ladybird/Kernel
Ben Wiederhake fbb85f9b2f Kernel: Refuse excessively long iovec list, also in readv
This bug is a good example why copy-paste code should eventually be eliminated
from the code base: Apparently the code was copied from read.cpp before
c6027ed7cc, so the same bug got introduced here.

To recap: A malicious program can ask the Kernel to prepare sys-ing to
a huge amount of iovecs. The Kernel must first copy all the vector locations
into 'vecs', and before that allocates an arbitrary amount of memory:
    vecs.resize(iov_count);
This can cause Kernel memory exhaustion, triggered by any malicious userland
program.
2021-02-15 22:09:01 +01:00
..
ACPI Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) 2021-02-08 18:08:55 +01:00
API Kernel: Handle 'Menu' key on PS/2 keyboard 2021-02-15 19:37:14 +01:00
Arch Kernel: Mark a handful of things in CPU.cpp as READONLY_AFTER_INIT 2021-02-14 18:12:00 +01:00
Devices Kernel: Handle 'Menu' key on PS/2 keyboard 2021-02-15 19:37:14 +01:00
FileSystem Kernel: Add WaitQueue::wait_forever and it use it for all infinite waits. 2021-02-15 08:28:57 +01:00
Heap Kernel: Mark a handful of things in kmalloc.cpp as READONLY_AFTER_INIT 2021-02-14 18:12:00 +01:00
Interrupts Kernel: Avoid some un-necessary copies coming from range based for loops 2021-02-15 15:25:23 +01:00
Modules Kernel: Module symbol declarations for type-checking 2020-08-12 20:40:59 +02:00
Net Kernel+LibC: Stub out SO_{SND_RCV}BUF 2021-02-15 17:32:56 +01:00
PCI Kernel: Assert if rounding-up-to-page-size would wrap around to 0 2021-02-14 10:01:50 +01:00
Storage Kernel: Assert if rounding-up-to-page-size would wrap around to 0 2021-02-14 10:01:50 +01:00
Syscalls Kernel: Refuse excessively long iovec list, also in readv 2021-02-15 22:09:01 +01:00
Tasks Kernel: Ignore unobserved BlockResult from Thread::Sleep 2021-02-15 08:28:57 +01:00
Time Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) 2021-02-08 18:08:55 +01:00
TTY Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) 2021-02-08 18:08:55 +01:00
VM Kernel: Avoid some un-necessary copies coming from range based for loops 2021-02-15 15:25:23 +01:00
.gitignore Meta: Expect sync-local.sh script at repository root 2021-01-30 09:18:46 +01:00
AddressSanitizer.cpp Kernel: Initial integration of Kernel Address Sanitizer (KASAN) 2021-02-15 11:41:53 +01:00
AddressSanitizer.h Kernel: Initial integration of Kernel Address Sanitizer (KASAN) 2021-02-15 11:41:53 +01:00
Assertions.h Everywhere: Switch from (void) to [[maybe_unused]] (#4473) 2020-12-21 00:09:48 +01:00
CMakeLists.txt Meta: Make it possible to (somewhat) build the system inside Serenity 2021-02-15 17:32:56 +01:00
CMOS.cpp Kernel: Absorb LibBareMetal back into the kernel 2020-05-16 12:00:04 +02:00
CMOS.h Meta: Add license header to source files 2020-01-18 09:45:54 +01:00
CommandLine.cpp Meta+Kernel: Make clang-format-10 clean 2020-09-25 21:18:17 +02:00
CommandLine.h Kernel: Copy command line to a safe place 2020-08-25 09:48:48 +02:00
Console.cpp Kernel+LibC: Turn errno codes into a strongly typed enum 2021-01-20 23:20:02 +01:00
Console.h Kernel: Make device generate their own names 2021-01-22 22:17:39 +01:00
CoreDump.cpp Kernel: Reorganize ptrace implementation a bit 2021-02-08 19:34:41 +01:00
CoreDump.h Kernel: Embed a Metadata notes entry in coredumps 2020-12-30 16:28:27 +01:00
Debug.h.in Kernel: Add NE2000 network card driver 2021-02-05 09:35:02 +01:00
DMI.cpp Kernel: Set file size for smbios_entry_point and DMI blobs in ProcFS 2021-02-01 17:13:23 +01:00
DMI.h Kernel: Set file size for smbios_entry_point and DMI blobs in ProcFS 2021-02-01 17:13:23 +01:00
DoubleBuffer.cpp Kernel: Merge PurgeableVMObject into AnonymousVMObject 2021-01-01 23:43:44 +01:00
DoubleBuffer.h Kernel: Move block condition evaluation out of the Scheduler 2020-11-30 13:17:02 +01:00
Forward.h Kernel: Factor address space management out of the Process class 2021-02-08 18:27:28 +01:00
FutexQueue.cpp Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) 2021-02-08 18:08:55 +01:00
FutexQueue.h Kernel: Some futex improvements 2021-01-17 20:30:31 +01:00
init.cpp Kernel: Mark a handful of things in init.cpp as READONLY_AFTER_INIT 2021-02-14 18:12:00 +01:00
IO.h Kernel: Convert a bunch of String::format() => String::formatted() 2021-01-11 22:07:01 +01:00
KBuffer.h Kernel: Mark KBuffer and its getters as [[nodiscard]] 2021-02-15 09:34:52 +01:00
KBufferBuilder.cpp Kernel: Assert if rounding-up-to-page-size would wrap around to 0 2021-02-14 10:01:50 +01:00
KBufferBuilder.h Kernel: Convert all *Builder::appendf() => appendff() 2021-02-09 19:18:13 +01:00
