mirror of
https://github.com/SerenityOS/serenity
synced 2024-10-07 00:19:27 +00:00
Kernel+Userland: Convert process syscall region enforce flag to SetOnce
This flag is set only once, and should never reset once it has been set, making it an ideal SetOnce use-case. It also simplifies the expected conditions for the enabling prctl call, as we don't expect a boolean flag, but rather the specific prctl option will always set (enable) Process' AddressSpace syscall region enforcing.
This commit is contained in:
parent
2cb86c1309
commit
e756567341
|
@ -8,6 +8,7 @@
|
|||
#pragma once
|
||||
|
||||
#include <AK/RedBlackTree.h>
|
||||
#include <AK/SetOnce.h>
|
||||
#include <AK/Vector.h>
|
||||
#include <Kernel/Arch/PageDirectory.h>
|
||||
#include <Kernel/Library/LockWeakPtr.h>
|
||||
|
@ -48,8 +49,8 @@ public:
|
|||
|
||||
ErrorOr<Vector<Region*, 4>> find_regions_intersecting(VirtualRange const&);
|
||||
|
||||
bool enforces_syscall_regions() const { return m_enforces_syscall_regions; }
|
||||
void set_enforces_syscall_regions(bool b) { m_enforces_syscall_regions = b; }
|
||||
bool enforces_syscall_regions() const { return m_enforces_syscall_regions.was_set(); }
|
||||
void set_enforces_syscall_regions() { m_enforces_syscall_regions.set(); }
|
||||
|
||||
void remove_all_regions(Badge<Process>);
|
||||
|
||||
|
@ -68,7 +69,7 @@ private:
|
|||
|
||||
RegionTree m_region_tree;
|
||||
|
||||
bool m_enforces_syscall_regions { false };
|
||||
SetOnce m_enforces_syscall_regions;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -164,7 +164,8 @@ ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)
|
|||
|
||||
TRY(address_space().with([&](auto& parent_space) {
|
||||
return child->address_space().with([&](auto& child_space) -> ErrorOr<void> {
|
||||
child_space->set_enforces_syscall_regions(parent_space->enforces_syscall_regions());
|
||||
if (parent_space->enforces_syscall_regions())
|
||||
child_space->set_enforces_syscall_regions();
|
||||
for (auto& region : parent_space->region_tree().regions()) {
|
||||
dbgln_if(FORK_DEBUG, "fork: cloning Region '{}' @ {}", region.name(), region.vaddr());
|
||||
auto region_clone = TRY(region.try_clone());
|
||||
|
|
|
@ -26,14 +26,10 @@ ErrorOr<FlatPtr> Process::sys$prctl(int option, FlatPtr arg1, FlatPtr arg2, Flat
|
|||
return space->enforces_syscall_regions();
|
||||
});
|
||||
case PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS: {
|
||||
if (arg1 != 0 && arg1 != 1)
|
||||
if (arg1 != 0)
|
||||
return EINVAL;
|
||||
bool prohibit_new_annotated_syscall_regions = (arg1 == 1);
|
||||
return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
|
||||
if (space->enforces_syscall_regions() && !prohibit_new_annotated_syscall_regions)
|
||||
return EPERM;
|
||||
|
||||
space->set_enforces_syscall_regions(prohibit_new_annotated_syscall_regions);
|
||||
space->set_enforces_syscall_regions();
|
||||
return 0;
|
||||
});
|
||||
return 0;
|
||||
|
|
|
@ -739,7 +739,7 @@ Examples of static-pie ELF objects are ELF packers, and the system dynamic loade
|
|||
entry_point = entry_point.offset(main_executable_loader->base_address().get());
|
||||
auto entry_point_function = reinterpret_cast<EntryPointFunction>(entry_point.as_ptr());
|
||||
|
||||
int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 1, 0, nullptr);
|
||||
int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 0, 0, nullptr);
|
||||
if (rc < 0) {
|
||||
VERIFY_NOT_REACHED();
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue