RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 15:57:45 +00:00
Code Issues Activity Actions

Kernel: Mark mmap()-created regions with a special bit

Browse source 
Then only allow regions with that bit to be manipulated via munmap()
and mprotect(). This prevents messing with non-mmap()ed regions in
a process's address space (stacks, shared buffers, ...)
This commit is contained in:
Andreas Kling 2019-11-24 12:24:16 +01:00
parent 35c26a06fc
commit 3dc87be891
2 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Kernel/Process.cpp
View file

@ -188,6 +188,8 @@ int Process::sys$set_mmap_name(void* addr, size_t size, const char* name)
auto* region = region_from_range({ VirtualAddress((u32)addr), size }); auto* region = region_from_range({ VirtualAddress((u32)addr), size });
if (!region) if (!region)
return -EINVAL; return -EINVAL;
if (!region->is_mmap())
return -EPERM;
region->set_name(String(name)); region->set_name(String(name));
return 0; return 0;
} }
@ -225,6 +227,7 @@ void* Process::sys$mmap(const Syscall::SC_mmap_params* params)
region->set_shared(true); region->set_shared(true);
if (flags & MAP_STACK) if (flags & MAP_STACK)
region->set_stack(true); region->set_stack(true);
region->set_mmap(true);
return region->vaddr().as_ptr(); return region->vaddr().as_ptr();
} }
if (offset & ~PAGE_MASK) if (offset & ~PAGE_MASK)
@ -240,6 +243,7 @@ void* Process::sys$mmap(const Syscall::SC_mmap_params* params)
region->set_shared(true); region->set_shared(true);
if (name) if (name)
region->set_name(name); region->set_name(name);
region->set_mmap(true);
return region->vaddr().as_ptr(); return region->vaddr().as_ptr();
} }
@ -247,12 +251,16 @@ int Process::sys$munmap(void* addr, size_t size)
{ {
Range range_to_unmap { VirtualAddress((u32)addr), size }; Range range_to_unmap { VirtualAddress((u32)addr), size };
if (auto* whole_region = region_from_range(range_to_unmap)) { if (auto* whole_region = region_from_range(range_to_unmap)) {
if (!whole_region->is_mmap())
return -EPERM;
bool success = deallocate_region(*whole_region); bool success = deallocate_region(*whole_region);
ASSERT(success); ASSERT(success);
return 0; return 0;
} }
if (auto* old_region = region_containing(range_to_unmap)) { if (auto* old_region = region_containing(range_to_unmap)) {
if (!old_region->is_mmap())
return -EPERM;
Range old_region_range = old_region->range(); Range old_region_range = old_region->range();
auto remaining_ranges_after_unmap = old_region_range.carve(range_to_unmap); auto remaining_ranges_after_unmap = old_region_range.carve(range_to_unmap);
ASSERT(!remaining_ranges_after_unmap.is_empty()); ASSERT(!remaining_ranges_after_unmap.is_empty());
@ -291,6 +299,8 @@ int Process::sys$mprotect(void* addr, size_t size, int prot)
auto* region = region_from_range({ VirtualAddress((u32)addr), size }); auto* region = region_from_range({ VirtualAddress((u32)addr), size });
if (!region) if (!region)
return -EINVAL; return -EINVAL;
if (!region->is_mmap())
return -EPERM;
region->set_writable(prot & PROT_WRITE); region->set_writable(prot & PROT_WRITE);
region->remap(); region->remap();
return 0; return 0;

4
Kernel/VM/Region.h
View file

@ -53,6 +53,9 @@ public:
bool is_stack() const { return m_stack; } bool is_stack() const { return m_stack; }
void set_stack(bool stack) { m_stack = stack; } void set_stack(bool stack) { m_stack = stack; }
bool is_mmap() const { return m_mmap; }
void set_mmap(bool mmap) { m_mmap = mmap; }
bool is_user_accessible() const { return m_user_accessible; } bool is_user_accessible() const { return m_user_accessible; }
PageFaultResponse handle_fault(const PageFault&); PageFaultResponse handle_fault(const PageFault&);
@ -145,5 +148,6 @@ private:
bool m_shared { false }; bool m_shared { false };
bool m_user_accessible { false }; bool m_user_accessible { false };
bool m_stack { false }; bool m_stack { false };
bool m_mmap { false };
mutable OwnPtr<Bitmap> m_cow_map; mutable OwnPtr<Bitmap> m_cow_map;
}; };