Kernel: Set NX bit for virtual addresses 0-1MB and 2-8MB

This removes the ability to jump into kmalloc memory, etc. Only the kernel image itself is allowed to exec, located between 1-2MB.
author: Andreas Kling <awesomekling@gmail.com> 2019-12-25 22:23:10 +0100
committer: Andreas Kling <awesomekling@gmail.com> 2019-12-25 22:24:28 +0100
commit: 0b7a2e0a5a6875f6e44d0ac0b0dc5e5d27205f86 (patch)
tree: 7a1daa88fc0263c7ceb76a5c4aa536b815227179 /Kernel
parent: d3b40547f729f495f061a910d4c62c5f49f1d8b4 (diff)
download: serenity-0b7a2e0a5a6875f6e44d0ac0b0dc5e5d27205f86.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/Kernel/VM/MemoryManager.cpp b/Kernel/VM/MemoryManager.cpp
index 42c33ae181..2a34ca1370 100644
--- a/Kernel/VM/MemoryManager.cpp
+++ b/Kernel/VM/MemoryManager.cpp
@@ -56,6 +56,14 @@ void MemoryManager::initialize_paging()
     // Every process shares these mappings.
     create_identity_mapping(kernel_page_directory(), VirtualAddress(PAGE_SIZE), (8 * MB) - PAGE_SIZE);
 
+    // Disable execution from 0MB through 1MB (BIOS data, legacy things, ...)
+    for (size_t i = 0; i < (1 * MB); ++i)
+        ensure_pte(kernel_page_directory(), VirtualAddress(i)).set_execute_disabled(true);
+
+    // Disable execution from 2MB through 8MB (kmalloc, kmalloc_eternal, slabs, page tables, ...)
+    for (size_t i = 1; i < 4; ++i)
+        kernel_page_directory().table().directory(0)[i].set_execute_disabled(true);
+
     // FIXME: We should move everything kernel-related above the 0xc0000000 virtual mark.
 
     // Basic physical memory map:
author	Andreas Kling <awesomekling@gmail.com>	2019-12-25 22:23:10 +0100
committer	Andreas Kling <awesomekling@gmail.com>	2019-12-25 22:24:28 +0100
commit	0b7a2e0a5a6875f6e44d0ac0b0dc5e5d27205f86 (patch)
tree	7a1daa88fc0263c7ceb76a5c4aa536b815227179 /Kernel
parent	d3b40547f729f495f061a910d4c62c5f49f1d8b4 (diff)
download	serenity-0b7a2e0a5a6875f6e44d0ac0b0dc5e5d27205f86.zip