Kernel: Add mechanism to make some memory read-only after init finishes

You can now use the READONLY_AFTER_INIT macro when declaring a variable and we will put it in a special ".ro_after_init" section in the kernel. Data in that section remains writable during the boot and init process, and is then marked read-only just before launching the SystemServer. This is based on an idea from the Linux kernel. :^)
2025-10-31 16:22:43 +00:00 · 2021-02-14 17:35:07 +01:00 · 2021-02-14 17:35:07 +01:00 · d8013c60bb
commit d8013c60bb
parent 917f7d668c
5 changed files with 28 additions and 0 deletions
--- a/Kernel/VM/MemoryManager.cpp
+++ b/Kernel/VM/MemoryManager.cpp
@ -46,6 +46,8 @@ extern u8* end_of_kernel_image;
 extern FlatPtr start_of_kernel_text;
 extern FlatPtr start_of_kernel_data;
 extern FlatPtr end_of_kernel_bss;
+extern FlatPtr start_of_ro_after_init;
+extern FlatPtr end_of_ro_after_init;

 extern multiboot_module_entry_t multiboot_copy_boot_modules_array[16];
 extern size_t multiboot_copy_boot_modules_count;
@ -121,6 +123,18 @@ void MemoryManager::protect_kernel_image()
    }
 }

+void MemoryManager::protect_readonly_after_init_memory()
+{
+    ScopedSpinLock mm_lock(s_mm_lock);
+    ScopedSpinLock page_lock(kernel_page_directory().get_lock());
+    // Disable writing to the .ro_after_init section
+    for (auto i = (FlatPtr)&start_of_ro_after_init; i < (FlatPtr)&end_of_ro_after_init; i += PAGE_SIZE) {
+        auto& pte = *ensure_pte(kernel_page_directory(), VirtualAddress(i));
+        pte.set_writable(false);
+        flush_tlb(&kernel_page_directory(), VirtualAddress(i));
+    }
+}
+
 void MemoryManager::register_reserved_ranges()
 {
    ASSERT(!m_physical_memory_ranges.is_empty());