From fc3c8d4ae01a32a5c467d4965088878aa02066a7 Mon Sep 17 00:00:00 2001 From: "Rustem Gimadutdinov (rgimad)" Date: Mon, 21 Jun 2021 21:31:19 +0000 Subject: [PATCH] [KERNEL] Temporarily disable checks added in #8680. More info in comments to syscall_file_system_lfn git-svn-id: svn://kolibrios.org@8912 a494cfbc-eb01-0410-851d-a64ba20cac60 --- kernel/trunk/core/syscall.inc | 2 +- kernel/trunk/fs/fs_lfn.inc | 132 +++++++++++++++++----------------- 2 files changed, 69 insertions(+), 65 deletions(-) diff --git a/kernel/trunk/core/syscall.inc b/kernel/trunk/core/syscall.inc index 8cb07f67cc..37250ecec0 100644 --- a/kernel/trunk/core/syscall.inc +++ b/kernel/trunk/core/syscall.inc @@ -168,7 +168,7 @@ iglobal dd syscall_move_window ; 67-Window move or resize dd f68 ; 68-Some internal services dd sys_debug_services ; 69-Debug - dd syscall_file_system_lfn ; 70-Common file system interface, version 2 + dd file_system_lfn ; 70-Common file system interface, version 2 dd syscall_window_settings ; 71-Window settings dd sys_sendwindowmsg ; 72-Send window message dd blit_32 ; 73-blitter; diff --git a/kernel/trunk/fs/fs_lfn.inc b/kernel/trunk/fs/fs_lfn.inc index 8b3d414cb4..3d44bd642a 100644 --- a/kernel/trunk/fs/fs_lfn.inc +++ b/kernel/trunk/fs/fs_lfn.inc @@ -26,69 +26,69 @@ maxPathLength = 1000h image_of_eax EQU esp+32 image_of_ebx EQU esp+20 -; System function 70 security check -align 4 -proc file_system_is_operation_safe stdcall, inf_struct_ptr: dword -; in: -; inf_struct_ptr = pointer to information structure was given to sysfn70 -; out: ZF = 1 if operation is safe -; ZF = 0 if operation can cause kernel crash - push ebx ecx edx - xor ecx, ecx ; ecx - length of target buffer +; ; System function 70 security check +; align 4 +; proc file_system_is_operation_safe stdcall, inf_struct_ptr: dword +; ; in: +; ; inf_struct_ptr = pointer to information structure was given to sysfn70 +; ; out: ZF = 1 if operation is safe +; ; ZF = 0 if operation can cause kernel crash +; push ebx ecx edx +; xor ecx, ecx ; ecx - length of target buffer - mov ebx, [inf_struct_ptr] - mov edx, [ebx + 16] ; base of target buffer +; mov ebx, [inf_struct_ptr] +; mov edx, [ebx + 16] ; base of target buffer - cmp dword [ebx], 0 ; if 70.0 - jnz .case1 - mov ecx, dword [ebx + 12] - jmp .end_switch +; cmp dword [ebx], 0 ; if 70.0 +; jnz .case1 +; mov ecx, dword [ebx + 12] +; jmp .end_switch -.case1: - cmp dword [ebx], 1 ; if 70.1 - jnz .case2_3 - ;mov ecx, 32 - cmp dword [ebx + 8], 1 ; check encoding - jbe .case1_304 ; if encdoing <= 1 i.e cpp866 - mov ecx, 560 ; if unicode then bdvk block len is 560 bytes - jmp .case1_end -.case1_304: - mov ecx, 304 ; if cp866 then bdvk block len is 304 bytes -.case1_end: - imul ecx, dword [ebx + 12] ; multiply bdvk length by their count - add ecx, 32 ; add result header len - jmp .end_switch +; .case1: +; cmp dword [ebx], 1 ; if 70.1 +; jnz .case2_3 +; ;mov ecx, 32 +; cmp dword [ebx + 8], 1 ; check encoding +; jbe .case1_304 ; if encdoing <= 1 i.e cpp866 +; mov ecx, 560 ; if unicode then bdvk block len is 560 bytes +; jmp .case1_end +; .case1_304: +; mov ecx, 304 ; if cp866 then bdvk block len is 304 bytes +; .case1_end: +; imul ecx, dword [ebx + 12] ; multiply bdvk length by their count +; add ecx, 32 ; add result header len +; jmp .end_switch -.case2_3: - cmp dword [ebx], 3 - ja .case5 ; if subfn > 3 - mov ecx, dword [ebx + 12] - jmp .end_switch +; .case2_3: +; cmp dword [ebx], 3 +; ja .case5 ; if subfn > 3 +; mov ecx, dword [ebx + 12] +; jmp .end_switch -.case5: - cmp dword [ebx], 5 - jnz .case6 - mov ecx, 40 - jmp .end_switch +; .case5: +; cmp dword [ebx], 5 +; jnz .case6 +; mov ecx, 40 +; jmp .end_switch -.case6: - cmp dword [ebx], 6 - jnz .switch_none - mov ecx, 32 - jmp .end_switch +; .case6: +; cmp dword [ebx], 6 +; jnz .switch_none +; mov ecx, 32 +; jmp .end_switch -.switch_none: - mov ecx, 1 - test ecx, ecx - jmp .ret +; .switch_none: +; mov ecx, 1 +; test ecx, ecx +; jmp .ret -.end_switch: - ;; - stdcall is_region_userspace, edx, ecx -.ret: - pop edx ecx ebx - ret -endp +; .end_switch: +; ;; +; stdcall is_region_userspace, edx, ecx +; .ret: +; pop edx ecx ebx +; ret +; endp syscall_fileSystemUnicode: ; in: ebx -> f.80 parameter structure @@ -101,16 +101,20 @@ syscall_fileSystemUnicode: @@: jmp fileSystemUnicode -syscall_file_system_lfn: -; in: ebx -> f.70 parameter structure - stdcall file_system_is_operation_safe, ebx - jnz @f +; temporarily commented out cause acpi driver (drivers/devman) uses sysfn70 via 0x40 +; so because drivers it kernel space, pointer checking fails +; TODO solution: add filesystem functions without pointer checking to kernel exports +; and make the driver use them, not int 0x40 +; syscall_file_system_lfn: ; with user pointer correctness checking +; ; in: ebx -> f.70 parameter structure +; stdcall file_system_is_operation_safe, ebx +; jnz @f - DEBUGF 1, "sysfn70 addr error\n" - mov dword [image_of_eax], ERROR_MEMORY_POINTER - ret -@@: - jmp file_system_lfn +; DEBUGF 1, "sysfn70 addr error\n" +; mov dword [image_of_eax], ERROR_MEMORY_POINTER +; ret +; @@: +; jmp file_system_lfn ; System function 70