From 262a066c8cebb35273c19135ba27170029ad40a2 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Tue, 22 Mar 2022 14:16:02 -0700 Subject: [PATCH] kern: enforce maximum secure region size --- .../source/board/nintendo/nx/kern_k_system_control.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libraries/libmesosphere/source/board/nintendo/nx/kern_k_system_control.cpp b/libraries/libmesosphere/source/board/nintendo/nx/kern_k_system_control.cpp index dffea6f2f..de5355915 100644 --- a/libraries/libmesosphere/source/board/nintendo/nx/kern_k_system_control.cpp +++ b/libraries/libmesosphere/source/board/nintendo/nx/kern_k_system_control.cpp @@ -23,6 +23,8 @@ namespace ams::kern::board::nintendo::nx { constexpr size_t SecureAlignment = 128_KB; + constexpr size_t SecureSizeMax = util::AlignDown(512_MB - 1, SecureAlignment); + /* Global variables for panic. */ constinit bool g_call_smc_on_panic; @@ -191,6 +193,11 @@ namespace ams::kern::board::nintendo::nx { } bool SetSecureRegion(KPhysicalAddress phys_addr, size_t size) { + /* Ensure size is valid. */ + if (size > SecureSizeMax) { + return false; + } + /* Ensure address and size are aligned. */ if (!util::IsAligned(GetInteger(phys_addr), SecureAlignment)) { return false;