usermem / security: no user pointer sanitization

[shrik3]

this simple user program could panic the kernel

#include <stdio.h>
#include <unistd.h>
#include <time.h>
#include <syscall.h>

int main(int argc, char *argv[])
{
	int res = syscall(SYS_clock_gettime, CLOCK_MONOTONIC, 0);
	printf("ret %d\n", res);
	return 0;
}

log:

[Print] [1/45400c0000|0] unhandle EXCEPTION: page_fault FAULT

This is because the syscall handler SysClockGetTime (among many others) copies to user buffer without sanity check.

    let clock = GetClock(task, clockID)?;
    let ts = clock.Now().Timespec();
    task.CopyOutObj(&ts, addr)?;

In this case I'm passing a null ptr. This causes a pagefault in kernel.

Actually, any illegal user pointer will cause a kernel panic. Because the Memcpy is called upon the user pointer in kernel space.

[QuarkContainer]

@shrik3 Thank you very much for the bug.

[QuarkContainer]

The issue is because we enable the "CopyDataWithPf" in config.json as debug. The feature will do the user/kernel memory copy based on page fault. When there is invalid address in user request, as the page fault has no good way to pass the error message to the caller api. The system will crash. The feature could get a little better performance than disable this. So I will disable this feature by default. And will create a PR after more test.

[shrik3]

can confirm. The issue is gone with the CopyDataWithPf option turned off.