RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 17:32:44 +00:00
Code Issues Activity Actions

Kernel+Userland: Refine preventing syscall annotations of Regions option

Browse source 
Instead of using a special case of the annotate_mapping syscall, let's
introduce a new prctl option to disallow further annotations of Regions
as new syscall Region(s).
This commit is contained in:
Liav A 2023-01-20 00:37:14 +02:00 committed by Linus Groh
parent 08de5abc6d
commit b27f88f61d
4 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/API/prctl_numbers.h
View file

@ -8,3 +8,5 @@
#define PR_SET_DUMPABLE 1 #define PR_SET_DUMPABLE 1
#define PR_GET_DUMPABLE 2 #define PR_GET_DUMPABLE 2
#define PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS 3
#define PR_GET_NO_NEW_SYSCALL_REGION_ANNOTATIONS 4

8
Kernel/Syscalls/mmap.cpp
View file

@ -578,6 +578,9 @@ ErrorOr<FlatPtr> Process::sys$annotate_mapping(Userspace<void*> address, int fla
if (flags == to_underlying(VirtualMemoryRangeFlags::None)) if (flags == to_underlying(VirtualMemoryRangeFlags::None))
return EINVAL; return EINVAL;
if (!address)
return EINVAL;
if (!Memory::is_user_address(address.vaddr())) if (!Memory::is_user_address(address.vaddr()))
return EFAULT; return EFAULT;
@ -585,11 +588,6 @@ ErrorOr<FlatPtr> Process::sys$annotate_mapping(Userspace<void*> address, int fla
if (space->enforces_syscall_regions() && (flags & to_underlying(VirtualMemoryRangeFlags::SyscallCode))) if (space->enforces_syscall_regions() && (flags & to_underlying(VirtualMemoryRangeFlags::SyscallCode)))
return EPERM; return EPERM;
if (!address) {
space->set_enforces_syscall_regions(true);
return 0;
}
auto* region = space->find_region_containing(Memory::VirtualRange { address.vaddr(), 1 }); auto* region = space->find_region_containing(Memory::VirtualRange { address.vaddr(), 1 });
if (!region) if (!region)
return EINVAL; return EINVAL;

16
Kernel/Syscalls/prctl.cpp
View file

@ -21,6 +21,22 @@ ErrorOr<FlatPtr> Process::sys$prctl(int option, FlatPtr arg1, [[maybe_unused]] F
return EINVAL; return EINVAL;
protected_data.dumpable = arg1; protected_data.dumpable = arg1;
return 0; return 0;
case PR_GET_NO_NEW_SYSCALL_REGION_ANNOTATIONS:
return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
return space->enforces_syscall_regions();
});
case PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS:
if (arg1 != 0 && arg1 != 1)
return EINVAL;
bool prohibit_new_annotated_syscall_regions = (arg1 == 1);
return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
if (space->enforces_syscall_regions() && !prohibit_new_annotated_syscall_regions)
return EPERM;
space->set_enforces_syscall_regions(prohibit_new_annotated_syscall_regions);
return 0;
});
return 0;
} }
return EINVAL; return EINVAL;
}); });

3
Userland/Libraries/LibELF/DynamicLinker.cpp
View file

@ -17,6 +17,7 @@
#include <AK/ScopeGuard.h> #include <AK/ScopeGuard.h>
#include <AK/Vector.h> #include <AK/Vector.h>
#include <Kernel/API/VirtualMemoryAnnotations.h> #include <Kernel/API/VirtualMemoryAnnotations.h>
#include <Kernel/API/prctl_numbers.h>
#include <LibC/bits/pthread_integration.h> #include <LibC/bits/pthread_integration.h>
#include <LibC/link.h> #include <LibC/link.h>
#include <LibC/sys/mman.h> #include <LibC/sys/mman.h>
@ -677,7 +678,7 @@ void ELF::DynamicLinker::linker_main(DeprecatedString&& main_program_path, int m
s_loaders.clear(); s_loaders.clear();
int rc = syscall(SC_annotate_mapping, nullptr); int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 1, 0);
if (rc < 0) { if (rc < 0) {
VERIFY_NOT_REACHED(); VERIFY_NOT_REACHED();
} }