Kernel: Don't allow mmap()/mprotect() to set up PROT_WRITE|PROT_EXEC

..but also allow mprotect() to set PROT_EXEC on a region, something we were just ignoring before.
author: Andreas Kling <awesomekling@gmail.com> 2019-12-25 11:54:16 +0100
committer: Andreas Kling <awesomekling@gmail.com> 2019-12-25 13:35:57 +0100
commit: 419e0ced27c283ef053fb5186357a26ef2436dd9 (patch)
tree: 9dda5ffef63f12c3a03e15c606d6a6a0a1d9fceb /Kernel/Process.cpp
parent: 33efeaf71a88ff1661a13be3c1227701d8405ab6 (diff)
download: serenity-419e0ced27c283ef053fb5186357a26ef2436dd9.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index ba296948aa..956bc0df6a 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -235,6 +235,9 @@ void* Process::sys$mmap(const Syscall::SC_mmap_params* params)
     if ((flags & MAP_SHARED) && (flags & MAP_PRIVATE))
         return (void*)-EINVAL;
 
+    if ((prot & PROT_WRITE) && (prot & PROT_EXEC))
+        return (void*)-EINVAL;
+
     // EINVAL: MAP_STACK cannot be used with shared or file-backed mappings
     if ((flags & MAP_STACK) && ((flags & MAP_SHARED) || !(flags & MAP_PRIVATE) || !(flags & MAP_ANONYMOUS)))
         return (void*)-EINVAL;
@@ -338,8 +341,11 @@ int Process::sys$mprotect(void* addr, size_t size, int prot)
         return -EINVAL;
     if (!region->is_mmap())
         return -EPERM;
+    if ((prot & PROT_WRITE) && (prot & PROT_EXEC))
+        return -EINVAL;
     region->set_readable(prot & PROT_READ);
     region->set_writable(prot & PROT_WRITE);
+    region->set_executable(prot & PROT_EXEC);
     region->remap();
     return 0;
 }
author	Andreas Kling <awesomekling@gmail.com>	2019-12-25 11:54:16 +0100
committer	Andreas Kling <awesomekling@gmail.com>	2019-12-25 13:35:57 +0100
commit	419e0ced27c283ef053fb5186357a26ef2436dd9 (patch)
tree	9dda5ffef63f12c3a03e15c606d6a6a0a1d9fceb /Kernel/Process.cpp
parent	33efeaf71a88ff1661a13be3c1227701d8405ab6 (diff)
download	serenity-419e0ced27c283ef053fb5186357a26ef2436dd9.zip