]> Projects (at) Tadryanom (dot) Me - AdrOS.git/commit
projects / AdrOS.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cbfb214) | patch
fix: 4 CRITICAL security/race bugs from audit
authorTulio A M Mendes <[email protected]>
Tue, 10 Feb 2026 11:29:36 +0000 (08:29 -0300)
committerTulio A M Mendes <[email protected]>
Fri, 13 Feb 2026 02:20:50 +0000 (23:20 -0300)
commite05f42e55232964d1885e10b6cef138b39f892db
tree51b9041e771ebbabc38a9c0bd5f99f98253f4c93tree | snapshot
parentcbfb2149709ba7646d2a9b3b0b998de3e122b9e4commit | diff
fix: 4 CRITICAL security/race bugs from audit

3.1: user_range_ok weak default now rejects kernel addresses (>= 0xC0000000)
     Prevents privilege escalation via syscall arguments on non-x86 fallback.

3.2: sigreturn sanitizes eflags — clears IOPL bits, ensures IF set.
     Prevents userspace from gaining port I/O access via crafted sigframe.

2.1: PMM bitmap/refcount now protected by spinlock_t pmm_lock.
     Prevents SMP race where two CPUs could allocate the same physical frame.
     All public PMM functions (alloc, free, mark_region, incref, decref,
     get_refcount) now use spin_lock_irqsave/spin_unlock_irqrestore.

2.2: file->refcount now uses __sync_fetch_and_add / __sync_sub_and_fetch.
     Prevents use-after-free in fork/dup/dup2/dup3/close when timer IRQ
     fires and schedule() runs process_close_all_files_locked concurrently.
src/kernel/scheduler.c diff | blob | blame | history
src/kernel/syscall.c diff | blob | blame | history
src/kernel/uaccess.c diff | blob | blame | history
src/mm/pmm.c diff | blob | blame | history
AdrOS - A Unix-like Operating System for hobby/academic study.