diff options
author | bunnei <bunneidev@gmail.com> | 2018-10-20 04:58:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-20 04:58:57 +0200 |
commit | 60317e630619ff5942fcb4b16cf1b3a0b2791cc2 (patch) | |
tree | 5fb63e418bc7af69c9d06f7fc4ae3980e7d60aee /src | |
parent | Merge pull request #1517 from bunnei/dma (diff) | |
parent | svc: Add missing sanitizing checks for MapSharedMemory/UnmapSharedMemory (diff) | |
download | yuzu-60317e630619ff5942fcb4b16cf1b3a0b2791cc2.tar yuzu-60317e630619ff5942fcb4b16cf1b3a0b2791cc2.tar.gz yuzu-60317e630619ff5942fcb4b16cf1b3a0b2791cc2.tar.bz2 yuzu-60317e630619ff5942fcb4b16cf1b3a0b2791cc2.tar.lz yuzu-60317e630619ff5942fcb4b16cf1b3a0b2791cc2.tar.xz yuzu-60317e630619ff5942fcb4b16cf1b3a0b2791cc2.tar.zst yuzu-60317e630619ff5942fcb4b16cf1b3a0b2791cc2.zip |
Diffstat (limited to 'src')
-rw-r--r-- | src/core/hle/kernel/svc.cpp | 30 | ||||
-rw-r--r-- | src/core/hle/kernel/vm_manager.cpp | 20 | ||||
-rw-r--r-- | src/core/hle/kernel/vm_manager.h | 3 |
3 files changed, 50 insertions, 3 deletions
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp index d3c9d50b5..3b8a2e230 100644 --- a/src/core/hle/kernel/svc.cpp +++ b/src/core/hle/kernel/svc.cpp @@ -584,6 +584,10 @@ static ResultCode MapSharedMemory(Handle shared_memory_handle, VAddr addr, u64 s return ERR_INVALID_SIZE; } + if (!IsValidAddressRange(addr, size)) { + return ERR_INVALID_ADDRESS_STATE; + } + const auto permissions_type = static_cast<MemoryPermission>(permissions); if (permissions_type != MemoryPermission::Read && permissions_type != MemoryPermission::ReadWrite) { @@ -597,8 +601,14 @@ static ResultCode MapSharedMemory(Handle shared_memory_handle, VAddr addr, u64 s return ERR_INVALID_HANDLE; } - return shared_memory->Map(Core::CurrentProcess(), addr, permissions_type, - MemoryPermission::DontCare); + auto* const current_process = Core::CurrentProcess(); + const auto& vm_manager = current_process->VMManager(); + + if (!vm_manager.IsWithinASLRRegion(addr, size)) { + return ERR_INVALID_MEMORY_RANGE; + } + + return shared_memory->Map(current_process, addr, permissions_type, MemoryPermission::DontCare); } static ResultCode UnmapSharedMemory(Handle shared_memory_handle, VAddr addr, u64 size) { @@ -613,10 +623,24 @@ static ResultCode UnmapSharedMemory(Handle shared_memory_handle, VAddr addr, u64 return ERR_INVALID_SIZE; } + if (!IsValidAddressRange(addr, size)) { + return ERR_INVALID_ADDRESS_STATE; + } + auto& kernel = Core::System::GetInstance().Kernel(); auto shared_memory = kernel.HandleTable().Get<SharedMemory>(shared_memory_handle); + if (!shared_memory) { + return ERR_INVALID_HANDLE; + } + + auto* const current_process = Core::CurrentProcess(); + const auto& vm_manager = current_process->VMManager(); + + if (!vm_manager.IsWithinASLRRegion(addr, size)) { + return ERR_INVALID_MEMORY_RANGE; + } - return shared_memory->Unmap(Core::CurrentProcess(), addr); + return shared_memory->Unmap(current_process, addr); } /// Query process memory diff --git a/src/core/hle/kernel/vm_manager.cpp b/src/core/hle/kernel/vm_manager.cpp index 1e28ccbda..e1a34eef1 100644 --- a/src/core/hle/kernel/vm_manager.cpp +++ b/src/core/hle/kernel/vm_manager.cpp @@ -507,6 +507,26 @@ u64 VMManager::GetASLRRegionSize() const { return aslr_region_end - aslr_region_base; } +bool VMManager::IsWithinASLRRegion(VAddr begin, u64 size) const { + const VAddr range_end = begin + size; + const VAddr aslr_start = GetASLRRegionBaseAddress(); + const VAddr aslr_end = GetASLRRegionEndAddress(); + + if (aslr_start > begin || begin > range_end || range_end - 1 > aslr_end - 1) { + return false; + } + + if (range_end > heap_region_base && heap_region_end > begin) { + return false; + } + + if (range_end > map_region_base && map_region_end > begin) { + return false; + } + + return true; +} + VAddr VMManager::GetCodeRegionBaseAddress() const { return code_region_base; } diff --git a/src/core/hle/kernel/vm_manager.h b/src/core/hle/kernel/vm_manager.h index 4accde6b3..84c890224 100644 --- a/src/core/hle/kernel/vm_manager.h +++ b/src/core/hle/kernel/vm_manager.h @@ -211,6 +211,9 @@ public: /// Gets the end address of the ASLR region. VAddr GetASLRRegionEndAddress() const; + /// Determines whether or not the specified address range is within the ASLR region. + bool IsWithinASLRRegion(VAddr address, u64 size) const; + /// Gets the size of the ASLR region u64 GetASLRRegionSize() const; |