gh0s7/mckernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

open: check filename address (re-commit)

Browse Source
This commit is contained in:
Tomoki Shirasawa
2017-07-19 11:37:55 +09:00
parent dd9675d65e
commit 64c2e437c6
2 changed files with 22 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
arch/x86/kernel/memory.c
View File

@@ -2171,26 +2171,18 @@ int copy_from_user(void *dst, const void *src, size_t siz)
int strlen_user(const char *s) int strlen_user(const char *s)
{ {
struct process_vm *vm = cpu_local_var(current)->vm; struct process_vm *vm = cpu_local_var(current)->vm;
struct vm_range *range;
unsigned long pgstart; unsigned long pgstart;
int maxlen; int maxlen;
const char *head = s; const char *head = s;
int err;
maxlen = 4096 - (((unsigned long)s) & 0x0000000000000fffUL); maxlen = 4096 - (((unsigned long)s) & 0x0000000000000fffUL);
pgstart = ((unsigned long)s) & 0xfffffffffffff000UL; pgstart = ((unsigned long)s) & 0xfffffffffffff000UL;
if(!pgstart || pgstart >= MAP_KERNEL_START) if(!pgstart || pgstart >= MAP_KERNEL_START)
return -EFAULT; return -EFAULT;
ihk_mc_spinlock_lock_noirq(&vm->memory_range_lock);
for(;;){ for(;;){
range = lookup_process_memory_range(vm, pgstart, pgstart+1); if ((err = verify_process_vm(vm, s, 1)))
if(range == NULL){ return err;
ihk_mc_spinlock_unlock_noirq(&vm->memory_range_lock);
return -EFAULT;
}
if((range->flag & VR_PROT_MASK) == VR_PROT_NONE){
ihk_mc_spinlock_unlock_noirq(&vm->memory_range_lock);
return -EFAULT;
}
while(*s && maxlen > 0){ while(*s && maxlen > 0){
s++; s++;
maxlen--; maxlen--;
@@ -2200,14 +2192,12 @@ int strlen_user(const char *s)
maxlen = 4096; maxlen = 4096;
pgstart += 4096; pgstart += 4096;
} }
ihk_mc_spinlock_unlock_noirq(&vm->memory_range_lock);
return s - head; return s - head;
} }
int strcpy_from_user(char *dst, const char *src) int strcpy_from_user(char *dst, const char *src)
{ {
struct process_vm *vm = cpu_local_var(current)->vm; struct process_vm *vm = cpu_local_var(current)->vm;
struct vm_range *range;
unsigned long pgstart; unsigned long pgstart;
int maxlen; int maxlen;
int err = 0; int err = 0;
@@ -2216,17 +2206,9 @@ int strcpy_from_user(char *dst, const char *src)
pgstart = ((unsigned long)src) & 0xfffffffffffff000UL; pgstart = ((unsigned long)src) & 0xfffffffffffff000UL;
if(!pgstart || pgstart >= MAP_KERNEL_START) if(!pgstart || pgstart >= MAP_KERNEL_START)
return -EFAULT; return -EFAULT;
ihk_mc_spinlock_lock_noirq(&vm->memory_range_lock);
for(;;){ for(;;){
range = lookup_process_memory_range(vm, pgstart, pgstart + 1); if ((err = verify_process_vm(vm, src, 1)))
if(range == NULL){ return err;
err = -EFAULT;
break;
}
if((range->flag & VR_PROT_MASK) == VR_PROT_NONE){
err = -EFAULT;
break;
}
while(*src && maxlen > 0){ while(*src && maxlen > 0){
*(dst++) = *(src++); *(dst++) = *(src++);
maxlen--; maxlen--;
@@ -2238,7 +2220,6 @@ int strcpy_from_user(char *dst, const char *src)
maxlen = 4096; maxlen = 4096;
pgstart += 4096; pgstart += 4096;
} }
ihk_mc_spinlock_unlock_noirq(&vm->memory_range_lock);
return err; return err;
} }

20
kernel/syscall.c
View File

@@ -2834,12 +2834,26 @@ SYSCALL_DECLARE(ioctl)
SYSCALL_DECLARE(open) SYSCALL_DECLARE(open)
{ {
const char *pathname = (const char *)ihk_mc_syscall_arg0(ctx); const char *pathname = (const char *)ihk_mc_syscall_arg0(ctx);
int len;
char *xpmem_wk;
long rc; long rc;
dkprintf("open(): pathname=%s\n", pathname); len = strlen_user(pathname);
if (!strcmp(pathname, XPMEM_DEV_PATH)) { if (len < 0)
return len;
if (!(xpmem_wk = kmalloc(len + 1, IHK_MC_AP_NOWAIT)))
return -ENOMEM;
if (copy_from_user(xpmem_wk, pathname, len + 1)) {
kfree(xpmem_wk);
return -EFAULT;
}
dkprintf("open(): pathname=%s\n", xpmem_wk);
rc = strcmp(xpmem_wk, XPMEM_DEV_PATH);
kfree(xpmem_wk);
if (!rc) {
rc = xpmem_open(ctx); rc = xpmem_open(ctx);
} else { }
else {
rc = syscall_generic_forwarding(__NR_open, ctx); rc = syscall_generic_forwarding(__NR_open, ctx);
} }