2 files changed, 81 insertions, 12 deletions
diff --git a/src/core/hle/kernel/errors.h b/src/core/hle/kernel/errors.h
index e5fa67ae8..885259618 100644
--- a/src/core/hle/kernel/errors.h
+++ b/src/core/hle/kernel/errors.h
@@ -22,6 +22,7 @@ enum {
    HandleTableFull = 105,
    InvalidMemoryState = 106,
    InvalidMemoryPermissions = 108,
+    InvalidMemoryRange = 110,
    InvalidThreadPriority = 112,
    InvalidProcessorId = 113,
    InvalidHandle = 114,
@@ -56,6 +57,7 @@ constexpr ResultCode ERR_INVALID_ADDRESS(ErrorModule::Kernel, ErrCodes::InvalidA
 constexpr ResultCode ERR_INVALID_ADDRESS_STATE(ErrorModule::Kernel, ErrCodes::InvalidMemoryState);
 constexpr ResultCode ERR_INVALID_MEMORY_PERMISSIONS(ErrorModule::Kernel,
                                                    ErrCodes::InvalidMemoryPermissions);
+constexpr ResultCode ERR_INVALID_MEMORY_RANGE(ErrorModule::Kernel, ErrCodes::InvalidMemoryRange);
 constexpr ResultCode ERR_INVALID_HANDLE(ErrorModule::Kernel, ErrCodes::InvalidHandle);
 constexpr ResultCode ERR_INVALID_PROCESSOR_ID(ErrorModule::Kernel, ErrCodes::InvalidProcessorId);
 constexpr ResultCode ERR_INVALID_SIZE(ErrorModule::Kernel, ErrCodes::InvalidSize);
diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp
index 3afcce3fe..3e4dd61dc 100644
--- a/src/core/hle/kernel/svc.cpp
+++ b/src/core/hle/kernel/svc.cpp
@@ -39,6 +39,73 @@ namespace {
 constexpr bool Is4KBAligned(VAddr address) {
    return (address & 0xFFF) == 0;
 }
+// Checks if address + size is greater than the given address
+// This can return false if the size causes an overflow of a 64-bit type
+// or if the given size is zero.
+constexpr bool IsValidAddressRange(VAddr address, u64 size) {
+    return address + size > address;
+}
+// Checks if a given address range lies within a larger address range.
+constexpr bool IsInsideAddressRange(VAddr address, u64 size, VAddr address_range_begin,
+                                    VAddr address_range_end) {
+    const VAddr end_address = address + size - 1;
+    return address_range_begin <= address && end_address <= address_range_end - 1;
+}
+bool IsInsideAddressSpace(const VMManager& vm, VAddr address, u64 size) {
+    return IsInsideAddressRange(address, size, vm.GetAddressSpaceBaseAddress(),
+                                vm.GetAddressSpaceEndAddress());
+}
+bool IsInsideNewMapRegion(const VMManager& vm, VAddr address, u64 size) {
+    return IsInsideAddressRange(address, size, vm.GetNewMapRegionBaseAddress(),
+                                vm.GetNewMapRegionEndAddress());
+}
+// Helper function that performs the common sanity checks for svcMapMemory
+// and svcUnmapMemory. This is doable, as both functions perform their sanitizing
+// in the same order.
