Skip to content
Permalink
Browse files Browse the repository at this point in the history
Kernel: User pointer validation should reject kernel-only addresses
We were happily allowing syscalls with pointers into kernel-only
regions (virtual address >= 0xc0000000).

This patch fixes that by only considering user regions in the current
process, and also double-checking the Region::is_user_accessible() flag
before approving an access.

Thanks to Fire30 for finding the bug! :^)
  • Loading branch information
awesomekling committed Dec 30, 2019
1 parent 25d7a7e commit 0fc24fe
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions Kernel/VM/MemoryManager.cpp
Expand Up @@ -592,14 +592,14 @@ bool MemoryManager::validate_user_stack(const Process& process, VirtualAddress v

bool MemoryManager::validate_user_read(const Process& process, VirtualAddress vaddr) const
{
auto* region = region_from_vaddr(process, vaddr);
return region && region->is_readable();
auto* region = user_region_from_vaddr(const_cast<Process&>(process), vaddr);
return region && region->is_user_accessible() && region->is_readable();
}

bool MemoryManager::validate_user_write(const Process& process, VirtualAddress vaddr) const
{
auto* region = region_from_vaddr(process, vaddr);
return region && region->is_writable();
auto* region = user_region_from_vaddr(const_cast<Process&>(process), vaddr);
return region && region->is_user_accessible() && region->is_writable();
}

void MemoryManager::register_vmobject(VMObject& vmobject)
Expand Down

0 comments on commit 0fc24fe

Please sign in to comment.