RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-23 06:37:40 +00:00
Code Issues Activity Actions

Kernel: Reject non-user address ranges in mmap/munmap/mprotect/madvise

Browse source 
There's no valid reason to allow non-userspace address ranges in these
system calls.
This commit is contained in:
Andreas Kling 2020-01-30 21:46:45 +01:00
parent afd2b5a53e
commit 31d1c82621
1 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Kernel/Process.cpp
View file

@ -332,6 +332,7 @@ Vector<Region*, 2> Process::split_region_around_range(const Region& source_regio
{ {
Range old_region_range = source_region.range(); Range old_region_range = source_region.range();
auto remaining_ranges_after_unmap = old_region_range.carve(desired_range); auto remaining_ranges_after_unmap = old_region_range.carve(desired_range);
ASSERT(!remaining_ranges_after_unmap.is_empty()); ASSERT(!remaining_ranges_after_unmap.is_empty());
auto make_replacement_region = [&](const Range& new_range) -> Region& { auto make_replacement_region = [&](const Range& new_range) -> Region& {
ASSERT(new_range.base() >= old_region_range.base()); ASSERT(new_range.base() >= old_region_range.base());
@ -361,6 +362,9 @@ void* Process::sys$mmap(const Syscall::SC_mmap_params* user_params)
int fd = params.fd; int fd = params.fd;
int offset = params.offset; int offset = params.offset;
if (!is_user_range(VirtualAddress(addr), size))
return (void*)-EFAULT;
String name; String name;
if (params.name.characters) { if (params.name.characters) {
if (params.name.length > PATH_MAX) if (params.name.length > PATH_MAX)
@ -453,6 +457,10 @@ void* Process::sys$mmap(const Syscall::SC_mmap_params* user_params)
int Process::sys$munmap(void* addr, size_t size) int Process::sys$munmap(void* addr, size_t size)
{ {
REQUIRE_PROMISE(stdio); REQUIRE_PROMISE(stdio);
if (!is_user_range(VirtualAddress(addr), size))
return -EFAULT;
Range range_to_unmap { VirtualAddress(addr), size }; Range range_to_unmap { VirtualAddress(addr), size };
if (auto* whole_region = region_from_range(range_to_unmap)) { if (auto* whole_region = region_from_range(range_to_unmap)) {
if (!whole_region->is_mmap()) if (!whole_region->is_mmap())
@ -490,6 +498,10 @@ int Process::sys$munmap(void* addr, size_t size)
int Process::sys$mprotect(void* addr, size_t size, int prot) int Process::sys$mprotect(void* addr, size_t size, int prot)
{ {
REQUIRE_PROMISE(stdio); REQUIRE_PROMISE(stdio);
if (!is_user_range(VirtualAddress(addr), size))
return -EFAULT;
Range range_to_mprotect = { VirtualAddress(addr), size }; Range range_to_mprotect = { VirtualAddress(addr), size };
if (auto* whole_region = region_from_range(range_to_mprotect)) { if (auto* whole_region = region_from_range(range_to_mprotect)) {
@ -553,6 +565,10 @@ int Process::sys$mprotect(void* addr, size_t size, int prot)
int Process::sys$madvise(void* address, size_t size, int advice) int Process::sys$madvise(void* address, size_t size, int advice)
{ {
REQUIRE_PROMISE(stdio); REQUIRE_PROMISE(stdio);
if (!is_user_range(VirtualAddress(address), size))
return -EFAULT;
auto* region = region_from_range({ VirtualAddress(address), size }); auto* region = region_from_range({ VirtualAddress(address), size });
if (!region) if (!region)
return -EINVAL; return -EINVAL;