mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-20 09:49:15 +03:00
Kernel: Remove SmapDisabler in sys$ioctl()
Use copy_{to,from}_user() in the various File::ioctl() implementations instead of disabling SMAP wholesale in sys$ioctl(). This patch does not port IPv4Socket::ioctl() to those API's since that will be more involved. That function now creates a local SmapDisabler.
This commit is contained in:
parent
be7add690d
commit
292cd53192
Notes:
sideshowbarker
2024-07-19 04:27:08 +09:00
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/292cd53192e
@ -26,11 +26,11 @@
|
|||||||
|
|
||||||
#include <AK/Checked.h>
|
#include <AK/Checked.h>
|
||||||
#include <Kernel/Devices/BXVGADevice.h>
|
#include <Kernel/Devices/BXVGADevice.h>
|
||||||
|
#include <Kernel/IO.h>
|
||||||
#include <Kernel/PCI/Access.h>
|
#include <Kernel/PCI/Access.h>
|
||||||
#include <Kernel/Process.h>
|
#include <Kernel/Process.h>
|
||||||
#include <Kernel/VM/AnonymousVMObject.h>
|
#include <Kernel/VM/AnonymousVMObject.h>
|
||||||
#include <Kernel/VM/MemoryManager.h>
|
#include <Kernel/VM/MemoryManager.h>
|
||||||
#include <Kernel/IO.h>
|
|
||||||
#include <LibC/errno_numbers.h>
|
#include <LibC/errno_numbers.h>
|
||||||
#include <LibC/sys/ioctl_numbers.h>
|
#include <LibC/sys/ioctl_numbers.h>
|
||||||
|
|
||||||
@ -200,14 +200,16 @@ int BXVGADevice::ioctl(FileDescription&, unsigned request, FlatPtr arg)
|
|||||||
auto* out = (size_t*)arg;
|
auto* out = (size_t*)arg;
|
||||||
if (!Process::current()->validate_write_typed(out))
|
if (!Process::current()->validate_write_typed(out))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
*out = framebuffer_size_in_bytes();
|
size_t value = framebuffer_size_in_bytes();
|
||||||
|
copy_to_user(out, &value);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
case FB_IOCTL_GET_BUFFER: {
|
case FB_IOCTL_GET_BUFFER: {
|
||||||
auto* index = (int*)arg;
|
auto* index = (int*)arg;
|
||||||
if (!Process::current()->validate_write_typed(index))
|
if (!Process::current()->validate_write_typed(index))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
*index = m_y_offset == 0 ? 0 : 1;
|
int value = m_y_offset == 0 ? 0 : 1;
|
||||||
|
copy_to_user(index, &value);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
case FB_IOCTL_SET_BUFFER: {
|
case FB_IOCTL_SET_BUFFER: {
|
||||||
@ -217,35 +219,42 @@ int BXVGADevice::ioctl(FileDescription&, unsigned request, FlatPtr arg)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
case FB_IOCTL_GET_RESOLUTION: {
|
case FB_IOCTL_GET_RESOLUTION: {
|
||||||
auto* resolution = (FBResolution*)arg;
|
auto* user_resolution = (FBResolution*)arg;
|
||||||
if (!Process::current()->validate_write_typed(resolution))
|
if (!Process::current()->validate_write_typed(user_resolution))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
resolution->pitch = m_framebuffer_pitch;
|
FBResolution resolution;
|
||||||
resolution->width = m_framebuffer_width;
|
resolution.pitch = m_framebuffer_pitch;
|
||||||
resolution->height = m_framebuffer_height;
|
resolution.width = m_framebuffer_width;
|
||||||
|
resolution.height = m_framebuffer_height;
|
||||||
|
copy_to_user(user_resolution, &resolution);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
case FB_IOCTL_SET_RESOLUTION: {
|
case FB_IOCTL_SET_RESOLUTION: {
|
||||||
auto* resolution = (FBResolution*)arg;
|
auto* user_resolution = (FBResolution*)arg;
|
||||||
if (!Process::current()->validate_read_typed(resolution) || !Process::current()->validate_write_typed(resolution))
|
if (!Process::current()->validate_write_typed(user_resolution))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
if (resolution->width > MAX_RESOLUTION_WIDTH || resolution->height > MAX_RESOLUTION_HEIGHT)
|
FBResolution resolution;
|
||||||
|
if (!Process::current()->validate_read_and_copy_typed(&resolution, user_resolution))
|
||||||
|
return -EFAULT;
|
||||||
|
if (resolution.width > MAX_RESOLUTION_WIDTH || resolution.height > MAX_RESOLUTION_HEIGHT)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
if (!set_resolution(resolution->width, resolution->height)) {
|
if (!set_resolution(resolution.width, resolution.height)) {
|
||||||
#ifdef BXVGA_DEBUG
|
#ifdef BXVGA_DEBUG
|
||||||
dbg() << "Reverting Resolution: [" << m_framebuffer_width << "x" << m_framebuffer_height << "]";
|
dbg() << "Reverting Resolution: [" << m_framebuffer_width << "x" << m_framebuffer_height << "]";
|
||||||
#endif
|
#endif
|
||||||
resolution->pitch = m_framebuffer_pitch;
|
resolution.pitch = m_framebuffer_pitch;
|
||||||
resolution->width = m_framebuffer_width;
|
resolution.width = m_framebuffer_width;
|
||||||
resolution->height = m_framebuffer_height;
|
resolution.height = m_framebuffer_height;
|
||||||
|
