Validate FS_BASE in Task.Clone

arch_prctl already verified that the new FS_BASE was canonical, but
Task.Clone did not. Centralize these checks in the arch packages.

Failure to validate could cause an error in PTRACE_SET_REGS when we try
to switch to the app.

PiperOrigin-RevId: 224862398
Change-Id: Iefe63b3f9aa6c4810326b8936e501be3ec407f14

1 files changed, 3 insertions, 6 deletions

diff --git a/pkg/sentry/syscalls/linux/sys_tls.go b/pkg/sentry/syscalls/linux/sys_tls.go
index 40e84825b..8ea78093b 100644
--- a/pkg/sentry/syscalls/linux/sys_tls.go
+++ b/pkg/sentry/syscalls/linux/sys_tls.go
@@ -22,7 +22,6 @@ import (
 	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/usermem"
 )
 
 // ArchPrctl implements linux syscall arch_prctl(2).
@@ -31,19 +30,17 @@ func ArchPrctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
 	switch args[0].Int() {
 	case linux.ARCH_GET_FS:
 		addr := args[1].Pointer()
-		_, err := t.CopyOut(addr, &t.Arch().StateData().Regs.Fs_base)
+		fsbase := t.Arch().TLS()
+		_, err := t.CopyOut(addr, uint64(fsbase))
 		if err != nil {
 			return 0, nil, err
 		}
 
 	case linux.ARCH_SET_FS:
 		fsbase := args[1].Uint64()
-		if _, ok := t.MemoryManager().CheckIORange(usermem.Addr(fsbase), 0); !ok {
+		if !t.Arch().SetTLS(uintptr(fsbase)) {
 			return 0, nil, syscall.EPERM
 		}
-		regs := &t.Arch().StateData().Regs
-		regs.Fs = 0
-		regs.Fs_base = fsbase
 
 	case linux.ARCH_GET_GS, linux.ARCH_SET_GS:
 		t.Kernel().EmitUnimplementedEvent(t)