+ResultCode MapUnmapMemorySanityChecks(const VMManager& vm_manager, VAddr dst_addr, VAddr src_addr,
+                                      u64 size) {
+    if (!Is4KBAligned(dst_addr) || !Is4KBAligned(src_addr)) {
+        return ERR_INVALID_ADDRESS;
+    }
+    if (size == 0 || !Is4KBAligned(size)) {
+        return ERR_INVALID_SIZE;
+    }
+    if (!IsValidAddressRange(dst_addr, size)) {
+        return ERR_INVALID_ADDRESS_STATE;
+    }
+    if (!IsValidAddressRange(src_addr, size)) {
+        return ERR_INVALID_ADDRESS_STATE;
+    }
+    if (!IsInsideAddressSpace(vm_manager, src_addr, size)) {
+        return ERR_INVALID_ADDRESS_STATE;
+    }
+    if (!IsInsideNewMapRegion(vm_manager, dst_addr, size)) {
+        return ERR_INVALID_MEMORY_RANGE;
+    }
+    const VAddr dst_end_address = dst_addr + size;
+    if (dst_end_address > vm_manager.GetHeapRegionBaseAddress() &&
+        dst_addr < vm_manager.GetHeapRegionEndAddress()) {
+        return ERR_INVALID_MEMORY_RANGE;
+    }
+    if (dst_end_address > vm_manager.GetNewMapRegionBaseAddress() &&
+        dst_addr < vm_manager.GetMapRegionEndAddress()) {
+        return ERR_INVALID_MEMORY_RANGE;
+    }
+    return RESULT_SUCCESS;
+}
 } // Anonymous namespace
 /// Set the process heap to a given Size. It can both extend and shrink the heap.
@@ -69,15 +136,15 @@ static ResultCode MapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
    LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
              src_addr, size);
-    if (!Is4KBAligned(dst_addr) || !Is4KBAligned(src_addr)) {
+    auto* const current_process = Core::CurrentProcess();
-        return ERR_INVALID_ADDRESS;
+    const auto& vm_manager = current_process->VMManager();
-    }
-    if (size == 0 || !Is4KBAligned(size)) {
+    const auto result = MapUnmapMemorySanityChecks(vm_manager, dst_addr, src_addr, size);
-        return ERR_INVALID_SIZE;
+    if (result != RESULT_SUCCESS) {
+        return result;
    }
-    return Core::CurrentProcess()->MirrorMemory(dst_addr, src_addr, size);
+    return current_process->MirrorMemory(dst_addr, src_addr, size);
 }
 /// Unmaps a region that was previously mapped with svcMapMemory
@@ -85,15 +152,15 @@ static ResultCode UnmapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
    LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
              src_addr, size);
-    if (!Is4KBAligned(dst_addr) || !Is4KBAligned(src_addr)) {
+    auto* const current_process = Core::CurrentProcess();
-        return ERR_INVALID_ADDRESS;
+    const auto& vm_manager = current_process->VMManager();
-    }
-    if (size == 0 || !Is4KBAligned(size)) {
+    const auto result = MapUnmapMemorySanityChecks(vm_manager, dst_addr, src_addr, size);
-        return ERR_INVALID_SIZE;
+    if (result != RESULT_SUCCESS) {
+        return result;
    }
-    return Core::CurrentProcess()->UnmapMemory(dst_addr, src_addr, size);
+    return current_process->UnmapMemory(dst_addr, src_addr, size);
 }
 /// Connect to an OS service given the port name, returns the handle to the port to out

diff --git a/src/core/hle/kernel/errors.h b/src/core/hle/kernel/errors.h index e5fa67ae8..885259618 100644 --- a/src/core/hle/kernel/errors.h +++ b/src/core/hle/kernel/errors.h
