RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 09:48:11 +00:00
Code Issues Activity Actions

Kernel: Add a way to specify which memory regions can make syscalls

Browse source 
This patch adds sys$msyscall() which is loosely based on an OpenBSD
mechanism for preventing syscalls from non-blessed memory regions.

It works similarly to pledge and unveil, you can call it as many
times as you like, and when you're finished, you call it with a null
pointer and it will stop accepting new regions from then on.

If a syscall later happens and doesn't originate from one of the
previously blessed regions, the kernel will simply crash the process.
This commit is contained in:
Andreas Kling 2021-02-02 19:56:11 +01:00
parent d57b4128a1
commit 823186031d
10 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Kernel/FileSystem/ProcFS.cpp
View file

@ -327,6 +327,7 @@ static bool procfs$pid_vm(InodeIdentifier identifier, KBufferBuilder& builder)
region_object.add("executable", region.is_executable());
region_object.add("stack", region.is_stack());
region_object.add("shared", region.is_shared());
region_object.add("syscall", region.is_syscall_region());
region_object.add("user_accessible", region.is_user_accessible());
region_object.add("purgeable", region.vmobject().is_anonymous());
if (region.vmobject().is_anonymous()) {