From da6aef9fff2da278a47394493520228b3b30299b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guilherme=20Gon=C3=A7alves?= Date: Wed, 22 Dec 2021 10:42:27 -0300 Subject: [PATCH] Kernel: Make msync return EINVAL when regions are too large As a small cleanup, this also makes `page_round_up` verify its precondition with `page_round_up_would_wrap` (which callers are expected to call), rather than having its own logic. Fixes #11297. --- Kernel/Memory/MemoryManager.h | 6 ++---- Kernel/Syscalls/mmap.cpp | 4 ++++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Kernel/Memory/MemoryManager.h b/Kernel/Memory/MemoryManager.h index d4c32beb2f..da11268c0f 100644 --- a/Kernel/Memory/MemoryManager.h +++ b/Kernel/Memory/MemoryManager.h @@ -31,10 +31,8 @@ constexpr bool page_round_up_would_wrap(FlatPtr x) constexpr FlatPtr page_round_up(FlatPtr x) { - FlatPtr rounded = (((FlatPtr)(x)) + PAGE_SIZE - 1) & (~(PAGE_SIZE - 1)); - // Rounding up >0xfffff000 wraps back to 0. That's never what we want. - VERIFY(x == 0 || rounded != 0); - return rounded; + VERIFY(!page_round_up_would_wrap(x)); + return (((FlatPtr)(x)) + PAGE_SIZE - 1) & (~(PAGE_SIZE - 1)); } constexpr FlatPtr page_round_down(FlatPtr x) diff --git a/Kernel/Syscalls/mmap.cpp b/Kernel/Syscalls/mmap.cpp index f67e83d2b3..be32f65ea6 100644 --- a/Kernel/Syscalls/mmap.cpp +++ b/Kernel/Syscalls/mmap.cpp @@ -587,6 +587,10 @@ ErrorOr Process::sys$msync(Userspace address, size_t size, int f if (address.ptr() % PAGE_SIZE != 0) return EINVAL; + if (Memory::page_round_up_would_wrap(size)) { + return EINVAL; + } + // Note: This is not specified size = Memory::page_round_up(size);