Validate FS.base before establishing it in the task's register set.

PiperOrigin-RevId: 208229341 Change-Id: I5d84bc52bbafa073446ef497e56958d0d7955aa8
author: Neel Natu <neelnatu@google.com> 2018-08-10 10:25:37 -0700
committer: Shentubot <shentubot@google.com> 2018-08-10 10:27:09 -0700
commit: d5b702b64f05a200ed94f0cd977d3f84dae01162 (patch)
tree: 73b6583194974df0a2b473c9a824091f3707a3b1 /pkg/sentry
parent: 0ac912f99e44e8e89985dd83ec946deadbfd8797 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_tls.go b/pkg/sentry/syscalls/linux/sys_tls.go
index 1047364b3..b95d62320 100644
--- a/pkg/sentry/syscalls/linux/sys_tls.go
+++ b/pkg/sentry/syscalls/linux/sys_tls.go
@@ -22,6 +22,7 @@ import (
 	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/usermem"
 )
 
 // ArchPrctl implements linux syscall arch_prctl(2).
@@ -36,9 +37,13 @@ func ArchPrctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
 		}
 
 	case linux.ARCH_SET_FS:
+		fsbase := args[1].Uint64()
+		if _, ok := t.MemoryManager().CheckIORange(usermem.Addr(fsbase), 0); !ok {
+			return 0, nil, syscall.EPERM
+		}
 		regs := &t.Arch().StateData().Regs
 		regs.Fs = 0
-		regs.Fs_base = args[1].Uint64()
+		regs.Fs_base = fsbase
 
 	default:
 		return 0, nil, syscall.EINVAL
author	Neel Natu <neelnatu@google.com>	2018-08-10 10:25:37 -0700
committer	Shentubot <shentubot@google.com>	2018-08-10 10:27:09 -0700
commit	d5b702b64f05a200ed94f0cd977d3f84dae01162 (patch)
tree	73b6583194974df0a2b473c9a824091f3707a3b1 /pkg/sentry
parent	0ac912f99e44e8e89985dd83ec946deadbfd8797 (diff)