From c1f74bf327d8b80970b5805bcff6dee24262604e Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Mon, 27 Jan 2020 12:43:21 +0100 Subject: [PATCH] Kernel: Never validate access to the kmalloc memory range Memory validation is used to verify that user syscalls are allowed to access a given memory range. Ring 0 threads never make syscalls, and so will never end up in validation anyway. The reason we were allowing kmalloc memory accesses is because kernel thread stacks used to be allocated in kmalloc memory. Since that's no longer the case, we can stop making exceptions for kmalloc in the validation code. --- Kernel/Heap/kmalloc.cpp | 7 ------- Kernel/Heap/kmalloc.h | 2 -- Kernel/Process.cpp | 20 ++------------------ 3 files changed, 2 insertions(+), 27 deletions(-) diff --git a/Kernel/Heap/kmalloc.cpp b/Kernel/Heap/kmalloc.cpp index 5d0cdce0a3c..77bb72fee60 100644 --- a/Kernel/Heap/kmalloc.cpp +++ b/Kernel/Heap/kmalloc.cpp @@ -66,13 +66,6 @@ bool g_dump_kmalloc_stacks; static u8* s_next_eternal_ptr; static u8* s_end_of_eternal_range; -bool is_kmalloc_address(const void* ptr) -{ - if (ptr >= (u8*)ETERNAL_BASE_PHYSICAL && ptr < s_next_eternal_ptr) - return true; - return (size_t)ptr >= BASE_PHYSICAL && (size_t)ptr <= (BASE_PHYSICAL + POOL_SIZE); -} - void kmalloc_init() { memset(&alloc_map, 0, sizeof(alloc_map)); diff --git a/Kernel/Heap/kmalloc.h b/Kernel/Heap/kmalloc.h index 031d24263c9..772e54112d9 100644 --- a/Kernel/Heap/kmalloc.h +++ b/Kernel/Heap/kmalloc.h @@ -39,8 +39,6 @@ void* krealloc(void*, size_t); void kfree(void*); void kfree_aligned(void*); -bool is_kmalloc_address(const void*); - extern volatile size_t sum_alloc; extern volatile size_t sum_free; extern volatile size_t kmalloc_sum_eternal; diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index 0bcc5bc5fa1..5a52bc26cce 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -2335,37 +2335,21 @@ bool Process::validate_read_from_kernel(VirtualAddress vaddr, ssize_t size) cons { if (vaddr.is_null()) return false; - // We check extra carefully here since the first 4MB of the address space is identity-mapped. - // This code allows access outside of the known used address ranges to get caught. - if (is_kmalloc_address(vaddr.as_ptr())) - return true; return MM.validate_kernel_read(*this, vaddr, size); } bool Process::validate_read(const void* address, ssize_t size) const { - ASSERT(size >= 0); - VirtualAddress first_address((uintptr_t)address); - if (is_ring0()) { - if (is_kmalloc_address(address)) - return true; - } if (!size) return false; - return MM.validate_user_read(*this, first_address, size); + return MM.validate_user_read(*this, VirtualAddress(address), size); } bool Process::validate_write(void* address, ssize_t size) const { - ASSERT(size >= 0); - VirtualAddress first_address((uintptr_t)address); - if (is_ring0()) { - if (is_kmalloc_address(address)) - return true; - } if (!size) return false; - return MM.validate_user_write(*this, first_address, size); + return MM.validate_user_write(*this, VirtualAddress(address), size); } pid_t Process::sys$getsid(pid_t pid)