Validate FS_BASE in Task.Clone

arch_prctl already verified that the new FS_BASE was canonical, but Task.Clone did not. Centralize these checks in the arch packages. Failure to validate could cause an error in PTRACE_SET_REGS when we try to switch to the app. PiperOrigin-RevId: 224862398 Change-Id: Iefe63b3f9aa6c4810326b8936e501be3ec407f14
author: Michael Pratt <mpratt@google.com> 2018-12-10 12:36:27 -0800
committer: Shentubot <shentubot@google.com> 2018-12-10 12:37:16 -0800
commit: 99d595869332f817de8f570fae184658c513a43c (patch)
tree: 0e1309f278df51d47a4059ab9c1ef5c3b37f14ca /pkg/sentry/kernel
parent: 25b8424d754bd659a0f976f82f7c8846dc2a194f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/sentry/kernel/task_clone.go b/pkg/sentry/kernel/task_clone.go
index 755fe0370..b66fa34a9 100644
--- a/pkg/sentry/kernel/task_clone.go
+++ b/pkg/sentry/kernel/task_clone.go
@@ -210,7 +210,9 @@ func (t *Task) Clone(opts *CloneOptions) (ThreadID, *SyscallControl, error) {
 		tc.Arch.SetStack(uintptr(opts.Stack))
 	}
 	if opts.SetTLS {
-		tc.Arch.StateData().Regs.Fs_base = uint64(opts.TLS)
+		if !tc.Arch.SetTLS(uintptr(opts.TLS)) {
+			return 0, nil, syserror.EPERM
+		}
 	}
 
 	var fsc *FSContext
author	Michael Pratt <mpratt@google.com>	2018-12-10 12:36:27 -0800
committer	Shentubot <shentubot@google.com>	2018-12-10 12:37:16 -0800
commit	99d595869332f817de8f570fae184658c513a43c (patch)
tree	0e1309f278df51d47a4059ab9c1ef5c3b37f14ca /pkg/sentry/kernel
parent	25b8424d754bd659a0f976f82f7c8846dc2a194f (diff)