Kernel+Userland: Convert process syscall region enforce flag to SetOnce

This flag is set only once, and should never reset once it has been set, making it an ideal SetOnce use-case. It also simplifies the expected conditions for the enabling prctl call, as we don't expect a boolean flag, but rather the specific prctl option will always set (enable) Process' AddressSpace syscall region enforcing.
2024-07-09 11:00:46 +00:00 · 2024-05-03 13:45:37 +03:00 · 2024-05-03 13:45:37 +03:00 · e756567341
commit e756567341
parent 2cb86c1309
4 changed files with 9 additions and 11 deletions
--- a/Kernel/Memory/AddressSpace.h
+++ b/Kernel/Memory/AddressSpace.h
@ -8,6 +8,7 @@
 #pragma once

 #include <AK/RedBlackTree.h>
+#include <AK/SetOnce.h>
 #include <AK/Vector.h>
 #include <Kernel/Arch/PageDirectory.h>
 #include <Kernel/Library/LockWeakPtr.h>
@ -48,8 +49,8 @@ public:

    ErrorOr<Vector<Region*, 4>> find_regions_intersecting(VirtualRange const&);

-    bool enforces_syscall_regions() const { return m_enforces_syscall_regions; }
-    void set_enforces_syscall_regions(bool b) { m_enforces_syscall_regions = b; }
+    bool enforces_syscall_regions() const { return m_enforces_syscall_regions.was_set(); }
+    void set_enforces_syscall_regions() { m_enforces_syscall_regions.set(); }

    void remove_all_regions(Badge<Process>);

@ -68,7 +69,7 @@ private:

    RegionTree m_region_tree;

-    bool m_enforces_syscall_regions { false };
+    SetOnce m_enforces_syscall_regions;
 };

 }
--- a/Kernel/Syscalls/fork.cpp
+++ b/Kernel/Syscalls/fork.cpp
@ -164,7 +164,8 @@ ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)

    TRY(address_space().with([&](auto& parent_space) {
        return child->address_space().with([&](auto& child_space) -> ErrorOr<void> {
-            child_space->set_enforces_syscall_regions(parent_space->enforces_syscall_regions());
+            if (parent_space->enforces_syscall_regions())
+                child_space->set_enforces_syscall_regions();
            for (auto& region : parent_space->region_tree().regions()) {
                dbgln_if(FORK_DEBUG, "fork: cloning Region '{}' @ {}", region.name(), region.vaddr());
                auto region_clone = TRY(region.try_clone());
--- a/Kernel/Syscalls/prctl.cpp
+++ b/Kernel/Syscalls/prctl.cpp
@ -26,14 +26,10 @@ ErrorOr<FlatPtr> Process::sys$prctl(int option, FlatPtr arg1, FlatPtr arg2, Flat
                return space->enforces_syscall_regions();
            });
        case PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS: {
-            if (arg1 != 0 && arg1 != 1)
+            if (arg1 != 0)
                return EINVAL;
-            bool prohibit_new_annotated_syscall_regions = (arg1 == 1);
            return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
-                if (space->enforces_syscall_regions() && !prohibit_new_annotated_syscall_regions)
-                    return EPERM;
-
-                space->set_enforces_syscall_regions(prohibit_new_annotated_syscall_regions);
+                space->set_enforces_syscall_regions();
                return 0;
            });
            return 0;
--- a/Userland/Libraries/LibELF/DynamicLinker.cpp
+++ b/Userland/Libraries/LibELF/DynamicLinker.cpp
@ -739,7 +739,7 @@ Examples of static-pie ELF objects are ELF packers, and the system dynamic loade
        entry_point = entry_point.offset(main_executable_loader->base_address().get());
    auto entry_point_function = reinterpret_cast<EntryPointFunction>(entry_point.as_ptr());

-    int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 1, 0, nullptr);
+    int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 0, 0, nullptr);
    if (rc < 0) {
        VERIFY_NOT_REACHED();
    }