernel/Syscalls/pipe.cpp | 3 ++- Kernel/Syscalls/poll.cpp | 2 +- Kernel/Syscalls/socket.cpp | 2 +- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/Kernel/Syscalls/getuid.cpp b/Kernel/Syscalls/getuid.cpp index a94d1e974a..3851b9c706 100644 --- a/Kernel/Syscalls/getuid.cpp +++ b/Kernel/Syscalls/getuid.cpp @@ -83,7 +83,7 @@ ErrorOr Process::sys$getgroups(size_t count, Userspace user_g return credentials->extra_gids().size(); if (count != credentials->extra_gids().size()) return EINVAL; - TRY(copy_to_user(user_gids, credentials->extra_gids().data(), sizeof(GroupID) * count)); + TRY(copy_n_to_user(user_gids, credentials->extra_gids().data(), count)); return 0; } diff --git a/Kernel/Syscalls/keymap.cpp b/Kernel/Syscalls/keymap.cpp index b3561d12ca..422bcc655d 100644 --- a/Kernel/Syscalls/keymap.cpp +++ b/Kernel/Syscalls/keymap.cpp @@ -50,11 +50,11 @@ ErrorOr Process::sys$getkeymap(Userspacecharacters(), keymap_data.character_map_name->length())); auto const& character_maps = keymap_data.character_map; - TRY(copy_to_user(params.map, character_maps.map, CHAR_MAP_SIZE * sizeof(u32))); - TRY(copy_to_user(params.shift_map, character_maps.shift_map, CHAR_MAP_SIZE * sizeof(u32))); - TRY(copy_to_user(params.alt_map, character_maps.alt_map, CHAR_MAP_SIZE * sizeof(u32))); - TRY(copy_to_user(params.altgr_map, character_maps.altgr_map, CHAR_MAP_SIZE * sizeof(u32))); - TRY(copy_to_user(params.shift_altgr_map, character_maps.shift_altgr_map, CHAR_MAP_SIZE * sizeof(u32))); + TRY(copy_n_to_user(params.map, character_maps.map, CHAR_MAP_SIZE)); + TRY(copy_n_to_user(params.shift_map, character_maps.shift_map, CHAR_MAP_SIZE)); + TRY(copy_n_to_user(params.alt_map, character_maps.alt_map, CHAR_MAP_SIZE)); + TRY(copy_n_to_user(params.altgr_map, character_maps.altgr_map, CHAR_MAP_SIZE)); + TRY(copy_n_to_user(params.shift_altgr_map, character_maps.shift_altgr_map, CHAR_MAP_SIZE)); return 0; }); } diff --git a/Kernel/Syscalls/pipe.cpp b/Kernel/Syscalls/pipe.cpp index 5c164e4737..74dc6e100e 100644 --- a/Kernel/Syscalls/pipe.cpp +++ b/Kernel/Syscalls/pipe.cpp @@ -43,7 +43,8 @@ ErrorOr Process::sys$pipe(Userspace pipefd, int flags) reader_fd_allocation.fd, writer_fd_allocation.fd, }; - if (copy_to_user(pipefd, fds_for_userspace, sizeof(fds_for_userspace)).is_error()) { + if (copy_n_to_user(pipefd, fds_for_userspace, 2).is_error()) { + // Avoid leaking both file descriptors on error. fds[reader_fd_allocation.fd] = {}; fds[writer_fd_allocation.fd] = {}; return EFAULT; diff --git a/Kernel/Syscalls/poll.cpp b/Kernel/Syscalls/poll.cpp index 3deec7e1ec..86a93e621c 100644 --- a/Kernel/Syscalls/poll.cpp +++ b/Kernel/Syscalls/poll.cpp @@ -131,7 +131,7 @@ ErrorOr Process::sys$poll(Userspace use } if (params.nfds > 0) - TRY(copy_to_user(¶ms.fds[0], fds_copy.data(), params.nfds * sizeof(pollfd))); + TRY(copy_n_to_user(¶ms.fds[0], fds_copy.data(), params.nfds)); return fds_with_revents; } diff --git a/Kernel/Syscalls/socket.cpp b/Kernel/Syscalls/socket.cpp index 95f97ed99b..fb2b521d6c 100644 --- a/Kernel/Syscalls/socket.cpp +++ b/Kernel/Syscalls/socket.cpp @@ -428,7 +428,7 @@ ErrorOr Process::sys$socketpair(Userspace