RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 03:37:45 +00:00
Code Issues Activity Actions

Kernel: Add a way to specify which memory regions can make syscalls

Browse source 
This patch adds sys$msyscall() which is loosely based on an OpenBSD
mechanism for preventing syscalls from non-blessed memory regions.

It works similarly to pledge and unveil, you can call it as many
times as you like, and when you're finished, you call it with a null
pointer and it will stop accepting new regions from then on.

If a syscall later happens and doesn't originate from one of the
previously blessed regions, the kernel will simply crash the process.
This commit is contained in:
Andreas Kling 2021-02-02 19:56:11 +01:00
parent d57b4128a1
commit 823186031d
10 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Kernel/VM/Region.h
View file

@ -247,6 +247,9 @@ public:
RefPtr<Process> get_owner();
bool is_syscall_region() const { return m_syscall_region; }
void set_syscall_region(bool b) { m_syscall_region = b; }
private:
bool do_remap_vmobject_page_range(size_t page_index, size_t page_count);
@ -282,6 +285,7 @@ private:
bool m_stack : 1 { false };
bool m_mmap : 1 { false };
bool m_kernel : 1 { false };
bool m_syscall_region : 1 { false };
WeakPtr<Process> m_owner;
};