diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/abi/linux/mm.go | 1 | ||||
-rw-r--r-- | pkg/sentry/memmap/memmap.go | 6 | ||||
-rw-r--r-- | pkg/sentry/mm/vma.go | 46 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_mmap.go | 14 |
4 files changed, 48 insertions, 19 deletions
diff --git a/pkg/abi/linux/mm.go b/pkg/abi/linux/mm.go index 2263653cc..b48e1d18a 100644 --- a/pkg/abi/linux/mm.go +++ b/pkg/abi/linux/mm.go @@ -31,6 +31,7 @@ const ( MAP_PRIVATE = 1 << 1 MAP_FIXED = 1 << 4 MAP_ANONYMOUS = 1 << 5 + MAP_32BIT = 1 << 6 // arch/x86/include/uapi/asm/mman.h MAP_GROWSDOWN = 1 << 8 MAP_DENYWRITE = 1 << 11 MAP_EXECUTABLE = 1 << 12 diff --git a/pkg/sentry/memmap/memmap.go b/pkg/sentry/memmap/memmap.go index 14fed55bc..72986cbb9 100644 --- a/pkg/sentry/memmap/memmap.go +++ b/pkg/sentry/memmap/memmap.go @@ -266,6 +266,12 @@ type MMapOpts struct { // be replaced. If Unmap is true, Fixed must be true. Unmap bool + // If Map32Bit is true, all addresses in the created mapping must fit in a + // 32-bit integer. (Note that the "end address" of the mapping, i.e. the + // address of the first byte *after* the mapping, need not fit in a 32-bit + // integer.) Map32Bit is ignored if Fixed is true. + Map32Bit bool + // Perms is the set of permissions to the applied to this mapping. Perms usermem.AccessType diff --git a/pkg/sentry/mm/vma.go b/pkg/sentry/mm/vma.go index 61aaa3195..b81e861f1 100644 --- a/pkg/sentry/mm/vma.go +++ b/pkg/sentry/mm/vma.go @@ -34,9 +34,10 @@ func (mm *MemoryManager) createVMALocked(ctx context.Context, opts memmap.MMapOp // Find a useable range. addr, err := mm.findAvailableLocked(opts.Length, findAvailableOpts{ - Addr: opts.Addr, - Fixed: opts.Fixed, - Unmap: opts.Unmap, + Addr: opts.Addr, + Fixed: opts.Fixed, + Unmap: opts.Unmap, + Map32Bit: opts.Map32Bit, }) if err != nil { return vmaIterator{}, usermem.AddrRange{}, err @@ -93,24 +94,40 @@ func (mm *MemoryManager) createVMALocked(ctx context.Context, opts memmap.MMapOp } type findAvailableOpts struct { - // Addr is a suggested address. Addr must be page-aligned. - Addr usermem.Addr - - // Fixed is true if only the suggested address is acceptable. - Fixed bool - - // Unmap is true if existing vmas and guard pages may exist in the returned - // range. - Unmap bool + // These fields are equivalent to those in memmap.MMapOpts, except that: + // + // - Addr must be page-aligned. + // + // - Unmap allows existing guard pages in the returned range. + + Addr usermem.Addr + Fixed bool + Unmap bool + Map32Bit bool } +// map32Start/End are the bounds to which MAP_32BIT mappings are constrained, +// and are equivalent to Linux's MAP32_BASE and MAP32_MAX respectively. +const ( + map32Start = 0x40000000 + map32End = 0x80000000 +) + // findAvailableLocked finds an allocatable range. // // Preconditions: mm.mappingMu must be locked. func (mm *MemoryManager) findAvailableLocked(length uint64, opts findAvailableOpts) (usermem.Addr, error) { + if opts.Fixed { + opts.Map32Bit = false + } + allowedAR := mm.applicationAddrRange() + if opts.Map32Bit { + allowedAR = allowedAR.Intersect(usermem.AddrRange{map32Start, map32End}) + } + // Does the provided suggestion work? if ar, ok := opts.Addr.ToRange(length); ok { - if mm.applicationAddrRange().IsSupersetOf(ar) { + if allowedAR.IsSupersetOf(ar) { if opts.Unmap { return ar.Start, nil } @@ -132,6 +149,9 @@ func (mm *MemoryManager) findAvailableLocked(length uint64, opts findAvailableOp alignment = usermem.HugePageSize } + if opts.Map32Bit { + return mm.findLowestAvailableLocked(length, alignment, allowedAR) + } if mm.layout.DefaultDirection == arch.MmapBottomUp { return mm.findLowestAvailableLocked(length, alignment, usermem.AddrRange{mm.layout.BottomUpBase, mm.layout.MaxAddr}) } diff --git a/pkg/sentry/syscalls/linux/sys_mmap.go b/pkg/sentry/syscalls/linux/sys_mmap.go index 2c7d41de0..bfa23f6a8 100644 --- a/pkg/sentry/syscalls/linux/sys_mmap.go +++ b/pkg/sentry/syscalls/linux/sys_mmap.go @@ -45,6 +45,7 @@ func Mmap(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC private := flags&linux.MAP_PRIVATE != 0 shared := flags&linux.MAP_SHARED != 0 anon := flags&linux.MAP_ANONYMOUS != 0 + map32bit := flags&linux.MAP_32BIT != 0 // Require exactly one of MAP_PRIVATE and MAP_SHARED. if private == shared { @@ -52,12 +53,13 @@ func Mmap(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC } opts := memmap.MMapOpts{ - Length: args[1].Uint64(), - Offset: args[5].Uint64(), - Addr: args[0].Pointer(), - Fixed: fixed, - Unmap: fixed, - Private: private, + Length: args[1].Uint64(), + Offset: args[5].Uint64(), + Addr: args[0].Pointer(), + Fixed: fixed, + Unmap: fixed, + Map32Bit: map32bit, + Private: private, Perms: usermem.AccessType{ Read: linux.PROT_READ&prot != 0, Write: linux.PROT_WRITE&prot != 0, |