[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2] x86_64: fix msg size forwarding in case it's not set by
|
From: |
Samuel Thibault |
|
Subject: |
Re: [PATCH 1/2] x86_64: fix msg size forwarding in case it's not set by userspace |
|
Date: |
Wed, 12 Jun 2024 08:35:21 +0200 |
|
User-agent: |
NeoMutt/20170609 (1.8.3) |
Applied, thanks!
Luca Dariz, le mer. 12 juin 2024 08:27:54 +0200, a ecrit:
> * ipc/copy_user.c: recent MIG stubs should always fill the size
> correctly in the msg header, but we shouldn't rely on that. Instead,
> we use the size that was correctly copied-in, overwriting the value
> in the header. This is already done by the 32-bit copyinmsg(), and
> was missing in the 64-bit version.
> Furthermore, the assertion about user/kernel size make sense with
> and without USER32, so take it out if the #ifdef.
> ---
> ipc/copy_user.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/ipc/copy_user.c b/ipc/copy_user.c
> index a4b238de..850ea49e 100644
> --- a/ipc/copy_user.c
> +++ b/ipc/copy_user.c
> @@ -442,16 +442,18 @@ int copyinmsg (const void *userbuf, void *kernelbuf,
> const size_t usize, const s
> }
>
> kmsg->msgh_size = sizeof(mach_msg_header_t) + ksaddr - (vm_offset_t)(kmsg
> + 1);
> - assert(kmsg->msgh_size <= ksize);
> #else
> /* The 64 bit interface ensures the header is the same size, so it does
> not need any resizing. */
> _Static_assert(sizeof(mach_msg_header_t) == sizeof(mach_msg_user_header_t),
> "mach_msg_header_t and mach_msg_user_header_t expected to be
> of the same size");
> if (copyin(umsg, kmsg, usize))
> return 1;
> +
> + kmsg->msgh_size = usize;
> kmsg->msgh_remote_port &= 0xFFFFFFFF; // FIXME: still have port names here
> kmsg->msgh_local_port &= 0xFFFFFFFF; // also, this assumes little-endian
> #endif
> + assert(kmsg->msgh_size <= ksize);
> return 0;
> }
>
> --
> 2.39.2
>
>