mirror of
https://github.com/RGBCube/serenity
synced 2025-07-23 06:37:40 +00:00
Kernel: Reject non-user address ranges in mmap/munmap/mprotect/madvise
There's no valid reason to allow non-userspace address ranges in these system calls.
This commit is contained in:
parent
afd2b5a53e
commit
31d1c82621
1 changed files with 16 additions and 0 deletions
|
@ -332,6 +332,7 @@ Vector<Region*, 2> Process::split_region_around_range(const Region& source_regio
|
||||||
{
|
{
|
||||||
Range old_region_range = source_region.range();
|
Range old_region_range = source_region.range();
|
||||||
auto remaining_ranges_after_unmap = old_region_range.carve(desired_range);
|
auto remaining_ranges_after_unmap = old_region_range.carve(desired_range);
|
||||||
|
|
||||||
ASSERT(!remaining_ranges_after_unmap.is_empty());
|
ASSERT(!remaining_ranges_after_unmap.is_empty());
|
||||||
auto make_replacement_region = [&](const Range& new_range) -> Region& {
|
auto make_replacement_region = [&](const Range& new_range) -> Region& {
|
||||||
ASSERT(new_range.base() >= old_region_range.base());
|
ASSERT(new_range.base() >= old_region_range.base());
|
||||||
|
@ -361,6 +362,9 @@ void* Process::sys$mmap(const Syscall::SC_mmap_params* user_params)
|
||||||
int fd = params.fd;
|
int fd = params.fd;
|
||||||
int offset = params.offset;
|
int offset = params.offset;
|
||||||
|
|
||||||
|
if (!is_user_range(VirtualAddress(addr), size))
|
||||||
|
return (void*)-EFAULT;
|
||||||
|
|
||||||
String name;
|
String name;
|
||||||
if (params.name.characters) {
|
if (params.name.characters) {
|
||||||
if (params.name.length > PATH_MAX)
|
if (params.name.length > PATH_MAX)
|
||||||
|
@ -453,6 +457,10 @@ void* Process::sys$mmap(const Syscall::SC_mmap_params* user_params)
|
||||||
int Process::sys$munmap(void* addr, size_t size)
|
int Process::sys$munmap(void* addr, size_t size)
|
||||||
{
|
{
|
||||||
REQUIRE_PROMISE(stdio);
|
REQUIRE_PROMISE(stdio);
|
||||||
|
|
||||||
|
if (!is_user_range(VirtualAddress(addr), size))
|
||||||
|
return -EFAULT;
|
||||||
|
|
||||||
Range range_to_unmap { VirtualAddress(addr), size };
|
Range range_to_unmap { VirtualAddress(addr), size };
|
||||||
if (auto* whole_region = region_from_range(range_to_unmap)) {
|
if (auto* whole_region = region_from_range(range_to_unmap)) {
|
||||||
if (!whole_region->is_mmap())
|
if (!whole_region->is_mmap())
|
||||||
|
@ -490,6 +498,10 @@ int Process::sys$munmap(void* addr, size_t size)
|
||||||
int Process::sys$mprotect(void* addr, size_t size, int prot)
|
int Process::sys$mprotect(void* addr, size_t size, int prot)
|
||||||
{
|
{
|
||||||
REQUIRE_PROMISE(stdio);
|
REQUIRE_PROMISE(stdio);
|
||||||
|
|
||||||
|
if (!is_user_range(VirtualAddress(addr), size))
|
||||||
|
return -EFAULT;
|
||||||
|
|
||||||
Range range_to_mprotect = { VirtualAddress(addr), size };
|
Range range_to_mprotect = { VirtualAddress(addr), size };
|
||||||
|
|
||||||
if (auto* whole_region = region_from_range(range_to_mprotect)) {
|
if (auto* whole_region = region_from_range(range_to_mprotect)) {
|
||||||
|
@ -553,6 +565,10 @@ int Process::sys$mprotect(void* addr, size_t size, int prot)
|
||||||
int Process::sys$madvise(void* address, size_t size, int advice)
|
int Process::sys$madvise(void* address, size_t size, int advice)
|
||||||
{
|
{
|
||||||
REQUIRE_PROMISE(stdio);
|
REQUIRE_PROMISE(stdio);
|
||||||
|
|
||||||
|
if (!is_user_range(VirtualAddress(address), size))
|
||||||
|
return -EFAULT;
|
||||||
|
|
||||||
auto* region = region_from_range({ VirtualAddress(address), size });
|
auto* region = region_from_range({ VirtualAddress(address), size });
|
||||||
if (!region)
|
if (!region)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue