From bf8d582c115e29c5c89a65d70309d5f75fca4512 Mon Sep 17 00:00:00 2001
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Wed, 21 Jun 2023 13:56:38 +0300
Subject: proc: Fix pointer truncation in get_string_array

Due to little-endianness of x86, this resulted in a 64-bit pointers that
pointed to the lower 4 GB of the address space being treated as a 32-bit
pointer followed by NULL, which manifested as only the first program arg
(the argv[0]) being visible in ps output. When a pointer pointed outside
of the lower 4 GB, this resulted in both halves being treated as invalid
pointers, causing proc_getprocargs () to fail with KERN_INVALID_ADDRESS,
which manifested as ps displaying COMMAND for the affected process as ?.

Found by placing all memory above the 4 GB limit, which made it apparent
that something about fetching process command lines is seriously broken.

Before:

    USER   PID  PPID TTY     TIME COMMAND
       0     1     1   -  0:00.00 /hurd/init
       0     2     1   -  0:00.05 /hurd/startup
       0     3     2   ?  0:02.80 ?
       0     4     2   ?  0:00.00 /hurd/proc
       0     5     2   -  0:00.08 ?
       0     6     5   -  0:00.02 ?
       0     7     2   -  0:00.00 /hurd/auth
       0     9     1   -  0:00.01 /hurd/term
       0    13     1   -  0:00.11 /hurd/mach-defpager
       0    15     1   -  0:00.00 /bin/bash
       0    16     5   -  0:00.00 /hurd/pflocal
       0    18    15   -  0:00.00 /bin/sh
       0    20    18   -  0:00.00 ps-hurd

After:

    USER   PID  PPID TTY     TIME COMMAND
       0     1     1   -  0:00.01 /hurd/init -a
       0     2     1   -  0:00.03 /hurd/startup --kernel-task=1 console=com0
       0     3     2   ?  0:01.36 gnumach --kernel-task=1 console=com0
       0     4     2   ?  0:00.00 /hurd/proc --kernel-task=1
       0     5     2   -  0:00.06 ext2fs --multiboot-command-line=console=com0
       0     6     5   -  0:00.00 /hurd/exec --device-master-port=1
       0     7     2   -  0:00.02 /hurd/auth
       0     9     1   -  0:00.00 /hurd/term /dev/console device console
       0    13     1   -  0:00.09 /hurd/mach-defpager
       0    15     1   -  0:00.00 /bin/bash /usr/libexec/runsystem.hurd
       0    16     5   -  0:00.00 /hurd/pflocal
       0    18    15   -  0:00.00 /bin/sh
       0    19    18   -  0:00.01 ps-hurd -ef
Message-Id: <20230621105638.1045306-1-bugaevc@gmail.com>
---
 proc/info.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'proc')

diff --git a/proc/info.c b/proc/info.c
index d84fdd45..2d85662d 100644
--- a/proc/info.c
+++ b/proc/info.c
@@ -274,7 +274,7 @@ get_string (task_t t,
 static error_t
 get_vector (task_t task,
 	    vm_address_t addr,
-	    int **vec)
+	    vm_address_t **vec)
 {
   vm_address_t readaddr;
   vm_size_t readsize;
@@ -332,7 +332,7 @@ get_string_array (task_t t,
 		  mach_msg_type_number_t *buflen)
 {
   char *bp;
-  int *vector, *vp;
+  vm_address_t *vector, *vp;
   error_t err;
   vm_address_t origbuf = *buf;
 
-- 
cgit v1.2.3