x86_64: Support 8 byte inlined port rights to avoid message resizing.

If a port is inlined in a message, the user has to use mach_port_name_inlined_t to define each port. Out of line memory continues to use mach_port_name_t since that memory has to be copied to the kernel anyway. Both copyinmsg and copyoutmsg can be reduced to nothing (if we ignore USER32) as a follow up but kept this patch simple for ease of review. Message-ID: <ZWg00XzFPqqL1yF-@jupiter.tail36e24.ts.net>
author: Flavio Cruz <flaviocruz@gmail.com> 2023-11-30 02:08:01 -0500
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2023-12-03 01:01:41 +0100
commit: 29d4bcaafc4c2040df27a6247603c68e7757205c (patch)
tree: e690beca8fd1b0ff00645798dab866df6e77a67c /x86_64
parent: 2db6b9b7b23b3bab944665b3b6012d24dd425d97 (diff)
1 files changed, 60 insertions, 7 deletions
diff --git a/x86_64/copy_user.c b/x86_64/copy_user.c
index 0d3f301b..c6e125d9 100644
--- a/x86_64/copy_user.c
+++ b/x86_64/copy_user.c
@@ -265,8 +265,15 @@ static inline int copyout_unpack_msg_type(vm_offset_t kaddr,
       mach_msg_type_size_t orig_size = kmtl->msgtl_size;
       int ret;
 
-      if (MACH_MSG_TYPE_PORT_ANY(kmtl->msgtl_name))
+      if (MACH_MSG_TYPE_PORT_ANY(kmtl->msgtl_name)) {
+#ifdef USER32
         kmtl->msgtl_size = bytes_to_descsize(sizeof(mach_port_name_t));
+#else
+        /* 64 bit ABI uses mach_port_name_inlined_t for inlined ports. */
+        if (!kmt->msgt_inline)
+          kmtl->msgtl_size = bytes_to_descsize(sizeof(mach_port_name_t));
+#endif
+      }
       ret = copyout_mach_msg_type_long(kmtl, (void*)uaddr);
       kmtl->msgtl_size = orig_size;
       if (ret)
@@ -283,8 +290,15 @@ static inline int copyout_unpack_msg_type(vm_offset_t kaddr,
       mach_msg_type_size_t orig_size = kmt->msgt_size;
       int ret;
 
-      if (MACH_MSG_TYPE_PORT_ANY(kmt->msgt_name))
+      if (MACH_MSG_TYPE_PORT_ANY(kmt->msgt_name)) {
+#ifdef USER32
         kmt->msgt_size = bytes_to_descsize(sizeof(mach_port_name_t));
+#else
+        /* 64 bit ABI uses mach_port_name_inlined_t for inlined ports. */
+        if (!kmt->msgt_inline)
+          kmt->msgt_size = bytes_to_descsize(sizeof(mach_port_name_t));
+#endif
+      }
       ret = copyout_mach_msg_type(kmt, (void *)uaddr);
       kmt->msgt_size = orig_size;
       if (ret)
@@ -299,8 +313,10 @@ static inline int copyout_unpack_msg_type(vm_offset_t kaddr,
   return 0;
 }
 
+#ifdef USER32
 /*
- * Compute the user-space size of a message still in the kernel.
+ * Compute the user-space size of a message still in the kernel when processing
+ * messages from 32bit userland.
  * The message may be originating from userspace (in which case we could
  * optimize this by keeping the usize around) or from kernel space (we could
  * optimize if the message structure is fixed and known in advance).
@@ -333,7 +349,8 @@ size_t msg_usize(const mach_msg_header_t *kmsg)
             {
               if (MACH_MSG_TYPE_PORT_ANY(name))
                 {
-                  saddr += sizeof(mach_port_t) * number;
+                  const vm_size_t length = sizeof(mach_port_t) * number;
+                  saddr += length;
                   usize += sizeof(mach_port_name_t) * number;
                 }
               else
@@ -355,6 +372,7 @@ size_t msg_usize(const mach_msg_header_t *kmsg)
     }
   return usize;
 }
+#endif /* USER32 */
 
 /*
  * Expand the msg header and, if required, the msg body (ports, pointers)
@@ -423,6 +441,9 @@ int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize, const s
             {
               if (MACH_MSG_TYPE_PORT_ANY(name))
                 {
+#ifdef USER32
+                  if (size != bytes_to_descsize(sizeof(mach_port_name_t)))
+                    return 1;
                   if ((usaddr + sizeof(mach_port_name_t)*number) > ueaddr)
                     return 1;
                   adjust_msg_type_size(ktaddr, sizeof(mach_port_t) - sizeof(mach_port_name_t));
@@ -433,6 +454,17 @@ int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize, const s
                       ksaddr += sizeof(mach_port_t);
                       usaddr += sizeof(mach_port_name_t);
                     }
+#else
+                  if (size != bytes_to_descsize(sizeof(mach_port_name_inlined_t)))
+                    return 1;
+                  const vm_size_t length = number * sizeof(mach_port_name_inlined_t);
+                  if ((usaddr + length) > ueaddr)
+                    return 1;
+                  if (copyin((void*)usaddr, (void*)ksaddr, length))
+                    return 1;
+                  usaddr += length;
+                  ksaddr += length;
+#endif
                 }
               else
                 {
@@ -451,9 +483,13 @@ int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize, const s
               if ((usaddr + sizeof(rpc_vm_offset_t)) > ueaddr)
                 return 1;
 
-              // out-of-line port arrays are expanded in ipc_kmsg_copyin_body()
-              if (MACH_MSG_TYPE_PORT_ANY(name))
+              /* out-of-line port arrays are always arrays of mach_port_name_t (4 bytes)
+               * and are expanded in ipc_kmsg_copyin_body() */
+              if (MACH_MSG_TYPE_PORT_ANY(name)) {
+                if (size != bytes_to_descsize(sizeof(mach_port_name_t)))
+                  return 1;
                 adjust_msg_type_size(ktaddr, sizeof(mach_port_t) - sizeof(mach_port_name_t));
+              }
 
               if (copyin_address((rpc_vm_offset_t*)usaddr, (vm_offset_t*)ksaddr))
                 return 1;
@@ -470,6 +506,10 @@ int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize, const s
 
   kmsg->msgh_size = sizeof(mach_msg_header_t) + ksaddr - (vm_offset_t)(kmsg + 1);
   assert(kmsg->msgh_size <= ksize);
+#ifndef USER32
+  if (kmsg->msgh_size != usize)
+    return 1;
+#endif
   return 0;
 }
 
@@ -519,6 +559,7 @@ int copyoutmsg (const void *kernelbuf, void *userbuf, const size_t ksize)
             {
               if (MACH_MSG_TYPE_PORT_ANY(name))
                 {
+#ifdef USER32
                   for (int i=0; i<number; i++)
                     {
                       if (copyout_port((mach_port_t*)ksaddr, (mach_port_name_t*)usaddr))
@@ -526,10 +567,18 @@ int copyoutmsg (const void *kernelbuf, void *userbuf, const size_t ksize)
                       ksaddr += sizeof(mach_port_t);
                       usaddr += sizeof(mach_port_name_t);
                     }
+#else
+                  if (size != bytes_to_descsize(sizeof(mach_port_name_inlined_t)))
+                    return 1;
+                  const vm_size_t length = number * sizeof(mach_port_name_inlined_t);
+                  if (copyout((void*)ksaddr, (void*)usaddr, length))
+                    return 1;
+                  ksaddr += length;
+                  usaddr += length;
+#endif
                 }
               else
                 {
-                  // type that doesn't need change
                   size_t n = descsize_to_bytes(size);
                   if (copyout((void*)ksaddr, (void*)usaddr, n*number))
                     return 1;
@@ -554,6 +603,10 @@ int copyoutmsg (const void *kernelbuf, void *userbuf, const size_t ksize)
   usize = sizeof(mach_msg_user_header_t) + usaddr - (vm_offset_t)(umsg + 1);
   if (copyout(&usize, &umsg->msgh_size, sizeof(umsg->msgh_size)))
     return 1;
+#ifndef USER32
+  if (usize != ksize)
+    return 1;
+#endif
 
   return 0;
author	Flavio Cruz <flaviocruz@gmail.com>	2023-11-30 02:08:01 -0500
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2023-12-03 01:01:41 +0100
commit	29d4bcaafc4c2040df27a6247603c68e7757205c (patch)
tree	e690beca8fd1b0ff00645798dab866df6e77a67c /x86_64
parent	2db6b9b7b23b3bab944665b3b6012d24dd425d97 (diff)