From ecf724116488651a0dba3880fb89aca308e2251b Mon Sep 17 00:00:00 2001 From: dzwdz Date: Tue, 24 Jan 2023 16:09:14 +0100 Subject: kernel/procfs: allow reading memory of descendants I'm suprised how short this patch is. It also feels like I've introducted a vulnerability somewhere with it. Hopefully it's a false feeling. --- src/kernel/vfs/procfs.c | 11 +++++++++++ src/user/app/init/init.c | 3 ++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/kernel/vfs/procfs.c b/src/kernel/vfs/procfs.c index 7ca8c14..a417606 100644 --- a/src/kernel/vfs/procfs.c +++ b/src/kernel/vfs/procfs.c @@ -9,6 +9,7 @@ enum phandle_type { PhDir, PhIntr, + PhMem, }; struct phandle { @@ -57,6 +58,8 @@ openpath(const char *path, size_t len, struct process *p) type = PhDir; } else if (len == 4 && memcmp(path, "intr", 4) == 0) { type = PhIntr; + } else if (len == 3 && memcmp(path, "mem", 3) == 0) { + type = PhMem; } else { return NULL; } @@ -105,6 +108,7 @@ procfs_accept(struct vfs_request *req) return; } pos += snprintf(buf + pos, 512 - pos, "intr")+1; + pos += snprintf(buf + pos, 512 - pos, "mem")+1; for (struct process *iter = p->child; iter; iter = iter->sibling) { assert(pos < 512); // processes could possibly be identified by unique identifiers instead @@ -118,6 +122,13 @@ procfs_accept(struct vfs_request *req) assert(0 <= pos && (size_t)pos <= sizeof buf); virt_cpy_to(req->caller->pages, req->output.buf, buf, pos); vfsreq_finish_short(req, pos); + } else if (req->type == VFSOP_READ && h->type == PhMem) { + size_t res = virt_cpy( + req->caller->pages, req->output.buf, + p->pages, (__user void*)req->offset, + req->output.len, NULL + ); + vfsreq_finish_short(req, res); } else if (req->type == VFSOP_WRITE && h->type == PhIntr) { process_intr(p); vfsreq_finish_short(req, req->input.len); diff --git a/src/user/app/init/init.c b/src/user/app/init/init.c index 0114ac5..73e863e 100644 --- a/src/user/app/init/init.c +++ b/src/user/app/init/init.c @@ -36,11 +36,12 @@ void redirect(const char *exe, const char *out, const char *in) { } int main(void) { + const char *teststr = "I am teststr.\n"; handle_t killswitch_pipe[2]; freopen("/kdev/com1", "a+", stdout); freopen("/kdev/com1", "a+", stderr); - printf("[init] stage 2, main at %p\n", &main); + printf("[init] stage 2, main at %p, testtr at %p\n", &main, teststr); MOUNT_AT("/keyboard") { MOUNT_AT("/") { fs_whitelist((const char*[]){"/kdev/ps2/kb", NULL}); } -- cgit v1.2.3