Kernel: Don't leak kmalloc pointers through FIFO absolute paths

Instead of using the FIFO's memory address as part of its absolute path identity, just use an incrementing FIFO index instead. Note that this is not used for anything other than debugging (it helps you identify which file descriptors refer to the same FIFO by looking at /proc/PID/fds
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/56a2c21e0c9
2020-01-07 07:29:50 +01:00 · 2020-01-07 07:29:50 +01:00 · 56a2c21e0c · 2024-07-19 10:18:07 +09:00
commit 56a2c21e0c
parent 5646a95161
2 changed files with 5 additions and 11 deletions
--- a/Kernel/FileSystem/FIFO.cpp
+++ b/Kernel/FileSystem/FIFO.cpp
@ -16,14 +16,7 @@ Lockable<HashTable<FIFO*>>& all_fifos()
    return *s_table;
 }

-RefPtr<FIFO> FIFO::from_fifo_id(u32 id)
-{
-    auto* ptr = reinterpret_cast<FIFO*>(id);
-    LOCKER(all_fifos().lock());
-    if (auto it = all_fifos().resource().find(ptr); it == all_fifos().resource().end())
-        return nullptr;
-    return ptr;
-}
+static int s_next_fifo_id = 1;

 NonnullRefPtr<FIFO> FIFO::create(uid_t uid)
 {
@ -43,6 +36,7 @@ FIFO::FIFO(uid_t uid)
 {
    LOCKER(all_fifos().lock());
    all_fifos().resource().set(this);
+    m_fifo_id = ++s_next_fifo_id;
 }

 FIFO::~FIFO()
@ -121,5 +115,5 @@ ssize_t FIFO::write(FileDescription&, const u8* buffer, ssize_t size)

 String FIFO::absolute_path(const FileDescription&) const
 {
-    return String::format("fifo:%u", this);
+    return String::format("fifo:%u", m_fifo_id);
 }
--- a/Kernel/FileSystem/FIFO.h
+++ b/Kernel/FileSystem/FIFO.h
@ -14,8 +14,6 @@ public:
        Writer
    };

-    static RefPtr<FIFO> from_fifo_id(u32);
-
    static NonnullRefPtr<FIFO> create(uid_t);
    virtual ~FIFO() override;

@ -43,4 +41,6 @@ private:
    DoubleBuffer m_buffer;

    uid_t m_uid { 0 };
+
+    int m_fifo_id { 0 };
 };