Kernel: Enforce W^X between sys$mmap() and sys$execve()

It's now an error to sys$mmap() a file as writable if it's currently
mapped executable by anyone else.

It's also an error to sys$execve() a file that's currently mapped
writable by anyone else.

This fixes a race condition vulnerability where one program could make
modifications to an executable while another process was in the kernel,
in the middle of exec'ing the same executable.

Test: Kernel/elf-execve-mmap-race.cpp

1 files changed, 20 insertions, 0 deletions

diff --git a/Kernel/VM/InodeVMObject.cpp b/Kernel/VM/InodeVMObject.cpp
index b994f84e0d..36a97b87bb 100644
--- a/Kernel/VM/InodeVMObject.cpp
+++ b/Kernel/VM/InodeVMObject.cpp
@@ -175,3 +175,23 @@ int InodeVMObject::release_all_clean_pages_impl()
     });
     return count;
 }
+
+u32 InodeVMObject::writable_mappings() const
+{
+    u32 count = 0;
+    const_cast<InodeVMObject&>(*this).for_each_region([&](auto& region) {
+        if (region.is_writable())
+            ++count;
+    });
+    return count;
+}
+
+u32 InodeVMObject::executable_mappings() const
+{
+    u32 count = 0;
+    const_cast<InodeVMObject&>(*this).for_each_region([&](auto& region) {
+        if (region.is_executable())
+            ++count;
+    });
+    return count;
+}