Kernel: Use the CPU's NX bit to enforce PROT_EXEC on memory mappings

Now that we have PAE support, we can ask the CPU to crash processes for
trying to execute non-executable memory. This is pretty cool! :^)

2 files changed, 9 insertions, 0 deletions

diff --git a/Kernel/VM/MemoryManager.cpp b/Kernel/VM/MemoryManager.cpp
index a3e792d6cb..42c33ae181 100644
--- a/Kernel/VM/MemoryManager.cpp
+++ b/Kernel/VM/MemoryManager.cpp
@@ -167,6 +167,13 @@ void MemoryManager::initialize_paging()
         "orl $0x20, %eax\n"
         "mov %eax, %cr4\n");
 
+    // Turn on IA32_EFER.NXE
+    asm volatile(
+        "movl $0xc0000080, %ecx\n"
+        "rdmsr\n"
+        "orl $0x800, %eax\n"
+        "wrmsr\n");
+
     asm volatile("movl %%eax, %%cr3" ::"a"(kernel_page_directory().cr3()));
     asm volatile(
         "movl %%cr0, %%eax\n"
diff --git a/Kernel/VM/Region.cpp b/Kernel/VM/Region.cpp
index 225095f743..5db615661f 100644
--- a/Kernel/VM/Region.cpp
+++ b/Kernel/VM/Region.cpp
@@ -216,6 +216,7 @@ void Region::remap_page(size_t index)
         pte.set_writable(false);
     else
         pte.set_writable(is_writable());
+    pte.set_execute_disabled(!is_executable());
     pte.set_user_allowed(is_user_accessible());
     m_page_directory->flush(page_vaddr);
 #ifdef MM_DEBUG
@@ -264,6 +265,7 @@ void Region::map(PageDirectory& page_directory)
                 pte.set_writable(false);
             else
                 pte.set_writable(is_writable());
+            pte.set_execute_disabled(!is_executable());
         } else {
             pte.set_physical_page_base(0);
             pte.set_present(false);