diff options
| author |  Lioncash | 2018-09-13 21:04:43 -0400 |
|---|---|---|
| committer | Lioncash | 2018-09-13 23:07:27 -0400 |
| commit | 4f8756edd06d76af33208047a5ed9b776132d97a (patch) | |
| tree | 11ef5693f5d6ed3e1c040ffe2ee1b0981f07314c /src | |
| parent | kernel/svc: Sanitize addresses, permissions, and sizes within svcMapSharedMem... (diff) | |
| download | yuzu-4f8756edd06d76af33208047a5ed9b776132d97a.tar.gz yuzu-4f8756edd06d76af33208047a5ed9b776132d97a.tar.xz yuzu-4f8756edd06d76af33208047a5ed9b776132d97a.zip | |
kernel/svc: Sanitize creation of shared memory via svcCreateSharedMemory()
The kernel caps the size limit of shared memory to 8589930496 bytes (or
(1GB - 512 bytes) * 8), so approximately 8GB, where every GB has a 512
byte sector taken off of it.
It also ensures the shared memory is created with either read or
read/write permissions for both permission types passed in, allowing the
remote permissions to also be set as "don't care".
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/hle/kernel/svc.cpp | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp index d19182639..4529002ba 100644 --- a/src/core/hle/kernel/svc.cpp +++ b/src/core/hle/kernel/svc.cpp | |||
| @@ -935,12 +935,28 @@ static ResultCode CreateSharedMemory(Handle* handle, u64 size, u32 local_permiss | |||
| 935 | LOG_TRACE(Kernel_SVC, "called, size=0x{:X}, localPerms=0x{:08X}, remotePerms=0x{:08X}", size, | 935 | LOG_TRACE(Kernel_SVC, "called, size=0x{:X}, localPerms=0x{:08X}, remotePerms=0x{:08X}", size, |
| 936 | local_permissions, remote_permissions); | 936 | local_permissions, remote_permissions); |
| 937 | 937 | ||
| 938 | // Size must be a multiple of 4KB and be less than or equal to | ||
| 939 | // approx. 8 GB (actually (1GB - 512B) * 8) | ||
| 940 | if (size == 0 || (size & 0xFFFFFFFE00000FFF) != 0) { | ||
| 941 | return ERR_INVALID_SIZE; | ||
| 942 | } | ||
| 943 | |||
| 944 | const auto local_perms = static_cast<MemoryPermission>(local_permissions); | ||
| 945 | if (local_perms != MemoryPermission::Read && local_perms != MemoryPermission::ReadWrite) { | ||
| 946 | return ERR_INVALID_MEMORY_PERMISSIONS; | ||
| 947 | } | ||
| 948 | |||
| 949 | const auto remote_perms = static_cast<MemoryPermission>(remote_permissions); | ||
| 950 | if (remote_perms != MemoryPermission::Read && remote_perms != MemoryPermission::ReadWrite && | ||
| 951 | remote_perms != MemoryPermission::DontCare) { | ||
| 952 | return ERR_INVALID_MEMORY_PERMISSIONS; | ||
| 953 | } | ||
| 954 | |||
| 938 | auto& kernel = Core::System::GetInstance().Kernel(); | 955 | auto& kernel = Core::System::GetInstance().Kernel(); |
| 939 | auto& handle_table = kernel.HandleTable(); | 956 | auto& handle_table = kernel.HandleTable(); |
| 940 | auto shared_mem_handle = | 957 | auto shared_mem_handle = |
| 941 | SharedMemory::Create(kernel, handle_table.Get<Process>(KernelHandle::CurrentProcess), size, | 958 | SharedMemory::Create(kernel, handle_table.Get<Process>(KernelHandle::CurrentProcess), size, |
| 942 | static_cast<MemoryPermission>(local_permissions), | 959 | local_perms, remote_perms); |
| 943 | static_cast<MemoryPermission>(remote_permissions)); | ||
| 944 | 960 | ||
| 945 | CASCADE_RESULT(*handle, handle_table.Create(shared_mem_handle)); | 961 | CASCADE_RESULT(*handle, handle_table.Create(shared_mem_handle)); |
| 946 | return RESULT_SUCCESS; | 962 | return RESULT_SUCCESS; |