kernel: Reinstate the USER_ADDRESS check in ioctl (sort of).

Thinking over this carefully, I realized that adding checks to every ioctl implementation in every driver would be very prohibitive, because there, one has to check is_called_via_syscall() in addition to IS_USER_ADDRESS(), and this would have to be done in every case. So that would take a massive amount of work, and it would be very easy to miss a case. Instead, we can take advantage of the fact that all we really care about is the buffer not existing within the kernel address space. This should allow using constants in the umappable range between 0x0 and the beginning of the user address space, too. Change-Id: I2eeb46e806a5aac32e152c72076a042aa847be0d
2019-07-11 23:58:33 -04:00 · 2019-07-11 23:58:33 -04:00 · 8e84b39646
parent 925cb64e3c
commit 8e84b39646
1 changed files with 5 additions and 2 deletions
--- a/src/system/kernel/fs/fd.cpp
+++ b/src/system/kernel/fs/fd.cpp
@ -925,8 +925,11 @@ _user_ioctl(int fd, uint32 op, void* buffer, size_t length)
 	TRACE(("user_ioctl: fd %d\n", fd));

 	// "buffer" is not always a pointer depending on "op", so we cannot
-	// check that it is a userland buffer here; the underlying implementation
-	// must do that.
+	// check that it is a userland buffer here. Instead we check that
+	// it is at least not within the bounds of kernel memory; as in
+	// the cases where it is a numeric constant it is usually a low one.
+	if (IS_KERNEL_ADDRESS(buffer))
+		return B_BAD_ADDRESS;

 	SyscallRestartWrapper<status_t> status;