kernel/svc: Properly sanitize mutex address in WaitProcessWideKeyAtomic

We need to be checking whether or not the given address is within the kernel address space or if the given address isn't word-aligned and bail in these scenarios instead of trashing any kernel state.
author: Lioncash 2019-04-03 20:23:14 -0400
committer: Lioncash 2019-04-03 20:25:41 -0400
commit: c39c8e69824af03799b0903f218eac81eba80751 (patch)
tree: d9402176960660adfd5f206146b05541a22b7c5a /src/core/hle/kernel/svc.cpp
parent: Merge pull request #2302 from ReinUsesLisp/vk-swapchain (diff)
download: yuzu-c39c8e69824af03799b0903f218eac81eba80751.tar.gz
yuzu-c39c8e69824af03799b0903f218eac81eba80751.tar.xz
yuzu-c39c8e69824af03799b0903f218eac81eba80751.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp
index ab10db3df..2fd07ab34 100644
--- a/src/core/hle/kernel/svc.cpp
+++ b/src/core/hle/kernel/svc.cpp
@@ -1339,6 +1339,20 @@ static ResultCode WaitProcessWideKeyAtomic(VAddr mutex_addr, VAddr condition_var
        "called mutex_addr={:X}, condition_variable_addr={:X}, thread_handle=0x{:08X}, timeout={}",
        mutex_addr, condition_variable_addr, thread_handle, nano_seconds);
+    if (Memory::IsKernelVirtualAddress(mutex_addr)) {
+        LOG_ERROR(
+            Kernel_SVC,
+            "Given mutex address must not be within the kernel address space. address=0x{:016X}",
+            mutex_addr);
+        return ERR_INVALID_ADDRESS_STATE;
+    }
+    if (!Common::IsWordAligned(mutex_addr)) {
+        LOG_ERROR(Kernel_SVC, "Given mutex address must be word-aligned. address=0x{:016X}",
+                  mutex_addr);
+        return ERR_INVALID_ADDRESS;
+    }
    auto* const current_process = Core::System::GetInstance().Kernel().CurrentProcess();
    const auto& handle_table = current_process->GetHandleTable();
    SharedPtr<Thread> thread = handle_table.Get<Thread>(thread_handle);
author	Lioncash	2019-04-03 20:23:14 -0400
committer	Lioncash	2019-04-03 20:25:41 -0400
commit	c39c8e69824af03799b0903f218eac81eba80751 (patch)
tree	d9402176960660adfd5f206146b05541a22b7c5a /src/core/hle/kernel/svc.cpp
parent	Merge pull request #2302 from ReinUsesLisp/vk-swapchain (diff)
download	yuzu-c39c8e69824af03799b0903f218eac81eba80751.tar.gz yuzu-c39c8e69824af03799b0903f218eac81eba80751.tar.xz yuzu-c39c8e69824af03799b0903f218eac81eba80751.zip

diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp index ab10db3df..2fd07ab34 100644 --- a/src/core/hle/kernel/svc.cpp +++ b/src/core/hle/kernel/svc.cpp
@@ -1339,6 +1339,20 @@ static ResultCode WaitProcessWideKeyAtomic(VAddr mutex_addr, VAddr condition_var
1339	"called mutex_addr={:X}, condition_variable_addr={:X}, thread_handle=0x{:08X}, timeout={}",	1339	"called mutex_addr={:X}, condition_variable_addr={:X}, thread_handle=0x{:08X}, timeout={}",
1340	mutex_addr, condition_variable_addr, thread_handle, nano_seconds);	1340	mutex_addr, condition_variable_addr, thread_handle, nano_seconds);
1341		1341
		1342	if (Memory::IsKernelVirtualAddress(mutex_addr)) {
		1343	LOG_ERROR(
		1344	Kernel_SVC,
		1345	"Given mutex address must not be within the kernel address space. address=0x{:016X}",
		1346	mutex_addr);
		1347	return ERR_INVALID_ADDRESS_STATE;
		1348	}
		1349
		1350	if (!Common::IsWordAligned(mutex_addr)) {
		1351	LOG_ERROR(Kernel_SVC, "Given mutex address must be word-aligned. address=0x{:016X}",
		1352	mutex_addr);
		1353	return ERR_INVALID_ADDRESS;
		1354	}
		1355
1342	auto* const current_process = Core::System::GetInstance().Kernel().CurrentProcess();	1356	auto* const current_process = Core::System::GetInstance().Kernel().CurrentProcess();
1343	const auto& handle_table = current_process->GetHandleTable();	1357	const auto& handle_table = current_process->GetHandleTable();
1344	SharedPtr<Thread> thread = handle_table.Get<Thread>(thread_handle);	1358	SharedPtr<Thread> thread = handle_table.Get<Thread>(thread_handle);