summaryrefslogtreecommitdiffhomepage
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/abi/linux/mm.go1
-rw-r--r--pkg/sentry/memmap/memmap.go6
-rw-r--r--pkg/sentry/mm/vma.go46
-rw-r--r--pkg/sentry/syscalls/linux/sys_mmap.go14
4 files changed, 48 insertions, 19 deletions
diff --git a/pkg/abi/linux/mm.go b/pkg/abi/linux/mm.go
index 2263653cc..b48e1d18a 100644
--- a/pkg/abi/linux/mm.go
+++ b/pkg/abi/linux/mm.go
@@ -31,6 +31,7 @@ const (
MAP_PRIVATE = 1 << 1
MAP_FIXED = 1 << 4
MAP_ANONYMOUS = 1 << 5
+ MAP_32BIT = 1 << 6 // arch/x86/include/uapi/asm/mman.h
MAP_GROWSDOWN = 1 << 8
MAP_DENYWRITE = 1 << 11
MAP_EXECUTABLE = 1 << 12
diff --git a/pkg/sentry/memmap/memmap.go b/pkg/sentry/memmap/memmap.go
index 14fed55bc..72986cbb9 100644
--- a/pkg/sentry/memmap/memmap.go
+++ b/pkg/sentry/memmap/memmap.go
@@ -266,6 +266,12 @@ type MMapOpts struct {
// be replaced. If Unmap is true, Fixed must be true.
Unmap bool
+ // If Map32Bit is true, all addresses in the created mapping must fit in a
+ // 32-bit integer. (Note that the "end address" of the mapping, i.e. the
+ // address of the first byte *after* the mapping, need not fit in a 32-bit
+ // integer.) Map32Bit is ignored if Fixed is true.
+ Map32Bit bool
+
// Perms is the set of permissions to the applied to this mapping.
Perms usermem.AccessType
diff --git a/pkg/sentry/mm/vma.go b/pkg/sentry/mm/vma.go
index 61aaa3195..b81e861f1 100644
--- a/pkg/sentry/mm/vma.go
+++ b/pkg/sentry/mm/vma.go
@@ -34,9 +34,10 @@ func (mm *MemoryManager) createVMALocked(ctx context.Context, opts memmap.MMapOp
// Find a useable range.
addr, err := mm.findAvailableLocked(opts.Length, findAvailableOpts{
- Addr: opts.Addr,
- Fixed: opts.Fixed,
- Unmap: opts.Unmap,
+ Addr: opts.Addr,
+ Fixed: opts.Fixed,
+ Unmap: opts.Unmap,
+ Map32Bit: opts.Map32Bit,
})
if err != nil {
return vmaIterator{}, usermem.AddrRange{}, err
@@ -93,24 +94,40 @@ func (mm *MemoryManager) createVMALocked(ctx context.Context, opts memmap.MMapOp
}
type findAvailableOpts struct {
- // Addr is a suggested address. Addr must be page-aligned.
- Addr usermem.Addr
-
- // Fixed is true if only the suggested address is acceptable.
- Fixed bool
-
- // Unmap is true if existing vmas and guard pages may exist in the returned
- // range.
- Unmap bool
+ // These fields are equivalent to those in memmap.MMapOpts, except that:
+ //
+ // - Addr must be page-aligned.
+ //
+ // - Unmap allows existing guard pages in the returned range.
+
+ Addr usermem.Addr
+ Fixed bool
+ Unmap bool
+ Map32Bit bool
}
+// map32Start/End are the bounds to which MAP_32BIT mappings are constrained,
+// and are equivalent to Linux's MAP32_BASE and MAP32_MAX respectively.
+const (
+ map32Start = 0x40000000
+ map32End = 0x80000000
+)
+
// findAvailableLocked finds an allocatable range.
//
// Preconditions: mm.mappingMu must be locked.
func (mm *MemoryManager) findAvailableLocked(length uint64, opts findAvailableOpts) (usermem.Addr, error) {
+ if opts.Fixed {
+ opts.Map32Bit = false
+ }
+ allowedAR := mm.applicationAddrRange()
+ if opts.Map32Bit {
+ allowedAR = allowedAR.Intersect(usermem.AddrRange{map32Start, map32End})
+ }
+
// Does the provided suggestion work?
if ar, ok := opts.Addr.ToRange(length); ok {
- if mm.applicationAddrRange().IsSupersetOf(ar) {
+ if allowedAR.IsSupersetOf(ar) {
if opts.Unmap {
return ar.Start, nil
}
@@ -132,6 +149,9 @@ func (mm *MemoryManager) findAvailableLocked(length uint64, opts findAvailableOp
alignment = usermem.HugePageSize
}
+ if opts.Map32Bit {
+ return mm.findLowestAvailableLocked(length, alignment, allowedAR)
+ }
if mm.layout.DefaultDirection == arch.MmapBottomUp {
return mm.findLowestAvailableLocked(length, alignment, usermem.AddrRange{mm.layout.BottomUpBase, mm.layout.MaxAddr})
}
diff --git a/pkg/sentry/syscalls/linux/sys_mmap.go b/pkg/sentry/syscalls/linux/sys_mmap.go
index 2c7d41de0..bfa23f6a8 100644
--- a/pkg/sentry/syscalls/linux/sys_mmap.go
+++ b/pkg/sentry/syscalls/linux/sys_mmap.go
@@ -45,6 +45,7 @@ func Mmap(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
private := flags&linux.MAP_PRIVATE != 0
shared := flags&linux.MAP_SHARED != 0
anon := flags&linux.MAP_ANONYMOUS != 0
+ map32bit := flags&linux.MAP_32BIT != 0
// Require exactly one of MAP_PRIVATE and MAP_SHARED.
if private == shared {
@@ -52,12 +53,13 @@ func Mmap(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
}
opts := memmap.MMapOpts{
- Length: args[1].Uint64(),
- Offset: args[5].Uint64(),
- Addr: args[0].Pointer(),
- Fixed: fixed,
- Unmap: fixed,
- Private: private,
+ Length: args[1].Uint64(),
+ Offset: args[5].Uint64(),
+ Addr: args[0].Pointer(),
+ Fixed: fixed,
+ Unmap: fixed,
+ Map32Bit: map32bit,
+ Private: private,
Perms: usermem.AccessType{
Read: linux.PROT_READ&prot != 0,
Write: linux.PROT_WRITE&prot != 0,