@@ -22,6 +22,7 @@ enum {
22	HandleTableFull = 105,	22	HandleTableFull = 105,
23	InvalidMemoryState = 106,	23	InvalidMemoryState = 106,
24	InvalidMemoryPermissions = 108,	24	InvalidMemoryPermissions = 108,
		25	InvalidMemoryRange = 110,
25	InvalidThreadPriority = 112,	26	InvalidThreadPriority = 112,
26	InvalidProcessorId = 113,	27	InvalidProcessorId = 113,
27	InvalidHandle = 114,	28	InvalidHandle = 114,
@@ -56,6 +57,7 @@ constexpr ResultCode ERR_INVALID_ADDRESS(ErrorModule::Kernel, ErrCodes::InvalidA
56	constexpr ResultCode ERR_INVALID_ADDRESS_STATE(ErrorModule::Kernel, ErrCodes::InvalidMemoryState);	57	constexpr ResultCode ERR_INVALID_ADDRESS_STATE(ErrorModule::Kernel, ErrCodes::InvalidMemoryState);
57	constexpr ResultCode ERR_INVALID_MEMORY_PERMISSIONS(ErrorModule::Kernel,	58	constexpr ResultCode ERR_INVALID_MEMORY_PERMISSIONS(ErrorModule::Kernel,
58	ErrCodes::InvalidMemoryPermissions);	59	ErrCodes::InvalidMemoryPermissions);
		60	constexpr ResultCode ERR_INVALID_MEMORY_RANGE(ErrorModule::Kernel, ErrCodes::InvalidMemoryRange);
59	constexpr ResultCode ERR_INVALID_HANDLE(ErrorModule::Kernel, ErrCodes::InvalidHandle);	61	constexpr ResultCode ERR_INVALID_HANDLE(ErrorModule::Kernel, ErrCodes::InvalidHandle);
60	constexpr ResultCode ERR_INVALID_PROCESSOR_ID(ErrorModule::Kernel, ErrCodes::InvalidProcessorId);	62	constexpr ResultCode ERR_INVALID_PROCESSOR_ID(ErrorModule::Kernel, ErrCodes::InvalidProcessorId);
61	constexpr ResultCode ERR_INVALID_SIZE(ErrorModule::Kernel, ErrCodes::InvalidSize);	63	constexpr ResultCode ERR_INVALID_SIZE(ErrorModule::Kernel, ErrCodes::InvalidSize);


diff --git a/src/core/hle/kernel/svc.cpp b/src/core/hle/kernel/svc.cpp index 3afcce3fe..3e4dd61dc 100644 --- a/src/core/hle/kernel/svc.cpp +++ b/src/core/hle/kernel/svc.cpp
@@ -39,6 +39,73 @@ namespace {
39	constexpr bool Is4KBAligned(VAddr address) {	39	constexpr bool Is4KBAligned(VAddr address) {
40	return (address & 0xFFF) == 0;	40	return (address & 0xFFF) == 0;
41	}	41	}
		42
		43	// Checks if address + size is greater than the given address
		44	// This can return false if the size causes an overflow of a 64-bit type
		45	// or if the given size is zero.
		46	constexpr bool IsValidAddressRange(VAddr address, u64 size) {
		47	return address + size > address;
		48	}
		49
		50	// Checks if a given address range lies within a larger address range.
		51	constexpr bool IsInsideAddressRange(VAddr address, u64 size, VAddr address_range_begin,
		52	VAddr address_range_end) {
		53	const VAddr end_address = address + size - 1;
		54	return address_range_begin <= address && end_address <= address_range_end - 1;
		55	}
		56
		57	bool IsInsideAddressSpace(const VMManager& vm, VAddr address, u64 size) {
		58	return IsInsideAddressRange(address, size, vm.GetAddressSpaceBaseAddress(),
		59	vm.GetAddressSpaceEndAddress());
		60	}
		61
		62	bool IsInsideNewMapRegion(const VMManager& vm, VAddr address, u64 size) {
		63	return IsInsideAddressRange(address, size, vm.GetNewMapRegionBaseAddress(),
		64	vm.GetNewMapRegionEndAddress());
		65	}
		66
		67	// Helper function that performs the common sanity checks for svcMapMemory
		68	// and svcUnmapMemory. This is doable, as both functions perform their sanitizing
		69	// in the same order.
