mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-13 11:42:38 +03:00
f7b394e9a1
This will panic the kernel immediately if these functions are misused
so we can catch it and fix the misuse.
This patch fixes a couple of misuses:
- create_signal_trampolines() writes to a user-accessible page
above the 3GB address mark. We should really get rid of this
page but that's a whole other thing.
- CoW faults need to use copy_from_user rather than copy_to_user
since it's the *source* pointer that points to user memory.
- Inode faults need to use memcpy rather than copy_to_user since
we're copying a kernel stack buffer into a quickmapped page.
This should make the copy_to/from_user() functions slightly less useful
for exploitation. Before this, they were essentially just glorified
memcpy() with SMAP disabled. :^)
|
||
|---|---|---|
| .. | ||
| AnonymousVMObject.cpp | ||
| AnonymousVMObject.h | ||
| InodeVMObject.cpp | ||
| InodeVMObject.h | ||
| MemoryManager.cpp | ||
| MemoryManager.h | ||
| PageDirectory.cpp | ||
| PageDirectory.h | ||
| PhysicalAddress.h | ||
| PhysicalPage.cpp | ||
| PhysicalPage.h | ||
| PhysicalRegion.cpp | ||
| PhysicalRegion.h | ||
| PurgeableVMObject.cpp | ||
| PurgeableVMObject.h | ||
| RangeAllocator.cpp | ||
| RangeAllocator.h | ||
| Region.cpp | ||
| Region.h | ||
| VirtualAddress.h | ||
| VMObject.cpp | ||
| VMObject.h | ||