Kernel: Properly handle NULL in A/B/W buffers

sunriseos · Mar 17, 2019 · 54a1fd5 · 54a1fd5
1 parent bd20d77
commit 54a1fd5
Showing 1 changed file with 17 additions and 6 deletions.
diff --git a/kernel/src/ipc/session.rs b/kernel/src/ipc/session.rs
@@ -231,12 +231,23 @@ fn buf_map(from_buf: &[u8], to_buf: &mut [u8], curoff: &mut usize, from_mem: &mu
     let addr = addr as usize;
     let size = size as usize;
 
-    // TODO: handle NULL addr case -> no need to map anything, just create an equivalent null entry.
-
-    // Map the descriptor in the other process.
-    let mapping = from_mem.share_existing_mapping(VirtualAddress(addr), size)?;
-    let to_addr = to_mem.find_available_space(size)?;
-    to_mem.map_shared_mapping(mapping, to_addr, MappingAccessRights::u_rw())?;
+    let to_addr = if addr == 0 {
+        // Null pointers shouldn't be mapped.
+        0
+    } else {
+        // TODO: buf_map: Check that from_mem has the right permissions
+        // BODY: buf_map currently remaps without checking the permissions. This
+        // BODY: could allow a user to read non-user-accessible memory, or
+        // BODY: write to non-writable memory.
+        // BODY:
+        // BODY: Whatever mechanism we setup for UserSpacePtr, we should probably
+        // BODY: reuse it here.
+
+        // Map the descriptor in the other process.
+        let mapping = from_mem.share_existing_mapping(VirtualAddress(addr), size)?;
+        let to_addr = to_mem.find_available_space(size)?;
+        to_mem.map_shared_mapping(mapping, to_addr, MappingAccessRights::u_rw())?;
+    };
 
     let loweraddr = to_addr.addr() as u32;
     let rest = *0u32