		70	ResultCode MapUnmapMemorySanityChecks(const VMManager& vm_manager, VAddr dst_addr, VAddr src_addr,
		71	u64 size) {
		72	if (!Is4KBAligned(dst_addr) \|\| !Is4KBAligned(src_addr)) {
		73	return ERR_INVALID_ADDRESS;
		74	}
		75
		76	if (size == 0 \|\| !Is4KBAligned(size)) {
		77	return ERR_INVALID_SIZE;
		78	}
		79
		80	if (!IsValidAddressRange(dst_addr, size)) {
		81	return ERR_INVALID_ADDRESS_STATE;
		82	}
		83
		84	if (!IsValidAddressRange(src_addr, size)) {
		85	return ERR_INVALID_ADDRESS_STATE;
		86	}
		87
		88	if (!IsInsideAddressSpace(vm_manager, src_addr, size)) {
		89	return ERR_INVALID_ADDRESS_STATE;
		90	}
		91
		92	if (!IsInsideNewMapRegion(vm_manager, dst_addr, size)) {
		93	return ERR_INVALID_MEMORY_RANGE;
		94	}
		95
		96	const VAddr dst_end_address = dst_addr + size;
		97	if (dst_end_address > vm_manager.GetHeapRegionBaseAddress() &&
		98	dst_addr < vm_manager.GetHeapRegionEndAddress()) {
		99	return ERR_INVALID_MEMORY_RANGE;
		100	}
		101
		102	if (dst_end_address > vm_manager.GetNewMapRegionBaseAddress() &&
		103	dst_addr < vm_manager.GetMapRegionEndAddress()) {
		104	return ERR_INVALID_MEMORY_RANGE;
		105	}
		106
		107	return RESULT_SUCCESS;
		108	}
42	} // Anonymous namespace	109	} // Anonymous namespace
43		110
44	/// Set the process heap to a given Size. It can both extend and shrink the heap.	111	/// Set the process heap to a given Size. It can both extend and shrink the heap.
@@ -69,15 +136,15 @@ static ResultCode MapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
69	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,	136	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
70	src_addr, size);	137	src_addr, size);
71		138
72	if (!Is4KBAligned(dst_addr) \|\| !Is4KBAligned(src_addr)) {	139	auto* const current_process = Core::CurrentProcess();
73	return ERR_INVALID_ADDRESS;	140	const auto& vm_manager = current_process->VMManager();
74	}
75		141
76	if (size == 0 \|\| !Is4KBAligned(size)) {	142	const auto result = MapUnmapMemorySanityChecks(vm_manager, dst_addr, src_addr, size);
77	return ERR_INVALID_SIZE;	143	if (result != RESULT_SUCCESS) {
		144	return result;
78	}	145	}
79		146
80	return Core::CurrentProcess()->MirrorMemory(dst_addr, src_addr, size);	147	return current_process->MirrorMemory(dst_addr, src_addr, size);
81	}	148	}
82		149
83	/// Unmaps a region that was previously mapped with svcMapMemory	150	/// Unmaps a region that was previously mapped with svcMapMemory
@@ -85,15 +152,15 @@ static ResultCode UnmapMemory(VAddr dst_addr, VAddr src_addr, u64 size) {
85	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,	152	LOG_TRACE(Kernel_SVC, "called, dst_addr=0x{:X}, src_addr=0x{:X}, size=0x{:X}", dst_addr,
86	src_addr, size);	153	src_addr, size);
87		154
88	if (!Is4KBAligned(dst_addr) \|\| !Is4KBAligned(src_addr)) {	155	auto* const current_process = Core::CurrentProcess();
89	return ERR_INVALID_ADDRESS;	156	const auto& vm_manager = current_process->VMManager();
90	}
91		157
92	if (size == 0 \|\| !Is4KBAligned(size)) {	158	const auto result = MapUnmapMemorySanityChecks(vm_manager, dst_addr, src_addr, size);
93	return ERR_INVALID_SIZE;	159	if (result != RESULT_SUCCESS) {
		160	return result;
94	}	161	}
95		162
96	return Core::CurrentProcess()->UnmapMemory(dst_addr, src_addr, size);	163	return current_process->UnmapMemory(dst_addr, src_addr, size);
97	}	164	}
98		165
99	/// Connect to an OS service given the port name, returns the handle to the port to out	166	/// Connect to an OS service given the port name, returns the handle to the port to out