Fix potential overflows in validate_slice and validate_slice_mut, require memory to be userspace

src/syscall/validate.rs

@@ -5,10 +5,13 @@ use paging::entry::EntryFlags;
 use syscall::error::*;
 
 fn validate(address: usize, size: usize, flags: EntryFlags) -> Result<()> {
+    let end_offset = size.checked_sub(1).ok_or(Error::new(EFAULT))?;
+    let end_address = address.checked_add(end_offset).ok_or(Error::new(EFAULT))?;
+
     let active_table = unsafe { ActivePageTable::new() };
 
     let start_page = Page::containing_address(VirtualAddress::new(address));
-    let end_page = Page::containing_address(VirtualAddress::new(address + size - 1));
+    let end_page = Page::containing_address(VirtualAddress::new(end_address));
     for page in Page::range_inclusive(start_page, end_page) {
         if let Some(page_flags) = active_table.translate_page_flags(page) {
             if ! page_flags.contains(flags) {
@@ -29,7 +32,7 @@ pub fn validate_slice<T>(ptr: *const T, len: usize) -> Result<&'static [T]> {
     if len == 0 {
         Ok(&[])
     } else {
-        validate(ptr as usize, len * mem::size_of::<T>(), EntryFlags::PRESENT /* TODO | EntryFlags::USER_ACCESSIBLE */)?;
+        validate(ptr as usize, len * mem::size_of::<T>(), EntryFlags::PRESENT | EntryFlags::USER_ACCESSIBLE)?;
         Ok(unsafe { slice::from_raw_parts(ptr, len) })
     }
 }
@@ -39,7 +42,7 @@ pub fn validate_slice_mut<T>(ptr: *mut T, len: usize) -> Result<&'static mut [T]
     if len == 0 {
         Ok(&mut [])
     } else {
-        validate(ptr as usize, len * mem::size_of::<T>(), EntryFlags::PRESENT | EntryFlags::WRITABLE /* TODO | EntryFlags::USER_ACCESSIBLE */)?;
+        validate(ptr as usize, len * mem::size_of::<T>(), EntryFlags::PRESENT | EntryFlags::WRITABLE | EntryFlags::USER_ACCESSIBLE)?;
         Ok(unsafe { slice::from_raw_parts_mut(ptr, len) })
     }
 }