kernel/svc: Sanitize addresses and sizes within svcMapMemory() and svcUnmapMemory()

The kernel checks if the addresses and given size is 4KB aligned before continuing onwards to map the memory.
author: Lioncash 2018-09-13 19:14:50 -0400
committer: Lioncash 2018-09-13 21:34:54 -0400
commit: 496c67fd730cd27ed1a6ce087d224bd2b736ad4b (patch)
tree: cc0ef852762ae9a01ac83634b890db951428200c /src/core/hle/kernel/svc.cpp
parent: kernel/svc: Sanitize heap sizes within svcSetHeapSize() (diff)
download: yuzu-496c67fd730cd27ed1a6ce087d224bd2b736ad4b.tar.gz
yuzu-496c67fd730cd27ed1a6ce087d224bd2b736ad4b.tar.xz
yuzu-496c67fd730cd27ed1a6ce087d224bd2b736ad4b.zip
1 files changed, 23 insertions, 0 deletions
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp
index a3d169e46..3eb77812e 100644
--- a/src/core/hle/kernel/svc.cpp
+++ b/src/core/hle/kernel/svc.cpp
@@ -35,6 +35,11 @@
 #include "core/hle/service/service.h"
 namespace Kernel {
+namespace {
+constexpr bool Is4KBAligned(VAddr address) {
+    return (address & 0xFFF) == 0;
+}
+} // Anonymous namespace
 /// Set the process heap to a given Size. It can both extend and shrink the heap.
 static ResultCode SetHeapSize(VAddr* heap_addr, u64 heap_size) {
@@ -62,6 +67,15 @@ static ResultCode SetMemoryAttribute(VAddr addr, u64 size, u32 state0, u32 state
 static ResultCode MapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
    LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
              src_addr, size);
+    if (!Is4KBAligned(dst_addr) || !Is4KBAligned(src_addr)) {
+        return ERR_INVALID_ADDRESS;
+    }
+    if (size == 0 || !Is4KBAligned(size)) {
+        return ERR_INVALID_SIZE;
+    }
    return Core::CurrentProcess()->MirrorMemory(dst_addr, src_addr, size);
 }
@@ -69,6 +83,15 @@ static ResultCode MapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
 static ResultCode UnmapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
    LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
              src_addr, size);
+    if (!Is4KBAligned(dst_addr) || !Is4KBAligned(src_addr)) {
+        return ERR_INVALID_ADDRESS;
+    }
+    if (size == 0 || !Is4KBAligned(size)) {
+        return ERR_INVALID_SIZE;
+    }
    return Core::CurrentProcess()->UnmapMemory(dst_addr, src_addr, size);
 }
author	Lioncash	2018-09-13 19:14:50 -0400
committer	Lioncash	2018-09-13 21:34:54 -0400
commit	496c67fd730cd27ed1a6ce087d224bd2b736ad4b (patch)
tree	cc0ef852762ae9a01ac83634b890db951428200c /src/core/hle/kernel/svc.cpp
parent	kernel/svc: Sanitize heap sizes within svcSetHeapSize() (diff)
download	yuzu-496c67fd730cd27ed1a6ce087d224bd2b736ad4b.tar.gz yuzu-496c67fd730cd27ed1a6ce087d224bd2b736ad4b.tar.xz yuzu-496c67fd730cd27ed1a6ce087d224bd2b736ad4b.zip

diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp index a3d169e46..3eb77812e 100644 --- a/src/core/hle/kernel/svc.cpp +++ b/src/core/hle/kernel/svc.cpp
@@ -35,6 +35,11 @@
35	#include "core/hle/service/service.h"	35	#include "core/hle/service/service.h"
36		36
37	namespace Kernel {	37	namespace Kernel {
		38	namespace {
		39	constexpr bool Is4KBAligned(VAddr address) {
		40	return (address & 0xFFF) == 0;
		41	}
		42	} // Anonymous namespace
38		43
39	/// Set the process heap to a given Size. It can both extend and shrink the heap.	44	/// Set the process heap to a given Size. It can both extend and shrink the heap.
40	static ResultCode SetHeapSize(VAddr* heap_addr, u64 heap_size) {	45	static ResultCode SetHeapSize(VAddr* heap_addr, u64 heap_size) {
@@ -62,6 +67,15 @@ static ResultCode SetMemoryAttribute(VAddr addr, u64 size, u32 state0, u32 state
62	static ResultCode MapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {	67	static ResultCode MapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
63	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,	68	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
64	src_addr, size);	69	src_addr, size);
		70
		71	if (!Is4KBAligned(dst_addr) \|\| !Is4KBAligned(src_addr)) {
		72	return ERR_INVALID_ADDRESS;
		73	}
		74
		75	if (size == 0 \|\| !Is4KBAligned(size)) {
		76	return ERR_INVALID_SIZE;
		77	}
		78
65	return Core::CurrentProcess()->MirrorMemory(dst_addr, src_addr, size);	79	return Core::CurrentProcess()->MirrorMemory(dst_addr, src_addr, size);
66	}	80	}
67		81
@@ -69,6 +83,15 @@ static ResultCode MapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
69	static ResultCode UnmapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {	83	static ResultCode UnmapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
70	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,	84	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
71	src_addr, size);	85	src_addr, size);
		86
		87	if (!Is4KBAligned(dst_addr) \|\| !Is4KBAligned(src_addr)) {
		88	return ERR_INVALID_ADDRESS;
		89	}
		90
		91	if (size == 0 \|\| !Is4KBAligned(size)) {
		92	return ERR_INVALID_SIZE;
		93	}
		94
72	return Core::CurrentProcess()->UnmapMemory(dst_addr, src_addr, size);	95	return Core::CurrentProcess()->UnmapMemory(dst_addr, src_addr, size);
73	}	96	}
74		97