kprintf.cpp Everywhere: Replace a bundle of dbg with dbgln. 2021-01-09 21:11:09 +01:00
KResult.h Kernel: Mark KResult getters as [[nodiscard]] 2021-02-15 09:34:52 +01:00
kstdio.h LibC: Enable compiler warnings for printf format strings 2020-12-26 10:05:50 +01:00
KSyms.cpp Everywhere: Remove some bitrotted "#if 0" blocks 2021-02-03 11:17:47 +01:00
KSyms.h Kernel: Update cryptically-named functions related to symbolication 2020-04-08 17:19:46 +02:00
linker.ld Kernel: Add mechanism to make some memory read-only after init finishes 2021-02-14 18:11:32 +01:00
Lock.cpp Kernel: Add WaitQueue::wait_forever and it use it for all infinite waits. 2021-02-15 08:28:57 +01:00
Lock.h Kernel: Mark Lock getters as [[nodiscard]] 2021-02-15 09:34:52 +01:00
LockMode.h Kernel: Fix Lock race causing infinite spinning between two threads 2020-12-16 23:38:17 +01:00
mkmap.sh Build: Switch to CMake :^) 2020-05-14 20:15:18 +02:00
Module.h Kernel: Move all code into the Kernel namespace 2020-02-16 01:27:42 +01:00
Multiboot.h Kernel: Parse boot modules from Multiboot specification 2021-01-22 22:17:39 +01:00
Panic.cpp Kernel: Add a PANIC() function 2021-02-14 09:36:58 +01:00
Panic.h Kernel: Add a PANIC() function 2021-02-14 09:36:58 +01:00
PerformanceEventBuffer.cpp Kernel: Factor address space management out of the Process class 2021-02-08 18:27:28 +01:00
PerformanceEventBuffer.h Kernel: Prune uninteresting kernel frames from profiling samples 2021-01-17 14:36:53 +01:00
PhysicalAddress.h Kernel: Mark PhysicalAddress/VirtualAddress getters as [[nodiscard]] 2021-02-15 09:34:52 +01:00
Process.cpp Kernel: Mark a handful of things in Process.cpp READONLY_AFTER_INIT 2021-02-14 18:12:00 +01:00
Process.h Kernel+LibC: Implement readv 2021-02-15 17:32:56 +01:00
ProcessGroup.cpp Kernel: Move block condition evaluation out of the Scheduler 2020-11-30 13:17:02 +01:00
ProcessGroup.h Kernel: Move block condition evaluation out of the Scheduler 2020-11-30 13:17:02 +01:00
Random.cpp Kernel: Add WaitQueue::wait_forever and it use it for all infinite waits. 2021-02-15 08:28:57 +01:00
Random.h Kernel: Don't left-shift 1 (signed) 31 times 2021-02-05 21:28:06 +01:00
RTC.cpp Kernel: Don't assert if RTC believes we're in the past 2021-02-11 20:58:39 +01:00
RTC.h Meta: Add license header to source files 2020-01-18 09:45:54 +01:00
Scheduler.cpp Kernel: Mark a handful of things in Scheduler.cpp READONLY_AFTER_INIT 2021-02-14 18:12:00 +01:00
Scheduler.h Kernel: Remove ancient unused Scheduler::beep() declaration 2021-02-07 20:45:09 +01:00
SpinLock.h Kernel: Tag more methods and types as [[nodiscard]] 2020-12-27 11:09:30 +01:00
StdLib.cpp Kernel: Do not try to print the string that cannot be read 2021-02-13 00:40:31 +01:00
StdLib.h Kernel: Mark more StdLib functions as [[nodiscard]] 2021-02-15 09:34:52 +01:00
Syscall.cpp Kernel: Fix TOCTOU in syscall entry region validation 2021-02-14 11:47:14 +01:00
Thread.cpp Kernel: Mark a handful of things in Thread.cpp READONLY_AFTER_INIT 2021-02-14 18:12:00 +01:00
Thread.h Kernel: Mark BlockResult as [[nodiscard]] 2021-02-15 08:28:57 +01:00
ThreadBlockers.cpp Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) 2021-02-08 18:08:55 +01:00
ThreadTracer.cpp Kernel: Reorganize ptrace implementation a bit 2021-02-08 19:34:41 +01:00
ThreadTracer.h Kernel: PID/TID typing 2020-08-10 11:51:45 +02:00
TimerQueue.cpp Kernel: Improve time keeping and dramatically reduce interrupt load 2020-12-21 18:26:12 +01:00
TimerQueue.h Kernel: Specify default memory order for some non-synchronizing Atomics 2021-01-04 19:13:52 +01:00
UBSanitizer.cpp KUBSAN: Add nearly all missing -fsanitize handlers (#5254) 2021-02-11 20:58:01 +01:00
UBSanitizer.h KUBSAN: Add nearly all missing -fsanitize handlers (#5254) 2021-02-11 20:58:01 +01:00
UnixTypes.h Kernel+LibC: Add the _SC_GETPW_R_SIZE_MAX sysconf enum 2021-02-15 17:32:56 +01:00
UnveilNode.h Kernel: Allow 'elevating' unveil permissions if implicitly inherited from '/' 2020-12-26 16:10:04 +01:00
UserOrKernelBuffer.cpp AK: Add StringBuilder::appendff using the new format. 2020-09-22 15:06:40 +02:00
UserOrKernelBuffer.h Kernel: Mark UserOrKernelBuffer and it's getters as [[nodicard]] 2021-02-15 09:34:52 +01:00
VirtualAddress.h Kernel: Mark PhysicalAddress/VirtualAddress getters as [[nodiscard]] 2021-02-15 09:34:52 +01:00
WaitQueue.cpp Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) 2021-02-08 18:08:55 +01:00
WaitQueue.h Kernel: Add WaitQueue::wait_forever and it use it for all infinite waits. 2021-02-15 08:28:57 +01:00