summaryrefslogtreecommitdiff
path: root/src/kernel/vfs
diff options
context:
space:
mode:
authordzwdz2023-06-17 22:19:36 +0200
committerdzwdz2023-06-17 23:39:27 +0200
commitb528a54a708c4cd2149c8e6884af2063c2b272cd (patch)
treeded8aff45f2d5e7f08eb68f710edc7b9b164d5a2 /src/kernel/vfs
parent8929eb838bec8d3f5eb0d5a1c6b91a4f27d0baff (diff)
kernel: fix procfs overflow bug, add safeguard to prevent similar ones
Diffstat (limited to 'src/kernel/vfs')
-rw-r--r--src/kernel/vfs/procfs.c8
-rw-r--r--src/kernel/vfs/request.c4
2 files changed, 6 insertions, 6 deletions
diff --git a/src/kernel/vfs/procfs.c b/src/kernel/vfs/procfs.c
index 7669b78..fc17f1d 100644
--- a/src/kernel/vfs/procfs.c
+++ b/src/kernel/vfs/procfs.c
@@ -1,4 +1,5 @@
#include <camellia/errno.h>
+#include <kernel/arch/amd64/driver/util.h> // portable despite the name
#include <kernel/malloc.h>
#include <kernel/panic.h>
#include <kernel/proc.h>
@@ -119,10 +120,6 @@ procfs_accept(VfsReq *req)
if (req->type == VFSOP_READ && (h->type == PhDir || h->type == PhRoot)) {
// TODO port dirbuild to kernel
int pos = 0;
- if (req->offset != 0) {
- vfsreq_finish_short(req, -ENOSYS);
- return;
- }
if (h->type == PhDir) {
pos += snprintf(buf + pos, 512 - pos, "intr")+1;
pos += snprintf(buf + pos, 512 - pos, "mem")+1;
@@ -136,8 +133,7 @@ procfs_accept(VfsReq *req)
}
}
assert(0 <= pos && (size_t)pos <= sizeof buf);
- pcpy_to(req->caller, req->output.buf, buf, pos);
- vfsreq_finish_short(req, pos);
+ vfsreq_finish_short(req, req_readcopy(req, buf, pos));
} else if (req->type == VFSOP_READ && h->type == PhMem) {
if (p->pages == NULL || req->caller->pages == NULL) {
vfsreq_finish_short(req, 0);
diff --git a/src/kernel/vfs/request.c b/src/kernel/vfs/request.c
index 410e41e..5723201 100644
--- a/src/kernel/vfs/request.c
+++ b/src/kernel/vfs/request.c
@@ -73,6 +73,10 @@ void vfsreq_finish(VfsReq *req, char __user *stored, long ret,
}
}
+ if (req->type == VFSOP_READ && ret >= 0) {
+ assert((size_t)ret <= req->output.len);
+ }
+
if (req->input.kern)
kfree(req->input.buf_kern);