From 4d585cdb825d23743f1d677ee0a904a16724eef9 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 25 Dec 2021 19:55:52 +0100
Subject: [PATCH] Kernel: Set NX bit on expanded kmalloc memory mappings if
 supported

We never want to execute kmalloc memory.
---
 Kernel/Heap/kmalloc.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Kernel/Heap/kmalloc.cpp b/Kernel/Heap/kmalloc.cpp
index 4c4e8946d8..b6e2ff1737 100644
--- a/Kernel/Heap/kmalloc.cpp
+++ b/Kernel/Heap/kmalloc.cpp
@@ -127,6 +127,8 @@ struct KmallocGlobalData {
 
         expansion_data->next_virtual_address = expansion_data->next_virtual_address.offset(new_subheap_size);
 
+        auto cpu_supports_nx = Processor::current().has_feature(CPUFeature::NX);
+
         SpinlockLocker mm_locker(Memory::s_mm_lock);
         SpinlockLocker pd_locker(MM.kernel_page_directory().get_lock());
 
@@ -146,6 +148,8 @@ struct KmallocGlobalData {
             pte->set_global(true);
             pte->set_user_allowed(false);
             pte->set_writable(true);
+            if (cpu_supports_nx)
+                pte->set_execute_disabled(true);
             pte->set_present(true);
         }