From e510c41fd2b26bacc197b200d309c09a4a6ecf2c Mon Sep 17 00:00:00 2001 From: Ben Wiederhake Date: Sat, 13 Feb 2021 11:33:28 +0100 Subject: [PATCH] Kernel: Prevent using copy_from_user() for timespec/timeval These structs can be inconsistent, for example if the amount of microseconds is negative or larger than 1'000'000. Therefore, they should not be copied as-is. Use copy_time_from_user instead. --- AK/Forward.h | 2 ++ Kernel/StdLib.h | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/AK/Forward.h b/AK/Forward.h index 2135a48836..dd4bf6dc7f 100644 --- a/AK/Forward.h +++ b/AK/Forward.h @@ -43,6 +43,7 @@ class String; class StringBuilder; class StringImpl; class StringView; +class Time; class URL; class FlyString; class Utf32View; @@ -175,6 +176,7 @@ using AK::String; using AK::StringBuilder; using AK::StringImpl; using AK::StringView; +using AK::Time; using AK::Traits; using AK::URL; using AK::Utf32View; diff --git a/Kernel/StdLib.h b/Kernel/StdLib.h index 129cb1d470..c00447b8b1 100644 --- a/Kernel/StdLib.h +++ b/Kernel/StdLib.h @@ -102,6 +102,26 @@ template return copy_from_user(dest, src.unsafe_userspace_ptr(), sizeof(T)); } +#define DEPRECATE_COPY_FROM_USER_TYPE(T, REPLACEMENT) \ + template<> \ + [[nodiscard]] inline __attribute__((deprecated("use " #REPLACEMENT " instead"))) bool copy_from_user(T*, const T*) \ + { \ + VERIFY_NOT_REACHED(); \ + } \ + template<> \ + [[nodiscard]] inline __attribute__((deprecated("use " #REPLACEMENT " instead"))) bool copy_from_user(T*, Userspace) \ + { \ + VERIFY_NOT_REACHED(); \ + } \ + template<> \ + [[nodiscard]] inline __attribute__((deprecated("use " #REPLACEMENT " instead"))) bool copy_from_user(T*, Userspace) \ + { \ + VERIFY_NOT_REACHED(); \ + } + +DEPRECATE_COPY_FROM_USER_TYPE(timespec, copy_time_from_user) +DEPRECATE_COPY_FROM_USER_TYPE(timeval, copy_time_from_user) + template [[nodiscard]] inline bool copy_to_user(Userspace dest, const T* src) {