This patch addresses a use-after-free (UAF) vulnerability in the
sys_mount. The issue occurred due to improper handling of memory
deallocation, which could lead to crashes or undefined behavior on user
request of mounting.
Changes made:
- Moved the `rt_free(copy_source)` function call to occur after the necessary
operations are completed, preventing premature deallocation of memory.
Signed-off-by: Shell <smokewood@qq.com>
This patch fixup the script execution capabilities on argv passing
and adds support for arguments larger than 4k.
According to POSIX, the script parameter is quiet different
from the current implementation. Especially on the way it inserts
the path of executables. At the end, when you execute a script
from `$PATH`, it always fails.
For the script, interpreter will be invoked with the following
arguments: `{interpreter [optional-arg] pathname arg...}`
where pathname is the pathname of the file specified as the first
argument of execve(), and arg... is the series of words pointed
to by the argv argument of execve(), starting at argv[1]. Note that
there is no way to get the argv[0] that was passed to the
execve() call.
The changes include:
- Separating argument, environment variable, and auxiliary vector
processing into a new lwp_args.c file.
- Fixing bugs in script argument processing and supporting arguments
larger than 4k.
- Updating lwp_execve to use the new argscopy function and removing
the old lwp_argscopy function.
- Making various modifications to lwp_load and elf_aux_fill to work
with the new argument processing.
- Removing unnecessary code related to dynamic loading and interpreter
scripts.
Signed-off-by: Shell <smokewood@qq.com>
Correct `sched_setaffinity()` to use the thread IDs (TIDs) instead of
process IDs (PIDs). The previous implementation used PIDs, which
caused issues since affinity settings need to be applied at the
thread level.
As the manual documented, the signature is:
> int sched_setaffinity(pid_t pid, size_t cpusetsize,
> const cpu_set_t *mask);
Yes, it's tricky, the identification passing in is called **'PID'**.
But when we talk about 'pid' from GNU libc, it's the **'task-id'**,
aka, `thread->tid` known in kernel.
Changes were made by updating the function signatures and logic in
`lwp.h`, `lwp_pid.c`, and `lwp_syscall.c` to accept TIDs. Specifically,
the `lwp_setaffinity` function and related internal functions now
operate using thread IDs and adjust thread affinity settings accordingly
Signed-off-by: Shell <smokewood@qq.com>
Prev implementation of lwp_new() including the create of lwp object
and the pid allocation. But not every lwp object need a pid.
So this patch split out the business of lwp_new() to improve the
maintainability.
Signed-off-by: Shell <smokewood@qq.com>
