From 99d595869332f817de8f570fae184658c513a43c Mon Sep 17 00:00:00 2001
From: Michael Pratt <mpratt@google.com>
Date: Mon, 10 Dec 2018 12:36:27 -0800
Subject: Validate FS_BASE in Task.Clone

arch_prctl already verified that the new FS_BASE was canonical, but
Task.Clone did not. Centralize these checks in the arch packages.

Failure to validate could cause an error in PTRACE_SET_REGS when we try
to switch to the app.

PiperOrigin-RevId: 224862398
Change-Id: Iefe63b3f9aa6c4810326b8936e501be3ec407f14
---
 pkg/sentry/arch/arch.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'pkg/sentry/arch/arch.go')

diff --git a/pkg/sentry/arch/arch.go b/pkg/sentry/arch/arch.go
index 575b7ba66..4cd7a9af5 100644
--- a/pkg/sentry/arch/arch.go
+++ b/pkg/sentry/arch/arch.go
@@ -115,6 +115,12 @@ type Context interface {
 	// SetStack sets the current stack pointer.
 	SetStack(value uintptr)
 
+	// TLS returns the current TLS pointer.
+	TLS() uintptr
+
+	// SetTLS sets the current TLS pointer. Returns false if value is invalid.
+	SetTLS(value uintptr) bool
+
 	// SetRSEQInterruptedIP sets the register that contains the old IP when a
 	// restartable sequence is interrupted.
 	SetRSEQInterruptedIP(value uintptr)
-- 
cgit v1.2.3