[haiku-bugs] Re: [Haiku] #14911: [VM] Block userland from mmap'ing the first page (NULL to B_PAGE_SIZE)

  • From: "Haiku" <trac@xxxxxxxxxxxx>
  • To: undisclosed-recipients: ;
  • Date: Wed, 20 Feb 2019 15:56:28 -0000

#14911: [VM] Block userland from mmap'ing the first page (NULL to B_PAGE_SIZE)
-----------------------------+----------------------------
   Reporter:  waddlesplash   |      Owner:  waddlesplash
       Type:  bug            |     Status:  assigned
   Priority:  normal         |  Milestone:  Unscheduled
  Component:  System/Kernel  |    Version:  R1/Development
 Resolution:                 |   Keywords:
 Blocked By:                 |   Blocking:
Has a Patch:  0              |   Platform:  All
-----------------------------+----------------------------

Comment (by waddlesplash):

 Added a test program (reported at
 https://twitter.com/jensensec/status/1097713585495728128) showing that 0x0
 can be mapped.

 Looks like the problem is here:
 
http://xref.plausible.coop/source/xref/haiku/src/system/kernel/vm/VMUserAddressSpace.cpp#765
 -- other functions in that file obey USER_BASE_ANY, this one ignores it.

 Actually this looks like it was previously intentional:
 
http://xref.plausible.coop/source/xref/haiku/headers/private/kernel/arch/x86/arch_kernel.h#83
 ("Furthermore no areas are placed in the lower 1Mb unless the application
 explicitly requests it to find null pointer references.")

 So, we would have to update USER_BASE to get the wanted behavior. I think
 Linux et al. do the same, so, that shouldn't be an issue, I guess?

-- 
Ticket URL: <https://dev.haiku-os.org/ticket/14911#comment:4>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.

Other related posts: