zhenxing
/
zCore
forked from rcore-os/zCore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Reject invalid bits in vmoptions

This commit is contained in:
Ben Pig Chu 2020-09-12 00:20:09 +08:00
parent bf26f0cf59
commit a98aa368e8
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
zircon-syscall/src/vmar.rs
View File

@ -35,9 +35,12 @@ impl Syscall<'_> {
let proc = self.thread.proc(); let proc = self.thread.proc();
let parent = proc.get_object_with_rights::<VmAddressRegion>(parent_vmar, perm_rights)?; let parent = proc.get_object_with_rights::<VmAddressRegion>(parent_vmar, perm_rights)?;
if vm_options.intersects(VmOptions::PERM_RXW | VmOptions::MAP_RANGE) {
return Err(ZxError::INVALID_ARGS);
}
// get vmar_flags // get vmar_flags
let vmar_flags = vm_options.to_flags(); let vmar_flags = vm_options.to_flags();
if vmar_flags.contains( if vmar_flags.intersects(
!(VmarFlags::SPECIFIC !(VmarFlags::SPECIFIC
| VmarFlags::CAN_MAP_SPECIFIC | VmarFlags::CAN_MAP_SPECIFIC
| VmarFlags::COMPACT | VmarFlags::COMPACT
@ -100,7 +103,9 @@ impl Syscall<'_> {
if !vmo_rights.contains(Rights::MAP) { if !vmo_rights.contains(Rights::MAP) {
return Err(ZxError::ACCESS_DENIED); return Err(ZxError::ACCESS_DENIED);
}; };
if options.contains(VmOptions::CAN_MAP_RXW) { if options
.intersects(VmOptions::CAN_MAP_RXW | VmOptions::CAN_MAP_SPECIFIC | VmOptions::COMPACT)
{
return Err(ZxError::INVALID_ARGS); return Err(ZxError::INVALID_ARGS);
} }
if options.contains(VmOptions::REQUIRE_NON_RESIZABLE) && vmo.is_resizable() { if options.contains(VmOptions::REQUIRE_NON_RESIZABLE) && vmo.is_resizable() {
@ -196,13 +201,16 @@ impl Syscall<'_> {
); );
let proc = self.thread.proc(); let proc = self.thread.proc();
let vmar = proc.get_object_with_rights::<VmAddressRegion>(handle_value, rights)?; let vmar = proc.get_object_with_rights::<VmAddressRegion>(handle_value, rights)?;
if options.intersects(!VmOptions::PERM_RXW) {
return Err(ZxError::INVALID_ARGS);
}
let mut mapping_flags = MMUFlags::empty(); let mut mapping_flags = MMUFlags::empty();
mapping_flags.set(MMUFlags::READ, options.contains(VmOptions::PERM_READ)); mapping_flags.set(MMUFlags::READ, options.contains(VmOptions::PERM_READ));
mapping_flags.set(MMUFlags::WRITE, options.contains(VmOptions::PERM_WRITE)); mapping_flags.set(MMUFlags::WRITE, options.contains(VmOptions::PERM_WRITE));
mapping_flags.set(MMUFlags::EXECUTE, options.contains(VmOptions::PERM_EXECUTE)); mapping_flags.set(MMUFlags::EXECUTE, options.contains(VmOptions::PERM_EXECUTE));
let len = roundup_pages(len as usize); let len = roundup_pages(len as usize);
if len == 0usize { if len == 0 {
return Err(ZxError::INVALID_ARGS); return Err(ZxError::INVALID_ARGS);
} }
vmar.protect(addr as usize, len, mapping_flags)?; vmar.protect(addr as usize, len, mapping_flags)?;
@ -239,6 +247,7 @@ bitflags! {
const REQUIRE_NON_RESIZABLE = 1 << 11; const REQUIRE_NON_RESIZABLE = 1 << 11;
const ALLOW_FAULTS = 1 << 12; const ALLOW_FAULTS = 1 << 12;
const CAN_MAP_RXW = Self::CAN_MAP_READ.bits | Self::CAN_MAP_EXECUTE.bits | Self::CAN_MAP_WRITE.bits; const CAN_MAP_RXW = Self::CAN_MAP_READ.bits | Self::CAN_MAP_EXECUTE.bits | Self::CAN_MAP_WRITE.bits;
const PERM_RXW = Self::PERM_READ.bits | Self::PERM_WRITE.bits | Self::PERM_EXECUTE.bits;
} }
} }