From bbe6b4650ad9522886e2292acc1c800b39a4def6 Mon Sep 17 00:00:00 2001 From: 4lDO2 <4lDO2@protonmail.com> Date: Thu, 8 Jul 2021 16:08:02 +0200 Subject: [PATCH] Futex: check for lower-half addrs manually. --- rmm | 2 +- src/syscall/futex.rs | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/rmm b/rmm index b75c329..6bc59e7 160000 --- a/rmm +++ b/rmm @@ -1 +1 @@ -Subproject commit b75c329a273d194e313bc36a1ceab5362fd5f8e2 +Subproject commit 6bc59e70131135984a41216c45e4dc3a6395a30a diff --git a/src/syscall/futex.rs b/src/syscall/futex.rs index a130e12..2600b2e 100644 --- a/src/syscall/futex.rs +++ b/src/syscall/futex.rs @@ -48,7 +48,13 @@ pub fn futex(addr: usize, op: usize, val: usize, val2: usize, addr2: usize) -> R let active_table = ActivePageTable::new(TableKind::User); let virtual_address = VirtualAddress::new(addr); - if !crate::CurrentRmmArch::virt_is_valid(virtual_address) || crate::CurrentRmmArch::virt_kind(virtual_address) == TableKind::Kernel { + if !crate::CurrentRmmArch::virt_is_valid(virtual_address) { + return Err(Error::new(EFAULT)); + } + // TODO: Use this all over the code, making sure that no user pointers that are higher half + // can get to the page table walking procedure. + #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] + if virtual_address.data() & (1 << 63) == (1 << 63) { return Err(Error::new(EFAULT)); } @@ -159,7 +165,13 @@ pub fn futex(addr: usize, op: usize, val: usize, val2: usize, addr2: usize) -> R let addr2_physaddr = unsafe { let addr2_virt = VirtualAddress::new(addr2); - if !crate::CurrentRmmArch::virt_is_valid(addr2_virt) || crate::CurrentRmmArch::virt_kind(addr2_virt) == TableKind::Kernel { + if !crate::CurrentRmmArch::virt_is_valid(addr2_virt) { + return Err(Error::new(EFAULT)); + } + + // TODO + #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] + if addr2_virt.data() & (1 << 63) == (1 << 63) { return Err(Error::new(EFAULT)); }