RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 12:38:12 +00:00
Code Issues Activity Actions

Kernel: Add .unmap_after_init section for code we don't need after init

Browse source 
You can now declare functions with UNMAP_AFTER_INIT and they'll get
segregated into a separate kernel section that gets completely
unmapped at the end of initialization.

This can be used for anything we don't need to call once we've booted
into userspace.

There are two nice things about this mechanism:

- It allows us to free up entire pages of memory for other use.
  (Note that this patch does not actually make use of the freed
  pages yet, but in the future we totally could!)

- It allows us to get rid of obviously dangerous gadgets like
  write-to-CR0 and write-to-CR4 which are very useful for an attacker
  trying to disable SMAP/SMEP/etc.

I've also made sure to include a helpful panic message in case you
hit a kernel crash because of this protection. :^)
This commit is contained in:
Andreas Kling 2021-02-19 18:21:54 +01:00
parent da100f12a6
commit 6136faa4eb
6 changed files with 40 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
Kernel/VM/MemoryManager.cpp
View file

@ -48,6 +48,8 @@ extern FlatPtr start_of_kernel_data;
extern FlatPtr end_of_kernel_bss;
extern FlatPtr start_of_ro_after_init;
extern FlatPtr end_of_ro_after_init;
extern FlatPtr start_of_unmap_after_init;
extern FlatPtr end_of_unmap_after_init;
extern multiboot_module_entry_t multiboot_copy_boot_modules_array[16];
extern size_t multiboot_copy_boot_modules_count;
@ -135,6 +137,24 @@ void MemoryManager::protect_readonly_after_init_memory()
}
}
void MemoryManager::unmap_memory_after_init()
{
ScopedSpinLock mm_lock(s_mm_lock);
ScopedSpinLock page_lock(kernel_page_directory().get_lock());
auto start = page_round_down((FlatPtr)&start_of_unmap_after_init);
auto end = page_round_up((FlatPtr)&end_of_unmap_after_init);
// Unmap the entire .unmap_after_init section
for (auto i = start; i < end; i += PAGE_SIZE) {
auto& pte = *ensure_pte(kernel_page_directory(), VirtualAddress(i));
pte.clear();
flush_tlb(&kernel_page_directory(), VirtualAddress(i));
}
dmesgln("Unmapped {} KiB of kernel text after init! :^)", (end - start) / KiB);
}
void MemoryManager::register_reserved_ranges()
{
ASSERT(!m_physical_memory_ranges.is_empty());