apio/Luna
1
1
Fork 0
Code Issues Pull Requests Actions Projects Releases 8 Wiki Activity

Revert "mprotect(): Validate the entire range to protect is in userspace memory"

Browse Source 
This reverts commit 4ef764e62e.
This commit is contained in:
apio 2023-01-08 15:41:53 +01:00
parent 401a807551
commit 49d1e4f011
Signed by: apio
GPG Key ID: B8A7D06E42258954
2 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
kernel/src/memory/Memory.cpp
View File

@ -45,10 +45,10 @@ uint64_t Memory::get_usable()
bool Memory::is_kernel_address(uintptr_t address) bool Memory::is_kernel_address(uintptr_t address)
{ {
return address >= 0xffff800000000000; return address >= 0xfffffffff8000000;
} }
bool Memory::is_user_address(uintptr_t address) bool Memory::is_user_address(uintptr_t address)
{ {
return address && address < 0x00007fffffffffff; return address && address < 0xfffffffff8000000;
} }

21
kernel/src/sys/mem.cpp
View File

@ -55,9 +55,9 @@ void sys_mmap(Context* context, void* address, size_t size, int prot, int fd, of
if (address) if (address)
{ {
kdbgln("mmap(): %ld pages at address %p, %s, fd %d", size / PAGE_SIZE, address, format_prot(prot), fd); kdbgln("mmap(): %ld pages at address %p, %s, fd %d", size / PAGE_SIZE, address, format_prot(prot), fd);
if (!Memory::is_user_address((uintptr_t)address)) if (Memory::is_kernel_address((uintptr_t)address))
{ {
kwarnln("mmap() failed: attempted to map a non-user page"); kwarnln("munmap() failed: attempted to unmap a kernel page");
context->rax = MAP_FAIL(ENOMEM); context->rax = MAP_FAIL(ENOMEM);
return; return;
} }
@ -153,9 +153,9 @@ void sys_munmap(Context* context, void* address, size_t size)
context->rax = -EINVAL; context->rax = -EINVAL;
return; return;
} }
if (!Memory::is_user_address((uintptr_t)address)) if (Memory::is_kernel_address((uintptr_t)address))
{ {
kwarnln("munmap() failed: attempted to unmap a non-user page"); kwarnln("munmap() failed: attempted to unmap a kernel page");
context->rax = -EINVAL; context->rax = -EINVAL;
return; return;
} }
@ -202,19 +202,12 @@ void sys_mprotect(Context* context, void* address, size_t size, int prot)
context->rax = -EINVAL; context->rax = -EINVAL;
return; return;
} }
if (!Memory::is_user_address((uintptr_t)address)) if (Memory::is_kernel_address((uintptr_t)address))
{ {
kwarnln("mprotect() failed: attempted to protect a non-user page"); kwarnln("mprotect() failed: attempted to protect a kernel page");
context->rax = -EINVAL; context->rax = -EINVAL;
return; return;
} }
// FIXME: Check for overflow when adding address + size.
if (!Memory::is_user_address((uintptr_t)address + size))
{
kwarnln("mprotect() failed: end of given range is out of user memory");
context->rax = -EINVAL;
return;
}
uint64_t flags = VMM::get_flags((uint64_t)address); uint64_t flags = VMM::get_flags((uint64_t)address);
if (flags == (uint64_t)-1) if (flags == (uint64_t)-1)
{ {
@ -230,4 +223,4 @@ void sys_mprotect(Context* context, void* address, size_t size, int prot)
kdbgln("mprotect() succeeded"); kdbgln("mprotect() succeeded");
context->rax = 0; context->rax = 0;
return; return;
} }