Check for bad address in syscalls

deislabs / mystikos

Tools and runtime for launching unmodified container images in Trusted Execution Environments

142 stars 49 forks source link

Check for bad address in syscalls #405

Open mikbras opened 3 years ago

mikbras commented 3 years ago

Ideally the Mystikos kernel may check for bad addresses passed from user space and raise an EFAULT error. Add a new myst_is_badd_addr function that checks whether the given address is mapped or not (using the mprotect vector). One problem with this approach is that it does not work for brk acquired memory.

paulcallen commented 3 years ago

This is a critical issue and is causing a number of tests to hang that pass invalid pointers to various syscalls. The hangs are because we are crashing while holding a lock, then another test is starting within the same instance of the kernel and then gets caught on the same lock that previously was not unlocked. All parameter pointers that are passed to syscalls need to be validated and need 2 alternatives:

Can kernel read from this pointer. Will also return false if myst_is_bad_addr() returns false
Can kernel write to this pointer. Again returning false if it is a bad address as well.

mingweishih commented 3 years ago

Reopen the issue. This requires generalizing the new myst_is_badd_addr check introduced by #683.