copy_to_user(user_resolution, &resolution);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
#ifdef BXVGA_DEBUG
|
#ifdef BXVGA_DEBUG
|
||||||
dbg() << "New resolution: [" << m_framebuffer_width << "x" << m_framebuffer_height << "]";
|
dbg() << "New resolution: [" << m_framebuffer_width << "x" << m_framebuffer_height << "]";
|
||||||
#endif
|
#endif
|
||||||
resolution->pitch = m_framebuffer_pitch;
|
resolution.pitch = m_framebuffer_pitch;
|
||||||
resolution->width = m_framebuffer_width;
|
resolution.width = m_framebuffer_width;
|
||||||
resolution->height = m_framebuffer_height;
|
resolution.height = m_framebuffer_height;
|
||||||
|
copy_to_user(user_resolution, &resolution);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
|
@ -81,32 +81,38 @@ int MBVGADevice::ioctl(FileDescription&, unsigned request, FlatPtr arg)
|
|||||||
auto* out = (size_t*)arg;
|
auto* out = (size_t*)arg;
|
||||||
if (!Process::current()->validate_write_typed(out))
|
if (!Process::current()->validate_write_typed(out))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
*out = framebuffer_size_in_bytes();
|
size_t value = framebuffer_size_in_bytes();
|
||||||
|
copy_to_user(out, &value);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
case FB_IOCTL_GET_BUFFER: {
|
case FB_IOCTL_GET_BUFFER: {
|
||||||
auto* index = (int*)arg;
|
auto* index = (int*)arg;
|
||||||
if (!Process::current()->validate_write_typed(index))
|
if (!Process::current()->validate_write_typed(index))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
*index = 0;
|
int value = 0;
|
||||||
|
copy_to_user(index, &value);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
case FB_IOCTL_GET_RESOLUTION: {
|
case FB_IOCTL_GET_RESOLUTION: {
|
||||||
auto* resolution = (FBResolution*)arg;
|
auto* user_resolution = (FBResolution*)arg;
|
||||||
if (!Process::current()->validate_write_typed(resolution))
|
if (!Process::current()->validate_write_typed(user_resolution))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
resolution->pitch = m_framebuffer_pitch;
|
FBResolution resolution;
|
||||||
resolution->width = m_framebuffer_width;
|
resolution.pitch = m_framebuffer_pitch;
|
||||||
resolution->height = m_framebuffer_height;
|
resolution.width = m_framebuffer_width;
|
||||||
|
resolution.height = m_framebuffer_height;
|
||||||
|
copy_to_user(user_resolution, &resolution);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
case FB_IOCTL_SET_RESOLUTION: {
|
case FB_IOCTL_SET_RESOLUTION: {
|
||||||
auto* resolution = (FBResolution*)arg;
|
auto* user_resolution = (FBResolution*)arg;
|
||||||
if (!Process::current()->validate_read_typed(resolution) || !Process::current()->validate_write_typed(resolution))
|
if (!Process::current()->validate_read_typed(user_resolution) || !Process::current()->validate_write_typed(user_resolution))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
resolution->pitch = m_framebuffer_pitch;
|
FBResolution resolution;
|
||||||
resolution->width = m_framebuffer_width;
|
resolution.pitch = m_framebuffer_pitch;
|
||||||
resolution->height = m_framebuffer_height;
|
resolution.width = m_framebuffer_width;
|
||||||
|
resolution.height = m_framebuffer_height;
|
||||||
|
copy_to_user(user_resolution, &resolution);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
|
@ -466,6 +466,8 @@ int IPv4Socket::ioctl(FileDescription&, unsigned request, FlatPtr arg)
|
|||||||
{
|
{
|
||||||
REQUIRE_PROMISE(inet);
|
REQUIRE_PROMISE(inet);
|
||||||
|
|
||||||
|
SmapDisabler disabler;
|
||||||
|
|
||||||
auto ioctl_route = [request, arg]() {
|
auto ioctl_route = [request, arg]() {
|
||||||
auto* route = (rtentry*)arg;
|
auto* route = (rtentry*)arg;
|
||||||
if (!Process::current()->validate_read_typed(route))
|
if (!Process::current()->validate_read_typed(route))
|
||||||
|
@ -34,7 +34,6 @@ int Process::sys$ioctl(int fd, unsigned request, FlatPtr arg)
|
|||||||
auto description = file_description(fd);
|
auto description = file_description(fd);
|
||||||
if (!description)
|
if (!description)
|
||||||
return -EBADF;
|
return -EBADF;
|
||||||
SmapDisabler disabler;
|
|
||||||
return description->file().ioctl(*description, request, arg);
|
return description->file().ioctl(*description, request, arg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -284,8 +284,8 @@ int TTY::ioctl(FileDescription&, unsigned request, FlatPtr arg)
|
|||||||
REQUIRE_PROMISE(tty);
|
REQUIRE_PROMISE(tty);
|
||||||
auto& current_process = *Process::current();
|
auto& current_process = *Process::current();
|
||||||
pid_t pgid;
|
pid_t pgid;
|
||||||
termios* tp;
|
termios* user_termios;
|
||||||
winsize* ws;
|
winsize* user_winsize;
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
// FIXME: When should we block things?
