mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 21:57:35 +00:00
Kernel: Round up ranges to page size multiples in munmap and mprotect
This prevents passing bad inputs to RangeAllocator who then asserts. Found by fuzz-syscalls. :^)
This commit is contained in:
parent
e1dbf74f15
commit
7551090056
2 changed files with 18 additions and 10 deletions
|
@ -160,7 +160,7 @@ void* Process::sys$mmap(Userspace<const Syscall::SC_mmap_params*> user_params)
|
|||
if (alignment & ~PAGE_MASK)
|
||||
return (void*)-EINVAL;
|
||||
|
||||
if (!is_user_range(VirtualAddress(addr), size))
|
||||
if (!is_user_range(VirtualAddress(addr), PAGE_ROUND_UP(size)))
|
||||
return (void*)-EFAULT;
|
||||
|
||||
String name;
|
||||
|
@ -272,14 +272,14 @@ int Process::sys$mprotect(void* addr, size_t size, int prot)
|
|||
REQUIRE_PROMISE(prot_exec);
|
||||
}
|
||||
|
||||
if (!size)
|
||||
Range range_to_mprotect = { VirtualAddress(addr), PAGE_ROUND_UP(size) };
|
||||
|
||||
if (!range_to_mprotect.size())
|
||||
return -EINVAL;
|
||||
|
||||
if (!is_user_range(VirtualAddress(addr), size))
|
||||
if (!is_user_range(range_to_mprotect))
|
||||
return -EFAULT;
|
||||
|
||||
Range range_to_mprotect = { VirtualAddress(addr), size };
|
||||
|
||||
if (auto* whole_region = space().find_region_from_range(range_to_mprotect)) {
|
||||
if (!whole_region->is_mmap())
|
||||
return -EPERM;
|
||||
|
@ -343,13 +343,15 @@ int Process::sys$madvise(void* address, size_t size, int advice)
|
|||
{
|
||||
REQUIRE_PROMISE(stdio);
|
||||
|
||||
if (!size)
|
||||
Range range_to_madvise { VirtualAddress(address), PAGE_ROUND_UP(size) };
|
||||
|
||||
if (!range_to_madvise.size())
|
||||
return -EINVAL;
|
||||
|
||||
if (!is_user_range(VirtualAddress(address), size))
|
||||
if (!is_user_range(range_to_madvise))
|
||||
return -EFAULT;
|
||||
|
||||
auto* region = space().find_region_from_range({ VirtualAddress(address), size });
|
||||
auto* region = space().find_region_from_range(range_to_madvise);
|
||||
if (!region)
|
||||
return -EINVAL;
|
||||
if (!region->is_mmap())
|
||||
|
@ -413,10 +415,11 @@ int Process::sys$munmap(void* addr, size_t size)
|
|||
if (!size)
|
||||
return -EINVAL;
|
||||
|
||||
if (!is_user_range(VirtualAddress(addr), size))
|
||||
Range range_to_unmap { VirtualAddress(addr), PAGE_ROUND_UP(size) };
|
||||
|
||||
if (!is_user_range(range_to_unmap))
|
||||
return -EFAULT;
|
||||
|
||||
Range range_to_unmap { VirtualAddress(addr), size };
|
||||
if (auto* whole_region = space().find_region_from_range(range_to_unmap)) {
|
||||
if (!whole_region->is_mmap())
|
||||
return -EPERM;
|
||||
|
|
|
@ -265,6 +265,11 @@ inline bool is_user_range(VirtualAddress vaddr, size_t size)
|
|||
return is_user_address(vaddr) && is_user_address(vaddr.offset(size));
|
||||
}
|
||||
|
||||
inline bool is_user_range(const Range& range)
|
||||
{
|
||||
return is_user_range(range.base(), range.size());
|
||||
}
|
||||
|
||||
inline bool PhysicalPage::is_shared_zero_page() const
|
||||
{
|
||||
return this == &MM.shared_zero_page();
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue