kern: add new overflow checks on KMemoryRegions

This commit is contained in:
Michael Scire 2020-12-01 17:14:23 -08:00 committed by SciresM
parent 748893fe77
commit 0a1465f198
8 changed files with 32 additions and 1 deletions

View file

@ -112,7 +112,9 @@ namespace ams::kern {
}
static ALWAYS_INLINE KVirtualAddress GetStackTopAddress(s32 core_id, KMemoryRegionType type) {
return Dereference(GetVirtualMemoryRegionTree().FindByTypeAndAttribute(type, static_cast<u32>(core_id))).GetEndAddress();
const auto &region = Dereference(GetVirtualMemoryRegionTree().FindByTypeAndAttribute(type, static_cast<u32>(core_id)));
MESOSPHERE_INIT_ABORT_UNLESS(region.GetEndAddress() != 0);
return region.GetEndAddress();
}
public:
static ALWAYS_INLINE KMemoryRegionTree &GetVirtualMemoryRegionTree() { return s_virtual_tree; }

View file

@ -93,6 +93,7 @@ namespace ams::kern {
}
constexpr ALWAYS_INLINE bool Contains(uintptr_t address) const {
MESOSPHERE_INIT_ABORT_UNLESS(this->GetEndAddress() != 0);
return this->GetAddress() <= address && address <= this->GetLastAddress();
}

View file

@ -182,6 +182,9 @@ namespace ams::kern::board::nintendo::nx {
const KMemoryRegion *region = KMemoryLayout::Find(KPhysicalAddress(address));
if (AMS_LIKELY(region != nullptr)) {
if (AMS_LIKELY(region->IsDerivedFrom(KMemoryRegionType_MemoryController))) {
/* Check the region is valid. */
MESOSPHERE_ABORT_UNLESS(region->GetEndAddress() != 0);
/* Get the offset within the region. */
const size_t offset = address - region->GetAddress();
MESOSPHERE_ABORT_UNLESS(offset < region->GetSize());
@ -210,6 +213,9 @@ namespace ams::kern::board::nintendo::nx {
region->IsDerivedFrom(KMemoryRegionType_MemoryController0) ||
region->IsDerivedFrom(KMemoryRegionType_MemoryController1))
{
/* Check the region is valid. */
MESOSPHERE_ABORT_UNLESS(region->GetEndAddress() != 0);
/* Get the offset within the region. */
const size_t offset = address - region->GetAddress();
MESOSPHERE_ABORT_UNLESS(offset < region->GetSize());
@ -449,6 +455,8 @@ namespace ams::kern::board::nintendo::nx {
/* Configure the Kernel Carveout region. */
{
const auto carveout = KMemoryLayout::GetCarveoutRegionExtents();
MESOSPHERE_ABORT_UNLESS(carveout.GetEndAddress() != 0);
smc::ConfigureCarveout(0, carveout.GetAddress(), carveout.GetSize());
}

View file

@ -55,6 +55,7 @@ namespace ams::kern {
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetPhysicalMemoryRegionTree().Insert(start, size, phys_type, attr));
const KMemoryRegion *phys = KMemoryLayout::GetPhysicalMemoryRegionTree().FindByTypeAndAttribute(phys_type, attr);
MESOSPHERE_INIT_ABORT_UNLESS(phys != nullptr);
MESOSPHERE_INIT_ABORT_UNLESS(phys->GetEndAddress() != 0);
MESOSPHERE_INIT_ABORT_UNLESS(KMemoryLayout::GetVirtualMemoryRegionTree().Insert(phys->GetPairAddress(), size, virt_type, attr));
}
@ -104,6 +105,7 @@ namespace ams::kern {
void SetupPoolPartitionMemoryRegions() {
/* Start by identifying the extents of the DRAM memory region. */
const auto dram_extents = KMemoryLayout::GetMainMemoryPhysicalExtents();
MESOSPHERE_INIT_ABORT_UNLESS(dram_extents.GetEndAddress() != 0);
/* Determine the end of the pool region. */
const uintptr_t pool_end = dram_extents.GetEndAddress() - KTraceBufferSize;

View file

@ -1807,6 +1807,9 @@ namespace ams::kern {
const KMemoryRegion *region = KMemoryLayout::GetPhysicalMemoryRegionTree().FindFirstDerived(region_type);
R_UNLESS(region != nullptr, svc::ResultOutOfRange());
/* Check that the region is valid. */
MESOSPHERE_ABORT_UNLESS(region->GetEndAddress() != 0);
/* Map the region. */
R_TRY_CATCH(this->MapStatic(region->GetAddress(), region->GetSize(), perm)) {
R_CONVERT(svc::ResultInvalidAddress, svc::ResultOutOfRange())

View file

@ -207,6 +207,7 @@ namespace ams::kern {
Result KThread::InitializeThread(KThread *thread, KThreadFunction func, uintptr_t arg, KProcessAddress user_stack_top, s32 prio, s32 core, KProcess *owner, ThreadType type) {
/* Get stack region for the thread. */
const auto &stack_region = KMemoryLayout::GetKernelStackRegion();
MESOSPHERE_ABORT_UNLESS(stack_region.GetEndAddress() != 0);
/* Allocate a page to use as the thread. */
KPageBuffer *page = KPageBuffer::Allocate();

View file

@ -52,6 +52,8 @@ namespace ams::kern {
/* Initialize the memory manager and the KPageBuffer slabheap. */
{
const auto &management_region = KMemoryLayout::GetPoolManagementRegion();
MESOSPHERE_ABORT_UNLESS(management_region.GetEndAddress() != 0);
Kernel::GetMemoryManager().Initialize(management_region.GetAddress(), management_region.GetSize());
init::InitializeKPageBufferSlabHeap();
}
@ -68,6 +70,8 @@ namespace ams::kern {
/* Initialize the Dynamic Slab Heaps. */
{
const auto &pt_heap_region = KMemoryLayout::GetPageTableHeapRegion();
MESOSPHERE_ABORT_UNLESS(pt_heap_region.GetEndAddress() != 0);
Kernel::InitializeResourceManagers(pt_heap_region.GetAddress(), pt_heap_region.GetSize());
}
}
@ -124,6 +128,13 @@ namespace ams::kern {
/* Resume all threads suspended while we initialized. */
KThread::ResumeThreadsSuspendedForInit();
/* Validate that all reserved dram blocks are valid. */
for (const auto &region : KMemoryLayout::GetPhysicalMemoryRegionTree()) {
if (region.IsDerivedFrom(KMemoryRegionType_DramReservedBase)) {
MESOSPHERE_ABORT_UNLESS(region.GetEndAddress() != 0);
}
}
}
cpu::SynchronizeAllCores();

View file

@ -92,6 +92,9 @@ namespace ams::kern::svc {
/* Ensure that we found the region. */
R_UNLESS(region != nullptr, svc::ResultNotFound());
/* Chcek that the region is valid. */
MESOSPHERE_ABORT_UNLESS(region->GetEndAddress() != 0);
R_TRY(pt.QueryStaticMapping(std::addressof(found_address), region->GetAddress(), region->GetSize()));
found_size = region->GetSize();
}