|
// FIXME: When should we block things?
|
||||||
@ -313,22 +313,26 @@ int TTY::ioctl(FileDescription&, unsigned request, FlatPtr arg)
|
|||||||
}
|
}
|
||||||
m_pgid = pgid;
|
m_pgid = pgid;
|
||||||
return 0;
|
return 0;
|
||||||
case TCGETS:
|
case TCGETS: {
|
||||||
tp = reinterpret_cast<termios*>(arg);
|
user_termios = reinterpret_cast<termios*>(arg);
|
||||||
if (!current_process.validate_write(tp, sizeof(termios)))
|
if (!current_process.validate_write(user_termios, sizeof(termios)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
*tp = m_termios;
|
copy_to_user(user_termios, &m_termios);
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
case TCSETS:
|
case TCSETS:
|
||||||
case TCSETSF:
|
case TCSETSF:
|
||||||
case TCSETSW:
|
case TCSETSW: {
|
||||||
tp = reinterpret_cast<termios*>(arg);
|
user_termios = reinterpret_cast<termios*>(arg);
|
||||||
if (!current_process.validate_read(tp, sizeof(termios)))
|
if (!current_process.validate_read(user_termios, sizeof(termios)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
set_termios(*tp);
|
termios termios;
|
||||||
|
copy_from_user(&termios, user_termios);
|
||||||
|
set_termios(termios);
|
||||||
if (request == TCSETSF)
|
if (request == TCSETSF)
|
||||||
flush_input();
|
flush_input();
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
case TCFLSH:
|
case TCFLSH:
|
||||||
// Serenity's TTY implementation does not use an output buffer, so ignore TCOFLUSH.
|
// Serenity's TTY implementation does not use an output buffer, so ignore TCOFLUSH.
|
||||||
if (arg == TCIFLUSH || arg == TCIOFLUSH) {
|
if (arg == TCIFLUSH || arg == TCIOFLUSH) {
|
||||||
@ -338,22 +342,29 @@ int TTY::ioctl(FileDescription&, unsigned request, FlatPtr arg)
|
|||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
case TIOCGWINSZ:
|
case TIOCGWINSZ:
|
||||||
ws = reinterpret_cast<winsize*>(arg);
|
user_winsize = reinterpret_cast<winsize*>(arg);
|
||||||
if (!current_process.validate_write(ws, sizeof(winsize)))
|
if (!current_process.validate_write(user_winsize, sizeof(winsize)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
ws->ws_row = m_rows;
|
winsize ws;
|
||||||
ws->ws_col = m_columns;
|
ws.ws_row = m_rows;
|
||||||
|
ws.ws_col = m_columns;
|
||||||
|
ws.ws_xpixel = 0;
|
||||||
|
ws.ws_ypixel = 0;
|
||||||
|
copy_to_user(user_winsize, &ws);
|
||||||
return 0;
|
return 0;
|
||||||
case TIOCSWINSZ:
|
case TIOCSWINSZ: {
|
||||||
ws = reinterpret_cast<winsize*>(arg);
|
user_winsize = reinterpret_cast<winsize*>(arg);
|
||||||
if (!current_process.validate_read(ws, sizeof(winsize)))
|
if (!current_process.validate_read(user_winsize, sizeof(winsize)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
if (ws->ws_col == m_columns && ws->ws_row == m_rows)
|
winsize ws;
|
||||||
|
copy_from_user(&ws, user_winsize);
|
||||||
|
if (ws.ws_col == m_columns && ws.ws_row == m_rows)
|
||||||
return 0;
|
return 0;
|
||||||
m_rows = ws->ws_row;
|
m_rows = ws.ws_row;
|
||||||
m_columns = ws->ws_col;
|
m_columns = ws.ws_col;
|
||||||
generate_signal(SIGWINCH);
|
generate_signal(SIGWINCH);
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
case TIOCSCTTY:
|
case TIOCSCTTY:
|
||||||
current_process.set_tty(this);
|
current_process.set_tty(this);
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user