From c05c5a7ff43388994a85ce84121cdcfa6ee741ba Mon Sep 17 00:00:00 2001 From: Ben Wiederhake Date: Sat, 30 Oct 2021 00:45:23 +0200 Subject: Kernel: Clarify ambiguous {File,Description}::absolute_path Found due to smelly code in InodeFile::absolute_path. In particular, this replaces the following misleading methods: File::absolute_path This method *never* returns an actual path, and if called on an InodeFile (which is impossible), it would VERIFY_NOT_REACHED(). OpenFileDescription::try_serialize_absolute_path OpenFileDescription::absolute_path These methods do not guarantee to return an actual path (just like the other method), and just like Custody::absolute_path they do not guarantee accuracy. In particular, just renaming the method made a TOCTOU bug obvious. The new method signatures use KResultOr, just like try_serialize_absolute_path() already did. --- Kernel/FileSystem/AnonymousFile.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Kernel/FileSystem/AnonymousFile.h') diff --git a/Kernel/FileSystem/AnonymousFile.h b/Kernel/FileSystem/AnonymousFile.h index af91c36d21..49a21e7fc7 100644 --- a/Kernel/FileSystem/AnonymousFile.h +++ b/Kernel/FileSystem/AnonymousFile.h @@ -24,7 +24,7 @@ public: private: virtual StringView class_name() const override { return "AnonymousFile"sv; } - virtual String absolute_path(const OpenFileDescription&) const override { return ":anonymous-file:"; } + virtual KResultOr> pseudo_path(const OpenFileDescription&) const; virtual bool can_read(const OpenFileDescription&, size_t) const override { return false; } virtual bool can_write(const OpenFileDescription&, size_t) const override { return false; } virtual KResultOr read(OpenFileDescription&, u64, UserOrKernelBuffer&, size_t) override { return ENOTSUP; } -- cgit v1.2.3