Kernel: Crash on memory access in non-readable regions

This patch makes it possible to make memory regions non-readable. This is enforced using the "present" bit in the page tables. A process that hits an not-present page fault in a non-readable region will be crashed.
2025-07-25 15:17:36 +00:00 · 2019-12-02 19:14:16 +01:00 · 2019-12-02 19:14:16 +01:00 · f41ae755ec
commit f41ae755ec
parent ddd5411472
5 changed files with 41 additions and 2 deletions
--- a/Userland/crash.cpp
+++ b/Userland/crash.cpp
@ -26,6 +26,8 @@ int main(int argc, char** argv)
        InvalidStackPointerOnSyscall,
        InvalidStackPointerOnPageFault,
        SyscallFromWritableMemory,
+        WriteToFreedMemoryStillCachedByMalloc,
+        ReadFromFreedMemoryStillCachedByMalloc,
    };
    Mode mode = SegmentationViolation;

@ -56,6 +58,10 @@ int main(int argc, char** argv)
        mode = InvalidStackPointerOnPageFault;
    else if (String(argv[1]) == "-S")
        mode = SyscallFromWritableMemory;
+    else if (String(argv[1]) == "-x")
+        mode = ReadFromFreedMemoryStillCachedByMalloc;
+    else if (String(argv[1]) == "-y")
+        mode = WriteToFreedMemoryStillCachedByMalloc;
    else
        print_usage_and_exit();

@ -161,6 +167,23 @@ int main(int argc, char** argv)
        ((void(*)())buffer)();
    }

+    if (mode == ReadFromFreedMemoryStillCachedByMalloc) {
+        auto* ptr = (u8*)malloc(1024);
+        free(ptr);
+        dbgprintf("ptr = %p\n", ptr);
+        volatile auto foo = *ptr;
+        (void)foo;
+        ASSERT_NOT_REACHED();
+    }
+
+    if (mode == WriteToFreedMemoryStillCachedByMalloc) {
+        auto* ptr = (u8*)malloc(1024);
+        free(ptr);
+        dbgprintf("ptr = %p\n", ptr);
+        *ptr = 'x';
+        ASSERT_NOT_REACHED();
+    }
+
    ASSERT_NOT_REACHED();
    return 0;
 }