From 8e926e3f74cef3d04b37c6a68ba5de966e9d9839 Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Mon, 3 Jun 2019 10:58:38 -0700 Subject: gvisor: validate a new map region in the mremap syscall Right now, mremap allows to remap a memory region over MaxUserAddress, this means that we can change the stub region. PiperOrigin-RevId: 251266886 --- pkg/sentry/mm/syscalls.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/sentry/mm/syscalls.go b/pkg/sentry/mm/syscalls.go index 0368c6794..af1e53f5d 100644 --- a/pkg/sentry/mm/syscalls.go +++ b/pkg/sentry/mm/syscalls.go @@ -470,6 +470,16 @@ func (mm *MemoryManager) MRemap(ctx context.Context, oldAddr usermem.Addr, oldSi return 0, syserror.EINVAL } + // Check that the new region is valid. + _, err := mm.findAvailableLocked(newSize, findAvailableOpts{ + Addr: newAddr, + Fixed: true, + Unmap: true, + }) + if err != nil { + return 0, err + } + // Unmap any mappings at the destination. mm.unmapLocked(ctx, newAR) -- cgit v1.2.3