mirror of
https://github.com/SerenityOS/serenity
synced 2024-10-15 20:33:10 +00:00
Kernel+Userland: Convert process syscall region enforce flag to SetOnce
This flag is set only once, and should never reset once it has been set, making it an ideal SetOnce use-case. It also simplifies the expected conditions for the enabling prctl call, as we don't expect a boolean flag, but rather the specific prctl option will always set (enable) Process' AddressSpace syscall region enforcing.
This commit is contained in:
parent
2cb86c1309
commit
e756567341
|
@ -8,6 +8,7 @@
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#include <AK/RedBlackTree.h>
|
#include <AK/RedBlackTree.h>
|
||||||
|
#include <AK/SetOnce.h>
|
||||||
#include <AK/Vector.h>
|
#include <AK/Vector.h>
|
||||||
#include <Kernel/Arch/PageDirectory.h>
|
#include <Kernel/Arch/PageDirectory.h>
|
||||||
#include <Kernel/Library/LockWeakPtr.h>
|
#include <Kernel/Library/LockWeakPtr.h>
|
||||||
|
@ -48,8 +49,8 @@ public:
|
||||||
|
|
||||||
ErrorOr<Vector<Region*, 4>> find_regions_intersecting(VirtualRange const&);
|
ErrorOr<Vector<Region*, 4>> find_regions_intersecting(VirtualRange const&);
|
||||||
|
|
||||||
bool enforces_syscall_regions() const { return m_enforces_syscall_regions; }
|
bool enforces_syscall_regions() const { return m_enforces_syscall_regions.was_set(); }
|
||||||
void set_enforces_syscall_regions(bool b) { m_enforces_syscall_regions = b; }
|
void set_enforces_syscall_regions() { m_enforces_syscall_regions.set(); }
|
||||||
|
|
||||||
void remove_all_regions(Badge<Process>);
|
void remove_all_regions(Badge<Process>);
|
||||||
|
|
||||||
|
@ -68,7 +69,7 @@ private:
|
||||||
|
|
||||||
RegionTree m_region_tree;
|
RegionTree m_region_tree;
|
||||||
|
|
||||||
bool m_enforces_syscall_regions { false };
|
SetOnce m_enforces_syscall_regions;
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -164,7 +164,8 @@ ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)
|
||||||
|
|
||||||
TRY(address_space().with([&](auto& parent_space) {
|
TRY(address_space().with([&](auto& parent_space) {
|
||||||
return child->address_space().with([&](auto& child_space) -> ErrorOr<void> {
|
return child->address_space().with([&](auto& child_space) -> ErrorOr<void> {
|
||||||
child_space->set_enforces_syscall_regions(parent_space->enforces_syscall_regions());
|
if (parent_space->enforces_syscall_regions())
|
||||||
|
child_space->set_enforces_syscall_regions();
|
||||||
for (auto& region : parent_space->region_tree().regions()) {
|
for (auto& region : parent_space->region_tree().regions()) {
|
||||||
dbgln_if(FORK_DEBUG, "fork: cloning Region '{}' @ {}", region.name(), region.vaddr());
|
dbgln_if(FORK_DEBUG, "fork: cloning Region '{}' @ {}", region.name(), region.vaddr());
|
||||||
auto region_clone = TRY(region.try_clone());
|
auto region_clone = TRY(region.try_clone());
|
||||||
|
|
|
@ -26,14 +26,10 @@ ErrorOr<FlatPtr> Process::sys$prctl(int option, FlatPtr arg1, FlatPtr arg2, Flat
|
||||||
return space->enforces_syscall_regions();
|
return space->enforces_syscall_regions();
|
||||||
});
|
});
|
||||||
case PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS: {
|
case PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS: {
|
||||||
if (arg1 != 0 && arg1 != 1)
|
if (arg1 != 0)
|
||||||
return EINVAL;
|
return EINVAL;
|
||||||
bool prohibit_new_annotated_syscall_regions = (arg1 == 1);
|
|
||||||
return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
|
return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
|
||||||
if (space->enforces_syscall_regions() && !prohibit_new_annotated_syscall_regions)
|
space->set_enforces_syscall_regions();
|
||||||
return EPERM;
|
|
||||||
|
|
||||||
space->set_enforces_syscall_regions(prohibit_new_annotated_syscall_regions);
|
|
||||||
return 0;
|
return 0;
|
||||||
});
|
});
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -739,7 +739,7 @@ Examples of static-pie ELF objects are ELF packers, and the system dynamic loade
|
||||||
entry_point = entry_point.offset(main_executable_loader->base_address().get());
|
entry_point = entry_point.offset(main_executable_loader->base_address().get());
|
||||||
auto entry_point_function = reinterpret_cast<EntryPointFunction>(entry_point.as_ptr());
|
auto entry_point_function = reinterpret_cast<EntryPointFunction>(entry_point.as_ptr());
|
||||||
|
|
||||||
int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 1, 0, nullptr);
|
int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 0, 0, nullptr);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
VERIFY_NOT_REACHED();
|
VERIFY_NOT_REACHED();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue