[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 01/14] linux-user/mmap.c: check range of mremap result in target a
From: |
Laurent Vivier |
Subject: |
[PULL 01/14] linux-user/mmap.c: check range of mremap result in target address space |
Date: |
Fri, 18 Dec 2020 11:23:54 +0100 |
From: Tobias Koch <tobias.koch@nonterra.com>
If mremap succeeds, an additional check is performed to ensure that the
new address range fits into the target address space. This check was
previously perfomed in host address space, with the upper bound fixed to
abi_ulong.
This patch replaces the static check with a call to `guest_range_valid`,
performing the range check against the actual size of the target address
space. It also moves the corresponding block to prevent it from being
called incorrectly when the mapping itself fails.
Signed-off-by: Tobias Koch <tobias.koch@nonterra.com>
Message-Id: <20201028213833.26592-1-tobias.koch@nonterra.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/mmap.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 00c05e6a0f19..810653c50357 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -767,20 +767,23 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong
old_size,
}
if (prot == 0) {
host_addr = mremap(g2h(old_addr), old_size, new_size, flags);
- if (host_addr != MAP_FAILED && reserved_va && old_size > new_size)
{
- mmap_reserve(old_addr + old_size, old_size - new_size);
+
+ if (host_addr != MAP_FAILED) {
+ /* Check if address fits target address space */
+ if (!guest_range_valid(h2g(host_addr), new_size)) {
+ /* Revert mremap() changes */
+ host_addr = mremap(g2h(old_addr), new_size, old_size,
+ flags);
+ errno = ENOMEM;
+ host_addr = MAP_FAILED;
+ } else if (reserved_va && old_size > new_size) {
+ mmap_reserve(old_addr + old_size, old_size - new_size);
+ }
}
} else {
errno = ENOMEM;
host_addr = MAP_FAILED;
}
- /* Check if address fits target address space */
- if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
- /* Revert mremap() changes */
- host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
- errno = ENOMEM;
- host_addr = MAP_FAILED;
- }
}
if (host_addr == MAP_FAILED) {
--
2.29.2
- [PULL 00/14] Linux user for 6.0 patches, Laurent Vivier, 2020/12/18
- [PULL 01/14] linux-user/mmap.c: check range of mremap result in target address space,
Laurent Vivier <=
- [PULL 04/14] linux-user/elfload: Introduce MIPS GET_FEATURE_REG_SET() macro, Laurent Vivier, 2020/12/18
- [PULL 02/14] linux-user/elfload: Move GET_FEATURE macro out of get_elf_hwcap() body, Laurent Vivier, 2020/12/18
- [PULL 05/14] linux-user/elfload: Introduce MIPS GET_FEATURE_REG_EQU() macro, Laurent Vivier, 2020/12/18
- [PULL 10/14] linux-user: Add most IFTUN ioctls, Laurent Vivier, 2020/12/18
- [PULL 03/14] linux-user/elfload: Rename MIPS GET_FEATURE() as GET_FEATURE_INSN(), Laurent Vivier, 2020/12/18
- [PULL 09/14] linux-user: Implement copy_file_range, Laurent Vivier, 2020/12/18
- [PULL 06/14] linux-user/elfload: Update HWCAP bits from linux 5.7, Laurent Vivier, 2020/12/18
- [PULL 11/14] linux-user/sparc: Correct sparc64_get/set_context() FPU handling, Laurent Vivier, 2020/12/18
- [PULL 12/14] linux-user/sparc: Remove unneeded checks of 'err' from sparc64_get_context(), Laurent Vivier, 2020/12/18
- [PULL 14/14] linux-user/sparc: Handle tstate in sparc64_get/set_context(), Laurent Vivier, 2020/12/18